Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe

Overview

General Information

Sample name:Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
Analysis ID:1528873
MD5:07b38f706695cb1f231f67f955744eb3
SHA1:b6060e8e74d3b38443d34d30993e6cfb08552272
SHA256:f45af8f50fd6e0ce6ccffb8aa16d0fe0b11d9db564c3d22a6789ed68ec36933f
Tags:exeuser-lowmal3
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Initial sample is a PE file and has a suspicious name
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe (PID: 7572 cmdline: "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe" MD5: 07B38F706695CB1F231F67F955744EB3)
    • powershell.exe (PID: 7776 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
    • 0x1448d:$a1: get_encryptedPassword
    • 0x14771:$a2: get_encryptedUsername
    • 0x14299:$a3: get_timePasswordChanged
    • 0x14394:$a4: get_passwordField
    • 0x144a3:$a5: set_encryptedPassword
    • 0x15b13:$a7: get_logins
    • 0x15a76:$a10: KeyLoggerEventArgs
    • 0x156e1:$a11: KeyLoggerEventArgsEventHandler
    00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
    • 0x19460:$x1: $%SMTPDV$
    • 0x17e3c:$x2: $#TheHashHere%&
    • 0x19408:$x3: %FTPDV$
    • 0x17ddc:$x4: $%TelegramDv$
    • 0x156e1:$x5: KeyLoggerEventArgs
    • 0x15a76:$x5: KeyLoggerEventArgs
    • 0x1942c:$m2: Clipboard Logs ID
    • 0x1966a:$m2: Screenshot Logs ID
    • 0x1977a:$m2: keystroke Logs ID
    • 0x19a54:$m3: SnakePW
    • 0x19642:$m4: \SnakeKeylogger\
    00000004.00000002.4121625420.00000000029A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 10 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x1468d:$a1: get_encryptedPassword
            • 0x14971:$a2: get_encryptedUsername
            • 0x14499:$a3: get_timePasswordChanged
            • 0x14594:$a4: get_passwordField
            • 0x146a3:$a5: set_encryptedPassword
            • 0x15d13:$a7: get_logins
            • 0x15c76:$a10: KeyLoggerEventArgs
            • 0x158e1:$a11: KeyLoggerEventArgsEventHandler
            4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1c04e:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x1b280:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x1b6b3:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1c6f2:$a5: \Kometa\User Data\Default\Login Data
            4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x15262:$s1: UnHook
            • 0x15269:$s2: SetHook
            • 0x15271:$s3: CallNextHook
            • 0x1527e:$s4: _hook
            Click to see the 11 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ParentImage: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ParentProcessId: 7572, ParentProcessName: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ProcessId: 7776, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ParentImage: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ParentProcessId: 7572, ParentProcessName: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ProcessId: 7776, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ParentImage: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ParentProcessId: 7572, ParentProcessName: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe", ProcessId: 7776, ProcessName: powershell.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-08T11:13:15.494617+020028033053Unknown Traffic192.168.2.449736188.114.97.3443TCP
            2024-10-08T11:13:16.777101+020028033053Unknown Traffic192.168.2.449739188.114.97.3443TCP
            2024-10-08T11:13:18.028378+020028033053Unknown Traffic192.168.2.449741188.114.97.3443TCP
            2024-10-08T11:13:19.494849+020028033053Unknown Traffic192.168.2.449743188.114.97.3443TCP
            2024-10-08T11:13:22.297354+020028033053Unknown Traffic192.168.2.449747188.114.97.3443TCP
            2024-10-08T11:13:23.938037+020028033053Unknown Traffic192.168.2.449749188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-08T11:13:13.416396+020028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
            2024-10-08T11:13:14.978897+020028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
            2024-10-08T11:13:16.214422+020028032742Potentially Bad Traffic192.168.2.449738193.122.6.16880TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "6783395654:AAGHZk1wugh441q673h1nDNWiVYW4p6ewXc", "Chat_id": "-4209622687", "Version": "5.1"}
            Multi AV Scanner detection for submitted file
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeVirustotal: Detection: 38%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49734 version: TLS 1.0
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: EHyv.pdb source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Binary string: EHyv.pdbSHA256% source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 00E0F20Eh4_2_00E0F01F
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 00E0FB98h4_2_00E0F01F
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_00E0E540
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_00E0EB73
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_00E0ED54
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06587C4Dh4_2_06587910
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06584A91h4_2_065847E8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06586A59h4_2_065867B0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06584EE9h4_2_06584C40
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06586EB1h4_2_06586C08
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06585799h4_2_065854F0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06580741h4_2_06580498
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06587761h4_2_065874B8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06580FF1h4_2_06580D48
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06586049h4_2_06585DA0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 065864CBh4_2_06586220
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06584611h4_2_06584368
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 065802E9h4_2_06580040
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06587309h4_2_06587060
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06580B99h4_2_065808F0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06585341h4_2_06585098
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4x nop then jmp 06585BF1h4_2_06585948

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.6.168:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.6.168:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49736 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49741 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49739 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49747 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 188.114.97.3:443
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49734 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002966000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028B5000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1724987359.0000000003071000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_0303F0440_2_0303F044
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_0776D3D40_2_0776D3D4
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_07763A500_2_07763A50
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077612480_2_07761248
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_07763A1F0_2_07763A1F
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077ABBC00_2_077ABBC0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077AF1800_2_077AF180
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077AED480_2_077AED48
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077A9DE00_2_077A9DE0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077ABBB00_2_077ABBB0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077AE8EF0_2_077AE8EF
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0F01F4_2_00E0F01F
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0C1904_2_00E0C190
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E061084_2_00E06108
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0B3284_2_00E0B328
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0C4704_2_00E0C470
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0C7514_2_00E0C751
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E067304_2_00E06730
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E098584_2_00E09858
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E04AD94_2_00E04AD9
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0CA314_2_00E0CA31
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0BBD34_2_00E0BBD3
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0BEB04_2_00E0BEB0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0B4F34_2_00E0B4F3
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E035704_2_00E03570
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0E5404_2_00E0E540
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_00E0E52F4_2_00E0E52F
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06589E784_2_06589E78
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658BE004_2_0658BE00
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06587EFA4_2_06587EFA
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658B7B04_2_0658B7B0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658C4484_2_0658C448
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658A4C04_2_0658A4C0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658AB104_2_0658AB10
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065898304_2_06589830
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658B1604_2_0658B160
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065879104_2_06587910
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065891E04_2_065891E0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065811A04_2_065811A0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06589E674_2_06589E67
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065836004_2_06583600
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06587F584_2_06587F58
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065847DA4_2_065847DA
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065847E84_2_065847E8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065847B04_2_065847B0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065867B04_2_065867B0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065867A04_2_065867A0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06584C404_2_06584C40
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06586C084_2_06586C08
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658C4384_2_0658C438
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06584C304_2_06584C30
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065854F04_2_065854F0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065854E24_2_065854E2
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065804984_2_06580498
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065804884_2_06580488
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065874B84_2_065874B8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658A4B64_2_0658A4B6
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065874A84_2_065874A8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06580D484_2_06580D48
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06580D394_2_06580D39
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658BDFB4_2_0658BDFB
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06585D924_2_06585D92
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06585DA04_2_06585DA0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065862104_2_06586210
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065862204_2_06586220
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065843584_2_06584358
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065843684_2_06584368
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658AB024_2_0658AB02
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06586BF84_2_06586BF8
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065870544_2_06587054
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065800404_2_06580040
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065870604_2_06587060
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065800064_2_06580006
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065898204_2_06589820
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065808F04_2_065808F0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065808E04_2_065808E0
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065850984_2_06585098
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658508A4_2_0658508A
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_0658B1504_2_0658B150
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065859484_2_06585948
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065879004_2_06587900
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065829004_2_06582900
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065891D64_2_065891D6
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_065811914_2_06581191
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1724987359.0000000003071000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1723661665.000000000120E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1729715101.0000000008FCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000000.1665857749.0000000000C12000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameEHyv.exeL vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1729491058.0000000007A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120202691.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120362578.0000000000957000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeBinary or memory string: OriginalFilenameEHyv.exeL vs Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, -.csBase64 encoded string: 'G4pV1kZlzrWG3ii/qsKXSnYs+5NUWVZZLTztKeesew9//zKKMVqxJyBhDWLI4hit'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, WpHZM8r9NHXZAFSIAH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, WpHZM8r9NHXZAFSIAH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, B5aPoNbe8rH3ZAH99d.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, WpHZM8r9NHXZAFSIAH.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@2/2
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.logJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMutant created: NULL
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMutant created: \Sessions\1\BaseNamedObjects\xhfCDGAcRsYtPWlIEyGPQ
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_abxmg3vo.rcx.ps1Jump to behavior
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002A26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeVirustotal: Detection: 38%
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeString found in binary or memory: $72794fd6-9579-4364-adda-1580f4b1038b
            Source: unknownProcess created: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: EHyv.pdb source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Source: Binary string: EHyv.pdbSHA256% source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.31b9e44.0.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, B5aPoNbe8rH3ZAH99d.cs.Net Code: VHJvPXHB50 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, B5aPoNbe8rH3ZAH99d.cs.Net Code: VHJvPXHB50 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, B5aPoNbe8rH3ZAH99d.cs.Net Code: VHJvPXHB50 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.5a60000.4.raw.unpack, RZ.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: 0x89C6A715 [Wed Apr 1 10:38:13 2043 UTC]
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_056C3462 push 08418B05h; ret 0_2_056C3473
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_056C3720 push 20418B05h; ret 0_2_056C3733
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_056C22FF push 08418B05h; ret 0_2_056C2313
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_056C1DF0 push 08518905h; ret 0_2_056C1E03
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_07765638 pushad ; iretd 0_2_07765639
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_0776AE19 push eax; mov dword ptr [esp], edx0_2_0776AE2C
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077656B7 pushfd ; iretd 0_2_077656F9
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_077626AD push FFFFFF8Bh; iretd 0_2_077626AF
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 0_2_07766DE0 push FFFFFFC3h; ret 0_2_07766EA4
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeCode function: 4_2_06587EFA push es; ret 4_2_06587F4C
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeStatic PE information: section name: .text entropy: 7.696224910262157
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, gAqfVUNC8q0gh1varO.csHigh entropy of concatenated method names: 'hUR7iid1uA', 'qW77Z9tMi5', 'IvH7vkfl1J', 'riO7V2A6KI', 'fBN7dKEFPH', 'TUg7H1KSgg', 'EMC71NVbv4', 'GL79TgHwW8', 'v8J9UF5IS9', 'IVS9EuHiPJ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, DehsUFJ8pOCfply4AS.csHigh entropy of concatenated method names: 'lC8RysJu1C', 'S31RK4RMY4', 'zRARPqIQ75', 'CtrRoCiM5S', 'TU8RBuDZRE', 'pEfR37q5Ra', 'WqhRgvpsjx', 'j10Rr0UobW', 'KSERYvCKSJ', 'BxyRf1mqUs'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, YE1TvD86GOTMoK2IvF.csHigh entropy of concatenated method names: 'ONMSXappuj', 'ExsSQ9a2Eb', 'ToString', 'mxPSVTM17L', 'YUPSdL4Qbb', 'YGQS6c5i6W', 'zbASHD9SE8', 'vPKS1o9vQ3', 'zmfSRMPBOW', 'dO4SbyGDNY'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, PDiCvsfb6ejVtPyMIm.csHigh entropy of concatenated method names: 'zI9HBkHVty', 'VwdHgdrs76', 'rb56OiCYcj', 'd4G6LoWaoX', 'xp36h2ty3W', 'cYU6cV1h8v', 'yjc6k385Ig', 'OHc6lArN6g', 'pNb6JRfH3m', 'Gx060t1TK5'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, U3aJnNAyjxvuNXfpB7.csHigh entropy of concatenated method names: 'Rbi50mvFhY', 'F3p5DyXArQ', 'Cor5APKcyy', 'gaT5ju92QX', 'zCP5w6dEaI', 'AGf5OA5IXp', 'JyI5LVemRf', 'kan5ht8QoE', 'RqX5cbRfLO', 'qSj5k2ilNy'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, uGGcXnsuiS4C96IwF6.csHigh entropy of concatenated method names: 'iVUP6GjUx', 'VEmo0Q4XW', 'pBB3WjbLN', 'HGUgIsE3G', 'qQxY0Waa4', 'zOPfun3Tg', 'i45ZW7HDAOkALRgqyv', 'YnOxxBtViWGswy6XK2', 'v6d9U2sP0', 'DTXayDJSg'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, og2tfSn7bbFqRJJT83.csHigh entropy of concatenated method names: 'CMZSU7ICbj', 'aU0SNMClY2', 'HF89eSvH8e', 'G3N9iJX0Jd', 'etRSml5RaM', 'KQ2SDjr4gC', 'Td3SGrxvZu', 'lGhSALVMZq', 'Rd7SjJiUuq', 'yKiSxdmpmA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, RrCa7gGa2ukTykCVmJ.csHigh entropy of concatenated method names: 'PlhMrMLa4M', 'TFvMYKo4Zl', 'B3RMWC795h', 'Of9MwoyNde', 'm6pMLG0d41', 'MggMhdRT1U', 'gGsMklGVkx', 'x6JMl43RHj', 'SbtM06gbyP', 'aKHMmpah57'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, eOEJfRd1Y3s6fSFCHR.csHigh entropy of concatenated method names: 'Dispose', 't7aiEebCrq', 'DwnswpWFqS', 'EqFkke0Gvx', 'HcSiN5KVFP', 'OYfizlBAE3', 'ProcessDialogKey', 'W7BsekbKgR', 'aEjsiIjbq3', 'M8Tss6AqfV'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, qUhJIYwxdKD8uYpSL3.csHigh entropy of concatenated method names: 'AgnSBWSRxfwbCc6wFAS', 'e2nu4KSe3TOZypIMyj9', 'k3219Fm7Qj', 'Vg317mym0h', 'kA51a2TrUD', 'isnWyMS4FAPwe8MSvYl', 'kXVkSFS0KTobfAHXspp', 'cGQebBSXstZ5VkbHrtQ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, pai03Lie0kAcnCOdgBO.csHigh entropy of concatenated method names: 'EwI7yDhEMD', 'Knm7Kw0WJP', 'bee7PcETP3', 't7C7o2A3u6', 'joH7BIwVNL', 'yxB73TmUc7', 'VpI7gjy8sL', 'EXH7resBxx', 'EV87Yr4ysQ', 'BUc7feOLct'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, l2frKyYYniAiMtor6d.csHigh entropy of concatenated method names: 'Hss6oHQkGA', 'aCs63G4aJ2', 'bsG6r0n8e7', 'JOw6YtmDDJ', 'MDl65yrtt3', 'YCX6q2fh1Q', 'MmU6SHrren', 'c8y69CZFqy', 'VGA670OXq7', 'OM56aVMNoA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, WpHZM8r9NHXZAFSIAH.csHigh entropy of concatenated method names: 'SVBdACFRrv', 'SYpdjZ71vC', 'dxAdxkhJOD', 'QgBd8mkkkJ', 'tsYd2waKPD', 'Cp5dnZlWFu', 'CiudTTJNtM', 'plQdU53VjL', 'fT3dEZNCUB', 'eRLdNuDv8f'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, aV6TirvMAFLROIWbJr.csHigh entropy of concatenated method names: 'haTiRpHZM8', 'qNHibXZAFS', 'xYniXiAiMt', 'Ar6iQdDDiC', 'zyMi5ImNUG', 'KkuiqIM4IJ', 'A23HZ1snudNB6gmToo', 'LcngF0lLmKLO8favf6', 'yYNii1hiyV', 'stliZDBnCb'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, AkbKgREeEjIjbq3J8T.csHigh entropy of concatenated method names: 'bsn9W6lOAM', 'IST9wJHZo6', 'PfA9OqovQI', 'vw29LUywfT', 'jYm9An2OYp', 'rEr9hkIH46', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, KS5KVFUPmYflBAE3T7.csHigh entropy of concatenated method names: 'oX09VXhx90', 'V4x9dPkpUs', 'vGM96tbuMH', 'aQJ9HFyA6I', 'OVp91tpOlm', 'Y0o9RnBeFN', 'cMk9b0b1mb', 'NOw94GL0i4', 'nZQ9XL3HSr', 'ufo9QniMN0'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, YUGckuWIM4IJl6WIGY.csHigh entropy of concatenated method names: 'Ku81C4LOl5', 'xJf1dKm5Hw', 'YhH1Hf4pLV', 'Xo31RBD74B', 'RYq1b83BXy', 'f0yH27rxGS', 'hJWHnhHqMx', 'xemHTQVK8H', 'dGNHUDqj7c', 'Y9xHEhCAcf'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, i4UX65xjJwDXuCnS2I.csHigh entropy of concatenated method names: 'ToString', 'OuWqmFjY0u', 'fCHqwHAFH9', 'XkeqOfC9r8', 'nx0qLtpcMw', 'HUgqhbqxKR', 'am2qcxOcOh', 'iLOqkKAEgn', 'j2vqlKVq7Z', 'lgQqJhRwib'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, B5aPoNbe8rH3ZAH99d.csHigh entropy of concatenated method names: 'fLPZCrpQWt', 'd7OZVIfxh7', 'm8oZduMsIG', 'YLJZ69DQ2V', 'KCrZHRskGr', 'qKvZ1nFbWw', 'gSqZRYQVUG', 'uHlZbSr0tK', 'uHTZ4a8kTS', 'mIEZXIg4Gm'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, K0MLpszZEXIYZJGfSg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k4N7MEJ9Co', 'SE075NgNBI', 'IHZ7qTPw3E', 'jYh7STvlSl', 'fp479170CM', 'O6t77MGgeb', 'dKk7aDViIT'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.7a20000.5.raw.unpack, dFeu1BiZ0M1Y3E01qrP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vhdaA7tcMu', 'WF7ajkayKf', 'm02axWOTqp', 'Dpta8Hl7w6', 'Ox0a2kKeMJ', 'uFKancCKwi', 'mX4aTKUHdr'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, gAqfVUNC8q0gh1varO.csHigh entropy of concatenated method names: 'hUR7iid1uA', 'qW77Z9tMi5', 'IvH7vkfl1J', 'riO7V2A6KI', 'fBN7dKEFPH', 'TUg7H1KSgg', 'EMC71NVbv4', 'GL79TgHwW8', 'v8J9UF5IS9', 'IVS9EuHiPJ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, DehsUFJ8pOCfply4AS.csHigh entropy of concatenated method names: 'lC8RysJu1C', 'S31RK4RMY4', 'zRARPqIQ75', 'CtrRoCiM5S', 'TU8RBuDZRE', 'pEfR37q5Ra', 'WqhRgvpsjx', 'j10Rr0UobW', 'KSERYvCKSJ', 'BxyRf1mqUs'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, YE1TvD86GOTMoK2IvF.csHigh entropy of concatenated method names: 'ONMSXappuj', 'ExsSQ9a2Eb', 'ToString', 'mxPSVTM17L', 'YUPSdL4Qbb', 'YGQS6c5i6W', 'zbASHD9SE8', 'vPKS1o9vQ3', 'zmfSRMPBOW', 'dO4SbyGDNY'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, PDiCvsfb6ejVtPyMIm.csHigh entropy of concatenated method names: 'zI9HBkHVty', 'VwdHgdrs76', 'rb56OiCYcj', 'd4G6LoWaoX', 'xp36h2ty3W', 'cYU6cV1h8v', 'yjc6k385Ig', 'OHc6lArN6g', 'pNb6JRfH3m', 'Gx060t1TK5'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, U3aJnNAyjxvuNXfpB7.csHigh entropy of concatenated method names: 'Rbi50mvFhY', 'F3p5DyXArQ', 'Cor5APKcyy', 'gaT5ju92QX', 'zCP5w6dEaI', 'AGf5OA5IXp', 'JyI5LVemRf', 'kan5ht8QoE', 'RqX5cbRfLO', 'qSj5k2ilNy'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, uGGcXnsuiS4C96IwF6.csHigh entropy of concatenated method names: 'iVUP6GjUx', 'VEmo0Q4XW', 'pBB3WjbLN', 'HGUgIsE3G', 'qQxY0Waa4', 'zOPfun3Tg', 'i45ZW7HDAOkALRgqyv', 'YnOxxBtViWGswy6XK2', 'v6d9U2sP0', 'DTXayDJSg'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, og2tfSn7bbFqRJJT83.csHigh entropy of concatenated method names: 'CMZSU7ICbj', 'aU0SNMClY2', 'HF89eSvH8e', 'G3N9iJX0Jd', 'etRSml5RaM', 'KQ2SDjr4gC', 'Td3SGrxvZu', 'lGhSALVMZq', 'Rd7SjJiUuq', 'yKiSxdmpmA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, RrCa7gGa2ukTykCVmJ.csHigh entropy of concatenated method names: 'PlhMrMLa4M', 'TFvMYKo4Zl', 'B3RMWC795h', 'Of9MwoyNde', 'm6pMLG0d41', 'MggMhdRT1U', 'gGsMklGVkx', 'x6JMl43RHj', 'SbtM06gbyP', 'aKHMmpah57'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, eOEJfRd1Y3s6fSFCHR.csHigh entropy of concatenated method names: 'Dispose', 't7aiEebCrq', 'DwnswpWFqS', 'EqFkke0Gvx', 'HcSiN5KVFP', 'OYfizlBAE3', 'ProcessDialogKey', 'W7BsekbKgR', 'aEjsiIjbq3', 'M8Tss6AqfV'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, qUhJIYwxdKD8uYpSL3.csHigh entropy of concatenated method names: 'AgnSBWSRxfwbCc6wFAS', 'e2nu4KSe3TOZypIMyj9', 'k3219Fm7Qj', 'Vg317mym0h', 'kA51a2TrUD', 'isnWyMS4FAPwe8MSvYl', 'kXVkSFS0KTobfAHXspp', 'cGQebBSXstZ5VkbHrtQ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, pai03Lie0kAcnCOdgBO.csHigh entropy of concatenated method names: 'EwI7yDhEMD', 'Knm7Kw0WJP', 'bee7PcETP3', 't7C7o2A3u6', 'joH7BIwVNL', 'yxB73TmUc7', 'VpI7gjy8sL', 'EXH7resBxx', 'EV87Yr4ysQ', 'BUc7feOLct'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, l2frKyYYniAiMtor6d.csHigh entropy of concatenated method names: 'Hss6oHQkGA', 'aCs63G4aJ2', 'bsG6r0n8e7', 'JOw6YtmDDJ', 'MDl65yrtt3', 'YCX6q2fh1Q', 'MmU6SHrren', 'c8y69CZFqy', 'VGA670OXq7', 'OM56aVMNoA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, WpHZM8r9NHXZAFSIAH.csHigh entropy of concatenated method names: 'SVBdACFRrv', 'SYpdjZ71vC', 'dxAdxkhJOD', 'QgBd8mkkkJ', 'tsYd2waKPD', 'Cp5dnZlWFu', 'CiudTTJNtM', 'plQdU53VjL', 'fT3dEZNCUB', 'eRLdNuDv8f'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, aV6TirvMAFLROIWbJr.csHigh entropy of concatenated method names: 'haTiRpHZM8', 'qNHibXZAFS', 'xYniXiAiMt', 'Ar6iQdDDiC', 'zyMi5ImNUG', 'KkuiqIM4IJ', 'A23HZ1snudNB6gmToo', 'LcngF0lLmKLO8favf6', 'yYNii1hiyV', 'stliZDBnCb'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, AkbKgREeEjIjbq3J8T.csHigh entropy of concatenated method names: 'bsn9W6lOAM', 'IST9wJHZo6', 'PfA9OqovQI', 'vw29LUywfT', 'jYm9An2OYp', 'rEr9hkIH46', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, KS5KVFUPmYflBAE3T7.csHigh entropy of concatenated method names: 'oX09VXhx90', 'V4x9dPkpUs', 'vGM96tbuMH', 'aQJ9HFyA6I', 'OVp91tpOlm', 'Y0o9RnBeFN', 'cMk9b0b1mb', 'NOw94GL0i4', 'nZQ9XL3HSr', 'ufo9QniMN0'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, YUGckuWIM4IJl6WIGY.csHigh entropy of concatenated method names: 'Ku81C4LOl5', 'xJf1dKm5Hw', 'YhH1Hf4pLV', 'Xo31RBD74B', 'RYq1b83BXy', 'f0yH27rxGS', 'hJWHnhHqMx', 'xemHTQVK8H', 'dGNHUDqj7c', 'Y9xHEhCAcf'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, i4UX65xjJwDXuCnS2I.csHigh entropy of concatenated method names: 'ToString', 'OuWqmFjY0u', 'fCHqwHAFH9', 'XkeqOfC9r8', 'nx0qLtpcMw', 'HUgqhbqxKR', 'am2qcxOcOh', 'iLOqkKAEgn', 'j2vqlKVq7Z', 'lgQqJhRwib'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, B5aPoNbe8rH3ZAH99d.csHigh entropy of concatenated method names: 'fLPZCrpQWt', 'd7OZVIfxh7', 'm8oZduMsIG', 'YLJZ69DQ2V', 'KCrZHRskGr', 'qKvZ1nFbWw', 'gSqZRYQVUG', 'uHlZbSr0tK', 'uHTZ4a8kTS', 'mIEZXIg4Gm'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, K0MLpszZEXIYZJGfSg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k4N7MEJ9Co', 'SE075NgNBI', 'IHZ7qTPw3E', 'jYh7STvlSl', 'fp479170CM', 'O6t77MGgeb', 'dKk7aDViIT'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.428b8a0.2.raw.unpack, dFeu1BiZ0M1Y3E01qrP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vhdaA7tcMu', 'WF7ajkayKf', 'm02axWOTqp', 'Dpta8Hl7w6', 'Ox0a2kKeMJ', 'uFKancCKwi', 'mX4aTKUHdr'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, gAqfVUNC8q0gh1varO.csHigh entropy of concatenated method names: 'hUR7iid1uA', 'qW77Z9tMi5', 'IvH7vkfl1J', 'riO7V2A6KI', 'fBN7dKEFPH', 'TUg7H1KSgg', 'EMC71NVbv4', 'GL79TgHwW8', 'v8J9UF5IS9', 'IVS9EuHiPJ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, DehsUFJ8pOCfply4AS.csHigh entropy of concatenated method names: 'lC8RysJu1C', 'S31RK4RMY4', 'zRARPqIQ75', 'CtrRoCiM5S', 'TU8RBuDZRE', 'pEfR37q5Ra', 'WqhRgvpsjx', 'j10Rr0UobW', 'KSERYvCKSJ', 'BxyRf1mqUs'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, YE1TvD86GOTMoK2IvF.csHigh entropy of concatenated method names: 'ONMSXappuj', 'ExsSQ9a2Eb', 'ToString', 'mxPSVTM17L', 'YUPSdL4Qbb', 'YGQS6c5i6W', 'zbASHD9SE8', 'vPKS1o9vQ3', 'zmfSRMPBOW', 'dO4SbyGDNY'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, PDiCvsfb6ejVtPyMIm.csHigh entropy of concatenated method names: 'zI9HBkHVty', 'VwdHgdrs76', 'rb56OiCYcj', 'd4G6LoWaoX', 'xp36h2ty3W', 'cYU6cV1h8v', 'yjc6k385Ig', 'OHc6lArN6g', 'pNb6JRfH3m', 'Gx060t1TK5'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, U3aJnNAyjxvuNXfpB7.csHigh entropy of concatenated method names: 'Rbi50mvFhY', 'F3p5DyXArQ', 'Cor5APKcyy', 'gaT5ju92QX', 'zCP5w6dEaI', 'AGf5OA5IXp', 'JyI5LVemRf', 'kan5ht8QoE', 'RqX5cbRfLO', 'qSj5k2ilNy'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, uGGcXnsuiS4C96IwF6.csHigh entropy of concatenated method names: 'iVUP6GjUx', 'VEmo0Q4XW', 'pBB3WjbLN', 'HGUgIsE3G', 'qQxY0Waa4', 'zOPfun3Tg', 'i45ZW7HDAOkALRgqyv', 'YnOxxBtViWGswy6XK2', 'v6d9U2sP0', 'DTXayDJSg'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, og2tfSn7bbFqRJJT83.csHigh entropy of concatenated method names: 'CMZSU7ICbj', 'aU0SNMClY2', 'HF89eSvH8e', 'G3N9iJX0Jd', 'etRSml5RaM', 'KQ2SDjr4gC', 'Td3SGrxvZu', 'lGhSALVMZq', 'Rd7SjJiUuq', 'yKiSxdmpmA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, RrCa7gGa2ukTykCVmJ.csHigh entropy of concatenated method names: 'PlhMrMLa4M', 'TFvMYKo4Zl', 'B3RMWC795h', 'Of9MwoyNde', 'm6pMLG0d41', 'MggMhdRT1U', 'gGsMklGVkx', 'x6JMl43RHj', 'SbtM06gbyP', 'aKHMmpah57'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, eOEJfRd1Y3s6fSFCHR.csHigh entropy of concatenated method names: 'Dispose', 't7aiEebCrq', 'DwnswpWFqS', 'EqFkke0Gvx', 'HcSiN5KVFP', 'OYfizlBAE3', 'ProcessDialogKey', 'W7BsekbKgR', 'aEjsiIjbq3', 'M8Tss6AqfV'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, qUhJIYwxdKD8uYpSL3.csHigh entropy of concatenated method names: 'AgnSBWSRxfwbCc6wFAS', 'e2nu4KSe3TOZypIMyj9', 'k3219Fm7Qj', 'Vg317mym0h', 'kA51a2TrUD', 'isnWyMS4FAPwe8MSvYl', 'kXVkSFS0KTobfAHXspp', 'cGQebBSXstZ5VkbHrtQ'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, pai03Lie0kAcnCOdgBO.csHigh entropy of concatenated method names: 'EwI7yDhEMD', 'Knm7Kw0WJP', 'bee7PcETP3', 't7C7o2A3u6', 'joH7BIwVNL', 'yxB73TmUc7', 'VpI7gjy8sL', 'EXH7resBxx', 'EV87Yr4ysQ', 'BUc7feOLct'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, l2frKyYYniAiMtor6d.csHigh entropy of concatenated method names: 'Hss6oHQkGA', 'aCs63G4aJ2', 'bsG6r0n8e7', 'JOw6YtmDDJ', 'MDl65yrtt3', 'YCX6q2fh1Q', 'MmU6SHrren', 'c8y69CZFqy', 'VGA670OXq7', 'OM56aVMNoA'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, WpHZM8r9NHXZAFSIAH.csHigh entropy of concatenated method names: 'SVBdACFRrv', 'SYpdjZ71vC', 'dxAdxkhJOD', 'QgBd8mkkkJ', 'tsYd2waKPD', 'Cp5dnZlWFu', 'CiudTTJNtM', 'plQdU53VjL', 'fT3dEZNCUB', 'eRLdNuDv8f'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, aV6TirvMAFLROIWbJr.csHigh entropy of concatenated method names: 'haTiRpHZM8', 'qNHibXZAFS', 'xYniXiAiMt', 'Ar6iQdDDiC', 'zyMi5ImNUG', 'KkuiqIM4IJ', 'A23HZ1snudNB6gmToo', 'LcngF0lLmKLO8favf6', 'yYNii1hiyV', 'stliZDBnCb'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, AkbKgREeEjIjbq3J8T.csHigh entropy of concatenated method names: 'bsn9W6lOAM', 'IST9wJHZo6', 'PfA9OqovQI', 'vw29LUywfT', 'jYm9An2OYp', 'rEr9hkIH46', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, KS5KVFUPmYflBAE3T7.csHigh entropy of concatenated method names: 'oX09VXhx90', 'V4x9dPkpUs', 'vGM96tbuMH', 'aQJ9HFyA6I', 'OVp91tpOlm', 'Y0o9RnBeFN', 'cMk9b0b1mb', 'NOw94GL0i4', 'nZQ9XL3HSr', 'ufo9QniMN0'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, YUGckuWIM4IJl6WIGY.csHigh entropy of concatenated method names: 'Ku81C4LOl5', 'xJf1dKm5Hw', 'YhH1Hf4pLV', 'Xo31RBD74B', 'RYq1b83BXy', 'f0yH27rxGS', 'hJWHnhHqMx', 'xemHTQVK8H', 'dGNHUDqj7c', 'Y9xHEhCAcf'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, i4UX65xjJwDXuCnS2I.csHigh entropy of concatenated method names: 'ToString', 'OuWqmFjY0u', 'fCHqwHAFH9', 'XkeqOfC9r8', 'nx0qLtpcMw', 'HUgqhbqxKR', 'am2qcxOcOh', 'iLOqkKAEgn', 'j2vqlKVq7Z', 'lgQqJhRwib'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, B5aPoNbe8rH3ZAH99d.csHigh entropy of concatenated method names: 'fLPZCrpQWt', 'd7OZVIfxh7', 'm8oZduMsIG', 'YLJZ69DQ2V', 'KCrZHRskGr', 'qKvZ1nFbWw', 'gSqZRYQVUG', 'uHlZbSr0tK', 'uHTZ4a8kTS', 'mIEZXIg4Gm'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, K0MLpszZEXIYZJGfSg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'k4N7MEJ9Co', 'SE075NgNBI', 'IHZ7qTPw3E', 'jYh7STvlSl', 'fp479170CM', 'O6t77MGgeb', 'dKk7aDViIT'
            Source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4229e80.3.raw.unpack, dFeu1BiZ0M1Y3E01qrP.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vhdaA7tcMu', 'WF7ajkayKf', 'm02axWOTqp', 'Dpta8Hl7w6', 'Ox0a2kKeMJ', 'uFKancCKwi', 'mX4aTKUHdr'
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile created: \siparis po# dt-te-160924r0 _323282-_563028621286 pdf .exe
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile created: \siparis po# dt-te-160924r0 _323282-_563028621286 pdf .exe
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile created: \siparis po# dt-te-160924r0 _323282-_563028621286 pdf .exeJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile created: \siparis po# dt-te-160924r0 _323282-_563028621286 pdf .exeJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 3070000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 5070000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 9300000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: A300000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: A510000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: B510000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: E00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 27D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599125Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598797Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597921Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597374Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596921Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596812Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596703Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596582Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596453Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596337Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596218Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596108Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595997Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595884Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595765Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595655Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595546Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595437Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595328Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595218Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594890Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594781Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594671Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594562Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7796Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1881Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeWindow / User API: threadDelayed 8249Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeWindow / User API: threadDelayed 1605Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 7596Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7960Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -34126476536362649s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8040Thread sleep count: 8249 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8040Thread sleep count: 1605 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -599015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598797s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598687s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598468s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598359s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598250s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598140s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -598031s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597921s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597593s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597374s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597265s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -597046s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596921s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596582s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596337s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596218s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -596108s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595997s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595884s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595655s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595218s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -595000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -594890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -594781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -594671s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe TID: 8032Thread sleep time: -594562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599125Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598797Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597921Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597374Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597156Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596921Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596812Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596703Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596582Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596453Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596337Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596218Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 596108Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595997Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595884Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595765Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595655Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595546Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595437Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595328Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595218Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594890Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594781Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594671Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeThread delayed: delay time: 594562Jump to behavior
            Source: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120842104.0000000000B7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllied
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeProcess created: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121625420.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 4.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.4180458.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121625420.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7572, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe PID: 7792, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Disable or Modify Tools            		LSASS Memory1
            Security Software Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
            Obfuscated Files or Information            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSync1
            File and Directory Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc Filesystem13
            System Information Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe38%VirustotalBrowse
            Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.fontbureau.com0%URL Reputationsafe
            http://www.fontbureau.com/designersG0%URL Reputationsafe
            http://www.fontbureau.com/designers/?0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.fontbureau.com/designers?0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://www.fontbureau.com/designers0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://reallyfreegeoip.org0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            http://www.fontbureau.com/designers80%URL Reputationsafe
            http://www.fonts.com0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.97.3
            		truetrueunknown
            checkip.dyndns.com
            		193.122.6.168
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://reallyfreegeoip.org/xml/8.46.123.33false
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.org/false
            • URL Reputation: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.apache.org/licenses/LICENSE-2.0Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalseunknown
            http://www.fontbureau.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersGSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers/?Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cn/bTheSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers?Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.tiro.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.orgSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002966000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designersSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.goodfont.co.krSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.carterandcone.comlSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.sajatypeworks.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.typography.netDSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers/cabarga.htmlNSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cn/cTheSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.galapagosdesign.com/staff/dennis.htmSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.founder.com.cn/cnSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers/frere-user.htmlSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33$Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.org/qSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://reallyfreegeoip.orgSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028B5000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.galapagosdesign.com/DPleaseSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.orgSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000028E0000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fontbureau.com/designers8Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.fonts.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.sandoll.co.krSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002930000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002985000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000294A000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002958000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.0000000002993000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000293D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.urwpp.deDPleaseSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.zhongyicts.com.cnSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1724987359.0000000003071000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.sakkal.comSiparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1728496990.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org/xml/Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, 00000004.00000002.4121625420.000000000289D000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            188.114.97.3
            		reallyfreegeoip.orgEuropean Union
            		13335CLOUDFLARENETUStrue
            193.122.6.168
            		checkip.dyndns.comUnited States
            		31898ORACLE-BMC-31898USfalse

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1528873
            Start date and time:2024-10-08 11:12:17 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 8m 7s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:9
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@6/6@2/2
            EGA Information:
            • Successful, ratio: 50%
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 324
            • Number of non-executed functions: 27
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe, PID 7792 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            05:13:10API Interceptor10409000x Sleep call for process: Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe modified
            05:13:11API Interceptor11x Sleep call for process: powershell.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            188.114.97.3scan_374783.jsGet hashmaliciousAgentTeslaBrowse
            • paste.ee/d/gvOd3
            IRYzGMMbSw.exeGet hashmaliciousFormBookBrowse
            • www.bayarcepat19.click/yuvr/
            Arrival Notice.exeGet hashmaliciousFormBookBrowse
            • www.cc101.pro/0r21/
            http://www.thegulfthermale.com.tr/antai/12/3dsec.phpGet hashmaliciousUnknownBrowse
            • www.thegulfthermale.com.tr/antai/12/3dsec.php
            QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/eZFzMENr/download
            QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
            • filetransfer.io/data-package/MlZtCPkK/download
            https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
            • mairie-espondeilhan.com/
            QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
            • filetransfer.io/data-package/758bYd86/download
            QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/58PSl7si/download
            QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/58PSl7si/download
            193.122.6.168PO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            RFQ Ref. No CRCCRFQHAFJIHDG2-KSU001 REV.01..exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            PO.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            na.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
            • checkip.dyndns.org/
            8038.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            MT103-93850.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/
            StatementXofXaccount.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • checkip.dyndns.org/

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            reallyfreegeoip.orgNXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 188.114.96.3
            RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 188.114.96.3
            EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            checkip.dyndns.comPO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.6.168
            NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 132.226.247.73
            Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.6.168
            QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 132.226.8.169
            PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
            • 132.226.8.169
            Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 193.122.130.0
            RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 132.226.247.73
            Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.130.0
            rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 158.101.44.242
            EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 132.226.8.169

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ORACLE-BMC-31898USPO.L0009316.Pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.6.168
            Order.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.130.0
            Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 193.122.130.0
            Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 193.122.130.0
            rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 158.101.44.242
            Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            XvAqhy3FO6.elfGet hashmaliciousMirai, OkiruBrowse
            • 150.136.104.146
            RFQ Ref. No CRCCRFQHAFJIHDG2-KSU001 REV.01..exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            z1PO7311145.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 158.101.44.242
            PO.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 158.101.44.242
            CLOUDFLARENETUShttps://we.tl/t-BVtGtb0HLzGet hashmaliciousUnknownBrowse
            • 104.17.25.14
            na.elfGet hashmaliciousUnknownBrowse
            • 104.28.142.242
            Message_2551600.emlGet hashmaliciousUnknownBrowse
            • 1.1.1.1
            na.elfGet hashmaliciousUnknownBrowse
            • 104.16.244.186
            NXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.96.3
            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            SWIFT 103 202410071519130850 071024.pdf.vbsGet hashmaliciousRemcosBrowse
            • 188.114.97.3
            September Report 24'.vbsGet hashmaliciousRemcos, GuLoaderBrowse
            • 104.21.56.207
            Oilmax Systems Updated.xlsGet hashmaliciousUnknownBrowse
            • 188.114.96.3

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            54328bd36c14bd82ddaa0c04b25ed9adNXPYoHNSgv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            QUOTATION_OCTQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            PO_89_202876.Pdf.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            Contrato de Cesin de Crditos Sin Recurso.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 188.114.97.3
            RFQ PAL-10GN SN 2001964_xls.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            Urgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
            • 188.114.97.3
            EUYIlr7uUX.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
            • 188.114.97.3
            https://s.craft.me/yB5midhwwaHUPWGet hashmaliciousHTMLPhisherBrowse
            • 188.114.97.3
            Justificante de pago.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe.log

            Download File
            Process:C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:data
            Category:dropped
            Size (bytes):1172
            Entropy (8bit):5.354777075714867
            Encrypted:false
            SSDEEP:24:3gWSKco4KmBs4RPT5jKRBmFoUebIKo+mZ9t7J0gt/NKIl9r+q:QWSU4y4RdymFoUeW+mZ9tK8ND3
            MD5:42030D7643AE360417BA0DC2C14635F4
            SHA1:89F9DBC8A222A95BD9D11F92BCD7DD713AA80CFF
            SHA-256:BA9EA24038674AD3030EDD9BBFBA8287A4E2F55447B9B3C0DC5749AD37DCF70F
            SHA-512:662448F963892AB9E3C64FED7F1C108D44F0613018A1CF34243578F5D7DBEBEDC1DF64CD4C501613BBF714D5CCA35B223127476B90F198874364E5A2D1679643
            Malicious:false
            Reputation:low
            Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...<...............i..VdqF...|...........System.Configuration@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_abxmg3vo.rcx.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Reputation:high, very likely benign file
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hriddo01.ooj.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Reputation:high, very likely benign file
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyhh5k2w.b4z.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzwz3ojc.ikd.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.666086834331196
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            File size:594'432 bytes
            MD5:07b38f706695cb1f231f67f955744eb3
            SHA1:b6060e8e74d3b38443d34d30993e6cfb08552272
            SHA256:f45af8f50fd6e0ce6ccffb8aa16d0fe0b11d9db564c3d22a6789ed68ec36933f
            SHA512:7640e7366762e1c2acd1aedc4e9199b7009379931c89748b84196946237af4b2ea9b10843e63fff6205e212a046f06488197fe16fd28577fbb70c2d436917c26
            SSDEEP:12288:ynCCg3eWoS2Ro9npcS3RkMSS2egz8l/wCqrSmE:/eWQo9OFS2egQ/4E
            TLSH:A6C4F16C5A1AE613C95A17B41E72F2B427784DEEB902D3075FD87DEFB93AB144800293
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ... ....@.. .......................`............@................................

            File Icon

            Icon Hash:0133616706060606

            Static PE Info

            General

            Entrypoint:0x491496
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x89C6A715 [Wed Apr 1 10:38:13 2043 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x914420x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x920000x1714.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x8edd00x70.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x8f49c0x8f600f968168c5329065b6f1138100fd2bdcaFalse0.8948343504795118data7.696224910262157IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0x920000x17140x1800354663248d595064a14dbf30ea6f1ea6False0.22281901041666666data3.1472285512584817IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x940000xc0x200cc98480675bd8ee75b9793a3c30f0c49False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x921300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.13813320825515948
            RT_GROUP_ICON0x931d80x14data1.1
            RT_VERSION0x931ec0x33cdata0.42995169082125606
            RT_MANIFEST0x935280x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Suricata IDS Alerts

            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
            2024-10-08T11:13:13.416396+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
            2024-10-08T11:13:14.978897+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
            2024-10-08T11:13:15.494617+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449736188.114.97.3443TCP
            2024-10-08T11:13:16.214422+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449738193.122.6.16880TCP
            2024-10-08T11:13:16.777101+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449739188.114.97.3443TCP
            2024-10-08T11:13:18.028378+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449741188.114.97.3443TCP
            2024-10-08T11:13:19.494849+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449743188.114.97.3443TCP
            2024-10-08T11:13:22.297354+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449747188.114.97.3443TCP
            2024-10-08T11:13:23.938037+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449749188.114.97.3443TCP

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 8, 2024 11:13:12.517457008 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:12.523102045 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:12.523215055 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:12.523521900 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:12.528366089 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:13.157886028 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:13.164350986 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:13.169361115 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:13.365354061 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:13.416395903 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:13.545917988 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:13.546016932 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:13.546224117 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:13.837510109 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:13.837594986 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.309211969 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.309325933 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.314851999 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.314882040 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.315340996 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.374773979 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.468636990 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.511428118 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.579854012 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.580069065 CEST44349734188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.580476999 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.585361958 CEST49734443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.590922117 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:14.595839977 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:14.778429031 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:14.782579899 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.782617092 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.782685995 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.782917023 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:14.782931089 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:14.978897095 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.361238956 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:15.362677097 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:15.362700939 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:15.494714022 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:15.494955063 CEST44349736188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:15.495066881 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:15.496324062 CEST49736443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:15.498079062 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.499097109 CEST4973880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.503695011 CEST8049733193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:15.503801107 CEST4973380192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.503879070 CEST8049738193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:15.504175901 CEST4973880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.504175901 CEST4973880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:15.509110928 CEST8049738193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:16.163616896 CEST8049738193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:16.164947987 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.164967060 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.165703058 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.166040897 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.166053057 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.214421988 CEST4973880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:16.634253025 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.635790110 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.635807991 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.777229071 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.777467966 CEST44349739188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:16.777532101 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.777918100 CEST49739443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:16.781800985 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:16.786715031 CEST8049740193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:16.786788940 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:16.786845922 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:16.792357922 CEST8049740193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:17.417627096 CEST8049740193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:17.421961069 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:17.421982050 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:17.422117949 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:17.422393084 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:17.422405958 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:17.463406086 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:17.882381916 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:17.888442993 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:17.888457060 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:18.028443098 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:18.028669119 CEST44349741188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:18.028749943 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:18.029510021 CEST49741443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:18.033868074 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:18.034780025 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:18.039140940 CEST8049740193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:18.039200068 CEST4974080192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:18.039582014 CEST8049742193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:18.039649963 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:18.039757967 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:18.045150995 CEST8049742193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:18.828223944 CEST8049742193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:18.851900101 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:18.851927996 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:18.851993084 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:18.852319956 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:18.852336884 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:18.869534016 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.342961073 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:19.344492912 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:19.344520092 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:19.494916916 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:19.495148897 CEST44349743188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:19.495233059 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:19.495618105 CEST49743443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:19.507035017 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.508157015 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.513088942 CEST8049742193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:19.513108969 CEST8049744193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:19.513149977 CEST4974280192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.513184071 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.513283014 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:19.518609047 CEST8049744193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:20.140796900 CEST8049744193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:20.142239094 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.142256021 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.142323971 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.142596960 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.142610073 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.182161093 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.604671001 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.606767893 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.606790066 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.729850054 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.730084896 CEST44349745188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:20.730144978 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.730870008 CEST49745443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:20.734323978 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.736323118 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.739772081 CEST8049744193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:20.739861965 CEST4974480192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.741158009 CEST8049746193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:20.741236925 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.742973089 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:20.747795105 CEST8049746193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:21.377439022 CEST8049746193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:21.378705025 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:21.378777027 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:21.378863096 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:21.379101038 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:21.379133940 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:21.432075977 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:21.840733051 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:21.885194063 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:21.895721912 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:21.895746946 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:22.297378063 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:22.297641993 CEST44349747188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:22.297774076 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:22.298078060 CEST49747443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:22.300996065 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:22.301892042 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:22.306675911 CEST8049746193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:22.306772947 CEST4974680192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:22.307099104 CEST8049748193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:22.307157040 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:22.307267904 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:22.312284946 CEST8049748193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:22.935429096 CEST8049748193.122.6.168192.168.2.4
            Oct 8, 2024 11:13:22.936566114 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:22.936614037 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:22.936706066 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:22.936996937 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:22.937011957 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:22.978941917 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:13:23.593059063 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:23.595091105 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:23.595125914 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:23.938101053 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:23.938378096 CEST44349749188.114.97.3192.168.2.4
            Oct 8, 2024 11:13:23.938486099 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:13:23.939408064 CEST49749443192.168.2.4188.114.97.3
            Oct 8, 2024 11:14:21.162862062 CEST8049738193.122.6.168192.168.2.4
            Oct 8, 2024 11:14:21.163254023 CEST4973880192.168.2.4193.122.6.168
            Oct 8, 2024 11:14:27.935168982 CEST8049748193.122.6.168192.168.2.4
            Oct 8, 2024 11:14:27.935349941 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:15:02.955190897 CEST4974880192.168.2.4193.122.6.168
            Oct 8, 2024 11:15:03.072887897 CEST8049748193.122.6.168192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 8, 2024 11:13:12.488612890 CEST5974253192.168.2.41.1.1.1
            Oct 8, 2024 11:13:12.496121883 CEST53597421.1.1.1192.168.2.4
            Oct 8, 2024 11:13:13.532962084 CEST5996853192.168.2.41.1.1.1
            Oct 8, 2024 11:13:13.541733027 CEST53599681.1.1.1192.168.2.4
            Oct 8, 2024 11:13:29.909604073 CEST53580281.1.1.1192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Oct 8, 2024 11:13:12.488612890 CEST192.168.2.41.1.1.10x81c4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:13.532962084 CEST192.168.2.41.1.1.10x40a7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:12.496121883 CEST1.1.1.1192.168.2.40x81c4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:13.541733027 CEST1.1.1.1192.168.2.40x40a7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Oct 8, 2024 11:13:13.541733027 CEST1.1.1.1192.168.2.40x40a7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • reallyfreegeoip.org
            • checkip.dyndns.org

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449733193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:12.523521900 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:13.157886028 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:13 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: bd73b609524c7156e7ab95ed3bbd066f
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Oct 8, 2024 11:13:13.164350986 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Oct 8, 2024 11:13:13.365354061 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:13 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 442a1e27fa15d8bfb741bc95a6c3e6c9
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Oct 8, 2024 11:13:14.590922117 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Oct 8, 2024 11:13:14.778429031 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:14 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 40242a9b05514b39ce32318e031c3ef6
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449738193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:15.504175901 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Oct 8, 2024 11:13:16.163616896 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:16 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 2d4c2c365600fd72d62dc21bb7f1795c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449740193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:16.786845922 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:17.417627096 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:17 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e7f3ba10f9f368008adbc56ba9436a4e
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449742193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:18.039757967 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:18.828223944 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:18 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 786cf5d0e8b0e23fbb32d331d1874d51
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449744193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:19.513283014 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:20.140796900 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:20 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: a18aee74c6a508b35bbfcc07bf2c91d4
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449746193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:20.742973089 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:21.377439022 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:21 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 513ba3320003eb8410d74f26f4810889
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449748193.122.6.168807792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            Oct 8, 2024 11:13:22.307267904 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Oct 8, 2024 11:13:22.935429096 CEST320INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:22 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: f06466b7fd4961fa7d2758193c2467bd
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449734188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:14 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-10-08 09:13:14 UTC674INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:14 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45126
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CH7hgDJIXY3WwDk1VQnSaMPltmme%2B9ZCrJbGHuz0TzjXhRSJGZhAbr5CgSZoG1m%2FfvJ3mSELhVcJ7jhCsRGEKZ7NVzNUbGV4dSjzKPnSIP1xGsldOMUMNbauZ1CfH4UuGVRhPCpS"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf50389bf991a0f-EWR
            2024-10-08 09:13:14 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:14 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449736188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:15 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:15 UTC674INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:15 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45127
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMAb5ZyRPQ1bcGV5FfRaMrnTLJEGpgEMp%2Fqjc3wlSCEhePnsA1FrOwXnkM6sOkimiPVEhql8BOJOUUYTlHYaLWseKcNq%2FQk6kaGODlCv1AH5j88Hc9k3mDfly8hASkIxdOgeRT6s"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf5038f7ba71875-EWR
            2024-10-08 09:13:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:15 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449739188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:16 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:16 UTC678INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:16 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45128
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q0rg8fFjgKgtmHBR0E82ZgPsujhhuoMUb9P9LrFANjAOIRuJ6geZ%2BB4vx5l%2FP7vg3lEJ9UhgGOZjMW9PQxitWD3LGGNpLgOJGdA%2FWCBLFHVUzr57I1ULUHee%2Bn1n4Li6rS6H64oR"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf503977dec42a5-EWR
            2024-10-08 09:13:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:16 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449741188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:17 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:18 UTC714INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:17 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45129
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xR6drCZc6X5SItUdH1RzqZaUUw0dS4uARpzgJj9EzaN6xQEmYHs6%2FlVrOAReEt8WqkFMJC2wkshvCWV6wBtRn5ZosrnflMGPhea%2BI%2Fc7%2F8zTAHp3RLkDvr%2B1x%2B2G6TKgyDL2jq%2Bw"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf5039f58b91861-EWR
            alt-svc: h3=":443"; ma=86400
            2024-10-08 09:13:18 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:18 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449743188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:19 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:19 UTC672INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:19 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45131
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9m5HRiGmbCVChQeUvV6ZqT4SLelarZumn5UTAI5kB4Z6Z3COl1MAzEejpMuWHVoFvuXIrzXlFHbHmTL7s5EdyLAwldeX64u4rXtXY2DqnhACIKy%2FNmDsxY3Dn5FbhpQbXC4pBgIT"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf503a86c568cda-EWR
            2024-10-08 09:13:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:19 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449745188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:20 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-10-08 09:13:20 UTC688INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:20 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45132
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vNma5%2FaU8F4x4QN%2Fqm9wlISdXoDf%2F%2FnRYreq69J6HB%2BHNUwI4QXDDSh127HWSF6neP1MU%2FlP3Tdsuzx0%2FCEQEDtPNwbJpKE2Cg7VyR81SeO0uNi8fqx2%2FpzXpPiUKMFTs2%2FPfZWq"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf503b03f3b43a4-EWR
            2024-10-08 09:13:20 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:20 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449747188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:21 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:22 UTC682INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:22 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45134
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ne80JwPxgiASdv404Jj4i%2BUBDY4K8uf26Y%2FuecgiEdomdvq2Y8iOWj3oa0e6Sv%2FQLS37EP4Hmj1TGuQncc01aQN6ljlGlwh%2F0AQq3AC8ZkJgi2xkS%2B25RnqFhIn1yMRZrRxi%2BTiy"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf503b9fa497cfa-EWR
            2024-10-08 09:13:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:22 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.449749188.114.97.34437792C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            TimestampBytes transferredDirectionData
            2024-10-08 09:13:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-10-08 09:13:23 UTC674INHTTP/1.1 200 OK
            Date: Tue, 08 Oct 2024 09:13:23 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 45135
            Last-Modified: Mon, 07 Oct 2024 20:41:08 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4dl4v0orYuNohw9rxUCpjp9vpqwM4TJEHIjNV3SVONSKEFDZukj4VKhqfP9aXDSgGIMRFqzmKg0jYAJxbBCYmpGei%2Fwzw9C%2BoDaXMRqg0WfhDP7zsIoaMEsvD6afuK0V3DYt1rE"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 8cf503c44da40f79-EWR
            2024-10-08 09:13:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-10-08 09:13:23 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:05:13:07
            Start date:08/10/2024
            Path:C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Imagebase:0xc10000
            File size:594'432 bytes
            MD5 hash:07B38F706695CB1F231F67F955744EB3
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1726636801.0000000004160000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            Reputation:low
            Has exited:true

            General

            Target ID:2
            Start time:05:13:10
            Start date:08/10/2024
            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Imagebase:0xc20000
            File size:433'152 bytes
            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:3
            Start time:05:13:10
            Start date:08/10/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff7699e0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:05:13:10
            Start date:08/10/2024
            Path:C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .exe"
            Imagebase:0x520000
            File size:594'432 bytes
            MD5 hash:07B38F706695CB1F231F67F955744EB3
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000004.00000002.4120202691.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4121625420.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.4121625420.00000000027D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:12.2%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:45
              Total number of Limit Nodes:3
              execution_graph 58373 303add0 58374 303addf 58373->58374 58376 303aeb8 58373->58376 58377 303aefc 58376->58377 58378 303aed9 58376->58378 58377->58374 58378->58377 58379 303b100 GetModuleHandleW 58378->58379 58380 303b12d 58379->58380 58380->58374 58381 303d560 58382 303d5a6 58381->58382 58386 303d740 58382->58386 58389 303d72f 58382->58389 58383 303d693 58387 303d76e 58386->58387 58392 303d0fc 58386->58392 58387->58383 58390 303d0fc DuplicateHandle 58389->58390 58391 303d76e 58390->58391 58391->58383 58393 303d7a8 DuplicateHandle 58392->58393 58394 303d83e 58393->58394 58394->58387 58358 7769ef0 58360 7769ef3 58358->58360 58359 7769fa9 58359->58359 58360->58359 58362 77688a8 58360->58362 58363 77688b3 58362->58363 58365 776a0b0 58363->58365 58366 77688d8 58363->58366 58365->58359 58367 776a200 SetTimer 58366->58367 58368 776a26c 58367->58368 58368->58365 58395 3034668 58396 303467f 58395->58396 58397 303468b 58396->58397 58399 3034788 58396->58399 58400 30347ad 58399->58400 58404 3034888 58400->58404 58408 3034898 58400->58408 58406 30348bf 58404->58406 58405 303499c 58405->58405 58406->58405 58412 3034514 58406->58412 58409 30348bf 58408->58409 58410 303499c 58409->58410 58411 3034514 CreateActCtxA 58409->58411 58411->58410 58413 3035928 CreateActCtxA 58412->58413 58415 30359eb 58413->58415 58369 56c67a0 58370 56c67ee DrawTextExW 58369->58370 58372 56c6846 58370->58372

              Executed Functions

              Function 0776D3D4 Relevance: .9, Instructions: 931COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 182e34688fab04c3b173665a24b80cedf3668f2bbfa4a196fc3e32d2281bb9af
              • Instruction ID: 1533631e29ad813e0178ba16e45ad987485bc870a950992752b71aca580495ab
              • Opcode Fuzzy Hash: 182e34688fab04c3b173665a24b80cedf3668f2bbfa4a196fc3e32d2281bb9af
              • Instruction Fuzzy Hash: 3DA24C75E102198FCB14EF68C8586EDB7B2FF89300F1481A9D94AA7355EB74AE85CF40
              Function 07761248 Relevance: .7, Instructions: 734COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db097c6874968aae9a04138083661ce57ebb390fec3d0476a45db61046bdf0c5
              • Instruction ID: 447b8f71c474cba4490c9e688845e35b2a506e7bfae765bb7cc0509c32261bd5
              • Opcode Fuzzy Hash: db097c6874968aae9a04138083661ce57ebb390fec3d0476a45db61046bdf0c5
              • Instruction Fuzzy Hash: B15226B8701219CFCB199B78C45C66D7BF2AF89385B5088BED907CB365DB369841CB42
              Function 07763A50 Relevance: .5, Instructions: 470COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29c47f400de426e521e88193f0a874da37ef73b2fc3a641fe6e1f7e2d4194b52
              • Instruction ID: 3ffa1026d6e92e3b4c7a7c77397fb189434183bd1be93053ceab4ceefa7d6abc
              • Opcode Fuzzy Hash: 29c47f400de426e521e88193f0a874da37ef73b2fc3a641fe6e1f7e2d4194b52
              • Instruction Fuzzy Hash: 02224D74A10219CFCB14DF68D988A9DB7B2FF85300F15C5A9D809AB265DB30ED85CF91
              Function 07763A1F Relevance: .4, Instructions: 409COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2caae591a4069a26174faeab371e7666327aebea53ad109d616fc68436782457
              • Instruction ID: 9b1883f5aa7a0f90b8ea24903e53a5afc5a5966802d36ccb19f75e4318b04094
              • Opcode Fuzzy Hash: 2caae591a4069a26174faeab371e7666327aebea53ad109d616fc68436782457
              • Instruction Fuzzy Hash: 81024D74A10219CFCB14DF28C988A9DBBB2FF45350F1585A9E809AB366DB30ED85CF51
              Function 077ABBB0 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79c969321075e7b81aa83fa22bf93ebb6320497b6c5f93a274c66a36f2726992
              • Instruction ID: af335b8450d324afa95c101710a124a6120096f6042d6fd3bf5ba39bcda9f723
              • Opcode Fuzzy Hash: 79c969321075e7b81aa83fa22bf93ebb6320497b6c5f93a274c66a36f2726992
              • Instruction Fuzzy Hash: 392149F1E046089BEB58CF67D8006EEBFF6AFCA350F14D56AC409A6265DB3019458BA0
              Function 077ABBC0 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6bb05ee04791ced8b44805acc230f3b3083d42fbe08b24a2824221c4f77bbbdd
              • Instruction ID: 39ed8d90e82d95e6cbbcbfdbfedc791d6cb8d33214effcf788244bd731c59f30
              • Opcode Fuzzy Hash: 6bb05ee04791ced8b44805acc230f3b3083d42fbe08b24a2824221c4f77bbbdd
              • Instruction Fuzzy Hash: B61149B0E04618DBEB58CF67C8046EEFAFBAFC9340F14D53A940966224DB340A468F50
              Function 077581F0 Relevance: 3.9, Strings: 3, Instructions: 145COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 294 77581f0-7758207 296 7758209-7758218 294->296 297 775826a-7758278 294->297 296->297 300 775821a-7758226 call 77553f0 296->300 301 775828b-775828d 297->301 302 775827a-7758285 call 7755354 297->302 308 7758228-7758234 call 7755400 300->308 309 775823a-7758256 300->309 343 775828f call 56cac08 301->343 344 775828f call 56cabfa 301->344 302->301 310 7758349-77583bd 302->310 307 7758294-77582a3 315 77582a5-77582b4 307->315 316 77582bb-77582be 307->316 308->309 318 77582bf-77582fd 308->318 322 7758304-7758342 309->322 323 775825c-7758260 309->323 339 77583d5-77583d6 310->339 340 77583bf-77583c5 310->340 315->316 318->322 322->310 323->297 341 77583c7 340->341 342 77583c9-77583cb 340->342 341->339 342->339 343->307 344->307
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Hbq$Hbq$Hbq
              • API String ID: 0-2297679979
              • Opcode ID: f9b8b3731fa3c645da69655f60a306815bbba7dff6a3d50184d1f30f6bc830c4
              • Instruction ID: 0f78d47fb625236a4e5ffcd9cf802ecaae15f56d7df3b08812c035de5f30e7cd
              • Opcode Fuzzy Hash: f9b8b3731fa3c645da69655f60a306815bbba7dff6a3d50184d1f30f6bc830c4
              • Instruction Fuzzy Hash: 1941BE71344A408BC719AB79811453F7AEBAFC4280B6848ADD946CB7D0EF78DC03C756
              Function 07752C88 Relevance: 2.9, Strings: 2, Instructions: 380COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 368 7752c88-7752cbe 372 7752d20-7752d78 368->372 373 7752cc0-7752ce8 call 7751690 368->373 381 7752d7f-7752d87 372->381 373->381 382 7752cee-7752cfe 373->382 388 7752d8e-7752dc8 381->388 387 7752d04-7752d1d call 775169c 382->387 382->388 400 7752dd1-7752e2a 388->400 401 7752dca-7752dd0 388->401 408 7752e33-7752ed7 400->408 409 7752e2c-7752e2e 400->409 412 77531b1-77531ea 408->412 413 7752edd-775307d call 7751784 call 7751794 call 77517a4 408->413 409->408 426 77531f3-775321d 412->426 427 77531ec-77531f0 412->427 438 77530c7-77530cf 413->438 439 775307f-77530ad call 77517b0 413->439 427->426 443 77530d6-77530dd 438->443 442 77530b2-77530c5 439->442 442->443 444 77530df-77530f0 443->444 445 77530fb-77530fc 443->445 444->445 445->412
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Hbq$Hbq
              • API String ID: 0-4258043069
              • Opcode ID: 9ee0556743bb4eb6b630c8e1af919a04c8042ecabc8031c16894e17d003fbeb9
              • Instruction ID: 9b6661d241bc06cc40ca4ffe3b96b98c9a29f27df1d6c7f3f1271e4a06dfc17c
              • Opcode Fuzzy Hash: 9ee0556743bb4eb6b630c8e1af919a04c8042ecabc8031c16894e17d003fbeb9
              • Instruction Fuzzy Hash: F9E1A174A003589FCB15DF78C8546AEBBF6FF89300F1485AAE849A7351EB309D46CB91
              Function 077AABFA Relevance: 2.7, Strings: 2, Instructions: 204COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 655 77aabfa-77aac0e 656 77aac10-77aac16 655->656 657 77aac17-77aac1e 655->657 656->657 658 77aac1f-77aac3a 656->658 657->658 660 77aac3c 658->660 661 77aac41-77aac4f 658->661 660->661
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Te^q$Te^q
              • API String ID: 0-3743469327
              • Opcode ID: 92b654ec0ed4508f33410352f087f9ea0c28247b0d7f00a83e0885e0dc824722
              • Instruction ID: 32b2859f3c0e3d85c10f6dc05e3648b8ae39b39d300a9181d7f0919e2607f05f
              • Opcode Fuzzy Hash: 92b654ec0ed4508f33410352f087f9ea0c28247b0d7f00a83e0885e0dc824722
              • Instruction Fuzzy Hash: 1D7188B4E053499FEB04CFA9D8846EDBBB2BF8A340F14C16AE448AB365D7345805CF51
              Function 077AAC60 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 759 77aac60-77aac83 761 77aac8a-77aae78 759->761 762 77aac85 759->762 777 77aacca-77aaccf 761->777 778 77aad52-77aad58 761->778 762->761 779 77aad5d-77aad63 777->779 780 77aacd5-77aacd6 777->780 778->777 782 77aad1c-77aad20 779->782 780->779 783 77aacdb-77aadd9 782->783 784 77aad22-77aae4e call 77abb61 782->784 783->782 794 77aae54-77aae5e 784->794
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Te^q$Te^q
              • API String ID: 0-3743469327
              • Opcode ID: a4fcfc6355064b2385c04aa6474fe867305d504cd0032e06e9f632dbf72ca83f
              • Instruction ID: 9cac9154cffca6821b988051444b77b65df0add0fcca77976a27e32b102357f6
              • Opcode Fuzzy Hash: a4fcfc6355064b2385c04aa6474fe867305d504cd0032e06e9f632dbf72ca83f
              • Instruction Fuzzy Hash: 0561F6B4E05209DFEB08CFA9C984AEDBBF6BF89341F10912AD419AB354DB345905CF50
              Function 077A6140 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 796 77a6140-77a6153 797 77a6172-77a6192 796->797 799 77a619a-77a61c5 797->799 803 77a6155-77a6158 799->803 804 77a615a 803->804 805 77a6161-77a6170 803->805 804->797 804->805 806 77a61c7-77a61cd 804->806 805->803 807 77a61cf 806->807 808 77a61d1-77a61dd 806->808 810 77a61df-77a61ee 807->810 808->810 813 77a61f0-77a61f6 810->813 814 77a6206-77a6219 810->814 815 77a61fa-77a61fc 813->815 816 77a61f8 813->816 815->814 816->814
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: 8bq$8bq
              • API String ID: 0-1276831224
              • Opcode ID: d9c836f1c263b72f65f45b60fc7bcb4ed881321d91caa374cac5c7c843500234
              • Instruction ID: e245b3f2538422c542f402dbb84516a5ce0828e42a464fa71ceb8354b723deb2
              • Opcode Fuzzy Hash: d9c836f1c263b72f65f45b60fc7bcb4ed881321d91caa374cac5c7c843500234
              • Instruction Fuzzy Hash: 1D213D74B50204EFE7449F7CD80467A7BBAEBC9391F184A39D606DB385DE708D418B92
              Function 0303AEB8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 818 303aeb8-303aed7 819 303af03-303af07 818->819 820 303aed9-303aee6 call 303a240 818->820 822 303af1b-303af5c 819->822 823 303af09-303af13 819->823 826 303aee8 820->826 827 303aefc 820->827 829 303af69-303af77 822->829 830 303af5e-303af66 822->830 823->822 873 303aeee call 303b150 826->873 874 303aeee call 303b160 826->874 827->819 831 303af9b-303af9d 829->831 832 303af79-303af7e 829->832 830->829 837 303afa0-303afa7 831->837 834 303af80-303af87 call 303a24c 832->834 835 303af89 832->835 833 303aef4-303aef6 833->827 836 303b038-303b0f8 833->836 839 303af8b-303af99 834->839 835->839 868 303b100-303b12b GetModuleHandleW 836->868 869 303b0fa-303b0fd 836->869 840 303afb4-303afbb 837->840 841 303afa9-303afb1 837->841 839->837 844 303afc8-303afd1 call 303a25c 840->844 845 303afbd-303afc5 840->845 841->840 849 303afd3-303afdb 844->849 850 303afde-303afe3 844->850 845->844 849->850 851 303b001-303b00e 850->851 852 303afe5-303afec 850->852 859 303b031-303b037 851->859 860 303b010-303b02e 851->860 852->851 854 303afee-303affe call 303a26c call 303a27c 852->854 854->851 860->859 870 303b134-303b148 868->870 871 303b12d-303b133 868->871 869->868 871->870 873->833 874->833
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0303B11E
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 6b014d9073e0233766601fd09aa94a72376cd5ae42873ad141566d1715f2cdf2
              • Instruction ID: eedb8fa1d1b3ea1b72dd39ea32d43cc6cf07816cfb325e2e69130d1475aa4297
              • Opcode Fuzzy Hash: 6b014d9073e0233766601fd09aa94a72376cd5ae42873ad141566d1715f2cdf2
              • Instruction Fuzzy Hash: F38145B0A01B058FD764DF69D04479ABBF9FF89304F04896EE09ADBA50D735E845CB90
              Function 0776A290 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 875 776a290-776a292 876 776a294-776a29a 875->876 877 776a29b-776a29c 875->877 876->877 878 776a2a3-776a2b6 876->878 879 776a22e-776a243 877->879 880 776a29e 877->880 886 776a353-776a357 878->886 887 776a2bc-776a2cd 878->887 881 776a245-776a248 879->881 882 776a24d-776a26a SetTimer 879->882 880->878 881->882 884 776a273-776a287 882->884 885 776a26c-776a272 882->885 885->884 890 776a2cf-776a2d8 887->890 891 776a2da 887->891 892 776a2dc-776a2e1 890->892 891->892 893 776a2e3-776a2e6 892->893 894 776a358-776a39a 892->894 895 776a2f2-776a314 893->895 896 776a2e8-776a2eb 893->896 911 776a3a3-776a3a4 894->911 912 776a39c-776a3a2 894->912 900 776a325-776a334 895->900 907 776a316-776a31f 895->907 896->895 898 776a2ed-776a2f0 896->898 898->895 898->900 905 776a336-776a34e 900->905 905->886 907->900 911->905 914 776a3a6 911->914 912->911 913 776a3ab-776a3d9 912->913 916 776a3e6-776a408 913->916 917 776a3db-776a3e5 913->917 914->913 919 776a416-776a41e 916->919 920 776a40a-776a40c 916->920 920->919
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f358073e93ff2fef689450335b144dc4121e068986fbacdd7b834e6773eede6
              • Instruction ID: 1910c5cd3763087dc4f9ce4b402053685d39e98b32f1c251466dd0007600e83a
              • Opcode Fuzzy Hash: 7f358073e93ff2fef689450335b144dc4121e068986fbacdd7b834e6773eede6
              • Instruction Fuzzy Hash: 2B3109B1A402418FCB109F29D448AADFFE2EFC6350F1A84AAD849FB366C635DC45CB50
              Function 0303591C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 921 303591c-30359e9 CreateActCtxA 923 30359f2-3035a4c 921->923 924 30359eb-30359f1 921->924 931 3035a5b-3035a5f 923->931 932 3035a4e-3035a51 923->932 924->923 933 3035a61-3035a6d 931->933 934 3035a70 931->934 932->931 933->934 936 3035a71 934->936 936->936
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 030359D9
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 063d26ac060b39de61c80f2db8bbc6445e5aaaf15d7e247e1024118b356d4840
              • Instruction ID: 52eb93315b81544dfd843416461c91ff9926435ef75716902d62b187374a9523
              • Opcode Fuzzy Hash: 063d26ac060b39de61c80f2db8bbc6445e5aaaf15d7e247e1024118b356d4840
              • Instruction Fuzzy Hash: BA41F2B1C01619CEDB24CFA9C9847CEBBF5BF49304F24809AD408AB265DB756946CF90
              Function 03034514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 937 3034514-30359e9 CreateActCtxA 940 30359f2-3035a4c 937->940 941 30359eb-30359f1 937->941 948 3035a5b-3035a5f 940->948 949 3035a4e-3035a51 940->949 941->940 950 3035a61-3035a6d 948->950 951 3035a70 948->951 949->948 950->951 953 3035a71 951->953 953->953
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 030359D9
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 7a6d3a04b3029e159d079173e463a9962f43145012086f666ac8e1342d47538a
              • Instruction ID: b7b3dbca3c57726b8205fa411aaed475ea260e3882cee0c938ed63c94d77b3bf
              • Opcode Fuzzy Hash: 7a6d3a04b3029e159d079173e463a9962f43145012086f666ac8e1342d47538a
              • Instruction Fuzzy Hash: 3441D2B0C0161DCFDB24CFA9C884B9EBBF9BF49304F24809AD508AB265DB756945CF90
              Function 056C679B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
              Download Yara Rule
              APIs
              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 056C6837
              Memory Dump Source
              • Source File: 00000000.00000002.1728017208.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56c0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: DrawText
              • String ID:
              • API String ID: 2175133113-0
              • Opcode ID: fe5fb7fd9f6461c10484e4494692b8345b600fc6f6376758a805aaac310b513f
              • Instruction ID: 20e79495c01910c841e0f86d98552405775e396f5a9a5227fbb8fbd612b5d7fd
              • Opcode Fuzzy Hash: fe5fb7fd9f6461c10484e4494692b8345b600fc6f6376758a805aaac310b513f
              • Instruction Fuzzy Hash: C721C0B5D012499FDB10CF9AD884AEEBBF5FB48320F14842EE819A7310D775A944CFA4
              Function 056C67A0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
              Download Yara Rule
              APIs
              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 056C6837
              Memory Dump Source
              • Source File: 00000000.00000002.1728017208.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56c0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: DrawText
              • String ID:
              • API String ID: 2175133113-0
              • Opcode ID: 72efce32f9e578082db9d0ecd3b983aa02048b5d81224405ccfd552f1c3cf9d2
              • Instruction ID: 1391676ed0bcaa923b617e7ce8ddf052591404321cabb51cc1ae104743b4df9e
              • Opcode Fuzzy Hash: 72efce32f9e578082db9d0ecd3b983aa02048b5d81224405ccfd552f1c3cf9d2
              • Instruction Fuzzy Hash: 9921C0B59012499FDB10CF9AD884AEEBBF5FB48320F14842EE819A7310D775A944CFA4
              Function 0303D0FC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0303D76E,?,?,?,?,?), ref: 0303D82F
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 11e652dbe3b983a051d9d7efe75c2fc0ba0a203132c75cd31cb9a31147af96c8
              • Instruction ID: ea38c706540877499bbe771f62455438f7a13e0b2ac0710f12571bb0401922b6
              • Opcode Fuzzy Hash: 11e652dbe3b983a051d9d7efe75c2fc0ba0a203132c75cd31cb9a31147af96c8
              • Instruction Fuzzy Hash: 4D21E6B5901208DFDB10CF9AD584ADEFBF9FB48310F14841AE918A7310D374A944CFA4
              Function 0776A1D0 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
              Download Yara Rule
              APIs
              • SetTimer.USER32(?,03056428,?,?,?,?,?,?,0776A0B0,00000000,00000000,?), ref: 0776A25D
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: Timer
              • String ID:
              • API String ID: 2870079774-0
              • Opcode ID: 1005f6e93c5ad8d2f95a8f9b49c958a2b24010f84578970465afa8c1f6743df8
              • Instruction ID: aa7fb541a4fbb611b488dcdf013f3bbdc7e2a70bffc135a1c9ae3975470dd75b
              • Opcode Fuzzy Hash: 1005f6e93c5ad8d2f95a8f9b49c958a2b24010f84578970465afa8c1f6743df8
              • Instruction Fuzzy Hash: AB21B0B18083899FCB11CF99C844BCEBFF4AF09310F14849AD458A7252C379A544CFA1
              Function 0303D7A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0303D76E,?,?,?,?,?), ref: 0303D82F
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 3b3d20a7ba4872cbd7247a1fddf8235592af2d88481f3f68320e7d9c41ebe56f
              • Instruction ID: 24342e497a4dbe2c9213d04329a5ae444d7ae04723deffa05ebe4e289101a8b9
              • Opcode Fuzzy Hash: 3b3d20a7ba4872cbd7247a1fddf8235592af2d88481f3f68320e7d9c41ebe56f
              • Instruction Fuzzy Hash: B821E2B5901208DFDB10CFA9D585ADEBBF9FB48320F14842AE958A3310D379A944CFA4
              Function 077688D8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
              Download Yara Rule
              APIs
              • SetTimer.USER32(?,03056428,?,?,?,?,?,?,0776A0B0,00000000,00000000,?), ref: 0776A25D
              Memory Dump Source
              • Source File: 00000000.00000002.1729185015.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7760000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: Timer
              • String ID:
              • API String ID: 2870079774-0
              • Opcode ID: 75de81807c9665bca303716827c9f070055fdae0ac56073c4edab7affb01f9f7
              • Instruction ID: 81103ffde8b9031727ecff921b39d2f75bdbe0287d73d8f99bc3ad7205d63a33
              • Opcode Fuzzy Hash: 75de81807c9665bca303716827c9f070055fdae0ac56073c4edab7affb01f9f7
              • Instruction Fuzzy Hash: 0711F5B58003499FDB10DF99D489BDEBBF9FB48320F10845AE958B7200C375A944CFA5
              Function 0303B0B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0303B11E
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: caca8a171d92a59ceb457940c31ebce3051ba030468857d1ce8bb3c957b61c53
              • Instruction ID: f2993ba3c788cd11a06dd8b3c9189a84d7813650bf83ea679a4eea16b109d177
              • Opcode Fuzzy Hash: caca8a171d92a59ceb457940c31ebce3051ba030468857d1ce8bb3c957b61c53
              • Instruction Fuzzy Hash: E511E0B5C012498FCB10DF9AD844ADEFBF8AF89324F14842AD459A7210D379A545CFA5
              Function 07751640 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 46cccebc76483d325fb9e8e85dc861c9d99bf88d66deb7a964f61e96dbca3b39
              • Instruction ID: e5a57c6bf5e8c9ea0c64928f451cad400f1e4470354440383267b33d13ba3039
              • Opcode Fuzzy Hash: 46cccebc76483d325fb9e8e85dc861c9d99bf88d66deb7a964f61e96dbca3b39
              • Instruction Fuzzy Hash: B081D571A00249DFCB00DFA8D4449EEFBB5FF89310F15856AE805AB361DB70AD81CBA1
              Function 077517B0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 8ce8c2c7661e8a0dd665d31b53b56511c98b28052759a7d0779647e2949402c8
              • Instruction ID: 312e7ea6e8917b18e934d3e09e35cf00e47c99c5219c87c9fba258b2e793b7bb
              • Opcode Fuzzy Hash: 8ce8c2c7661e8a0dd665d31b53b56511c98b28052759a7d0779647e2949402c8
              • Instruction Fuzzy Hash: 8D71F4B5E00249AFCF05DFA9D880ADEBBF6FF48350F10852AE915A3220D771A951CF90
              Function 0775EF70 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 0b7ca9a11fbbd2253eef30cb3c77c105aa1b234602246f72c4f125a6ef274a42
              • Instruction ID: e4e5c786ae6db28f791d7efe0c1ab4b42eda6e7fc026fd5b6ac38d6ce6568053
              • Opcode Fuzzy Hash: 0b7ca9a11fbbd2253eef30cb3c77c105aa1b234602246f72c4f125a6ef274a42
              • Instruction Fuzzy Hash: D141FFB0A052459FDB54DF28C844AAEBBF5AF89240F2885ADE809DB341CF74DD02CB91
              Function 077A0040 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (bq
              • API String ID: 0-149360118
              • Opcode ID: 949830d65fd70dbc848f93a4b0548fa2f0670e4ac55345773cfc0a988fb662e7
              • Instruction ID: f450a82379e87874a224de1c9948ed369e6659920fd7b93c4798b3ee8f440841
              • Opcode Fuzzy Hash: 949830d65fd70dbc848f93a4b0548fa2f0670e4ac55345773cfc0a988fb662e7
              • Instruction Fuzzy Hash: C44192B1A40204AFDB14EF69C4146AE7BE6EFC8241F108D6DE40A9B390EF75DD41CB51
              Function 077A6130 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: 8bq
              • API String ID: 0-187764589
              • Opcode ID: 7104331256f1fd12de2d5f8ef014e7980673e0950e28ba11245bb7ccdd39c676
              • Instruction ID: acb5c7f03e37eb1fa90ac87dc3ce3d68b192bd34a7358b6f9e3c4e2fb8bac183
              • Opcode Fuzzy Hash: 7104331256f1fd12de2d5f8ef014e7980673e0950e28ba11245bb7ccdd39c676
              • Instruction Fuzzy Hash: F7117FB4B14205EFEB409F78D8006797BB6ABC9281F194A3AD206DB382DF748D418B53
              Function 077AC700 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: r
              • API String ID: 0-1812594589
              • Opcode ID: 37c06c6298245ab3dea0d74921b8fe6b721fa162c5d7bfef240e82e285cd0a64
              • Instruction ID: 5e15e442002d3d7e703efe2ee6090d5ae0f809cc44033af5bae541c2ee2fb4fd
              • Opcode Fuzzy Hash: 37c06c6298245ab3dea0d74921b8fe6b721fa162c5d7bfef240e82e285cd0a64
              • Instruction Fuzzy Hash: D321AEB4818108FFDB45CF68C5855EDBFF9FB8E390F20A255D419A6252C7349481CF60
              Function 0775BB68 Relevance: .5, Instructions: 523COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef36a740f7e378213eb7f2fe753cfbf948e62fd2dd2fdb5d9a72a365d95be6a5
              • Instruction ID: a60e152331faf039681215a207e6c3005d7a67a07d48ddf400f680b5e4343e6a
              • Opcode Fuzzy Hash: ef36a740f7e378213eb7f2fe753cfbf948e62fd2dd2fdb5d9a72a365d95be6a5
              • Instruction Fuzzy Hash: A4420270D1061DCFCB15EFA8C8446ECBBB1BF49300F518699D5497B264EB70AAA9CF81
              Function 0775BB58 Relevance: .5, Instructions: 522COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc33d3372b4c22ffedc93a1dfb0ecfdb57f8eca80e7271115e79113586694430
              • Instruction ID: e825a768b0a9f18cbc2c7b45a6a81bb9016db626726bec567e1770c505673539
              • Opcode Fuzzy Hash: cc33d3372b4c22ffedc93a1dfb0ecfdb57f8eca80e7271115e79113586694430
              • Instruction Fuzzy Hash: 264213B0D0061DCFCB15EFA8C8446ECBBB1BF49300F518699D5497B265EB70AA98CB81
              Function 07755471 Relevance: .5, Instructions: 471COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b272bb3ecc9bc938ca33cf383842a4791562d454dd1f9bd48968c7970c9c1dee
              • Instruction ID: f5924fc43e5685315c2f1a9d6516698e482ae6a1daf9358e0ce159a0d139aecf
              • Opcode Fuzzy Hash: b272bb3ecc9bc938ca33cf383842a4791562d454dd1f9bd48968c7970c9c1dee
              • Instruction Fuzzy Hash: 18E183F0B803015BCB16BF7D99A011DA6939FC4690354DCBDA94A9F35ADEE8DC094BD0
              Function 07755480 Relevance: .5, Instructions: 464COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0598e0e0edd40db6b5a920cf857e9a05369f7e674e94f7a42907c18361fe5d73
              • Instruction ID: 4fcaadc41922edeb38f90b4e296afa4f82412d446b162b4a5886ec855294271b
              • Opcode Fuzzy Hash: 0598e0e0edd40db6b5a920cf857e9a05369f7e674e94f7a42907c18361fe5d73
              • Instruction Fuzzy Hash: A8E143F0B803015BCB16BF7E99A011DA6939FC4690354DCBDA94A9F35ADEE8DC094BD0
              Function 07750260 Relevance: .4, Instructions: 360COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a775416d5b458cd0bccaf3c2aeede03b60df2cc659ad4df0eb0d7636b56016d
              • Instruction ID: 6f8a019e2b91b3faf868a68098b4f9dd00e15ed965646e982aa62203153cfc0b
              • Opcode Fuzzy Hash: 0a775416d5b458cd0bccaf3c2aeede03b60df2cc659ad4df0eb0d7636b56016d
              • Instruction Fuzzy Hash: C402B57191061ACFCF11DF68C944ADDB7B1FF59304F118699D859BB221EB70AA89CF80
              Function 07758AD0 Relevance: .3, Instructions: 340COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fba424072d90c4b67839a38ca5dc8e2dd56e1c9cc30768ad0141ecc7f8eb8d8
              • Instruction ID: 80839ffc9b699bc84af814bc85afebdfb724c64768c2c0aed910095207f2d17b
              • Opcode Fuzzy Hash: 7fba424072d90c4b67839a38ca5dc8e2dd56e1c9cc30768ad0141ecc7f8eb8d8
              • Instruction Fuzzy Hash: 96B1DFB1E01309CFDB21EFA4C4546AEBFB6FF89340F218A69C805AB251DB709851CB91
              Function 077A30F0 Relevance: .3, Instructions: 332COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30bbec50bc7078aea8ef66066cbc9439709673342ef2796b9d3589d67d69b02e
              • Instruction ID: e8c1b7010ba697680972fad0e32d359400bf37e7dd63ecf73cfa0ccfc53b74f5
              • Opcode Fuzzy Hash: 30bbec50bc7078aea8ef66066cbc9439709673342ef2796b9d3589d67d69b02e
              • Instruction Fuzzy Hash: 2CF1B871E1061A9BDF10DFA8C854AEDF7B5FF89300F1086A9D549B7214EB70AA85CF90
              Function 0775025F Relevance: .3, Instructions: 324COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25b411987abce9d6693f643b45dac8aef909e8530a8b2d619a160a167c778006
              • Instruction ID: a646f0dc63962bb5fc8a33b04e676c5e08c913b179b04c448a5e06449e3bb186
              • Opcode Fuzzy Hash: 25b411987abce9d6693f643b45dac8aef909e8530a8b2d619a160a167c778006
              • Instruction Fuzzy Hash: FCF1A271D1061ACBCF11EF68C944ADDB7B1FF59304F11869AD859B7220EB70AA89CF80
              Function 077A30DF Relevance: .3, Instructions: 307COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 816c5cc926251d0646cf589155350fb9570f6ecbada8fef8ed73a360bebcd99c
              • Instruction ID: c5513267655fdf5a100e77419b26c59d2aae12411fe32c210862957f906ca504
              • Opcode Fuzzy Hash: 816c5cc926251d0646cf589155350fb9570f6ecbada8fef8ed73a360bebcd99c
              • Instruction Fuzzy Hash: 32E1C971E1061A8FDF10DFA8C8546EDB7B5BF89300F1086AAD509B7214EB70AA85CF90
              Function 077A7ABE Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c214f9dac56010130c7a2a307e09ae47768a846b946189fd9b9c5f960e6fae32
              • Instruction ID: abb48bcf5f2ba2661581026be4b485494a1fca8395f38927019060e8ec445097
              • Opcode Fuzzy Hash: c214f9dac56010130c7a2a307e09ae47768a846b946189fd9b9c5f960e6fae32
              • Instruction Fuzzy Hash: A8B191B0A14655EFEB08CBB8C480ABEBBF1BF86344F148A56E46697281D334DD41CB91
              Function 07751F90 Relevance: .3, Instructions: 252COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a6922ad4225f133852efa218f8db2aa2d23ecf0ea80389fc6229e700e196d0a
              • Instruction ID: fba2f82e7909dd7004ed16233ecf8722ab02ba22e4821e61a4d0e9d31fa29b0e
              • Opcode Fuzzy Hash: 8a6922ad4225f133852efa218f8db2aa2d23ecf0ea80389fc6229e700e196d0a
              • Instruction Fuzzy Hash: 07919471E04648DFCB06EBB8C844AEDF7B2FF89300F14865AE555AB351EB749981CB81
              Function 0775CC40 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8efea12ab8bcb6d63fe57d72139e38377fd43ed175cd401433a31a8f2647f3c4
              • Instruction ID: 140f3af454288685ac41ee3abd00454bcbf57f51427fc54c793b6df49932e51b
              • Opcode Fuzzy Hash: 8efea12ab8bcb6d63fe57d72139e38377fd43ed175cd401433a31a8f2647f3c4
              • Instruction Fuzzy Hash: 98A1D275910619CFCB11EF68C840A9CFBB1FF49314F05C699E949BB211EB30AA99CF90
              Function 07752DB1 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fb55c17eb98ae2b29bcc3f4933c5671d20d03102f830e8775dc60ff2def351f
              • Instruction ID: 5d4171cd1cdffa3f94498b7376640976be1c189b99c5d9a7879762b5260de711
              • Opcode Fuzzy Hash: 5fb55c17eb98ae2b29bcc3f4933c5671d20d03102f830e8775dc60ff2def351f
              • Instruction Fuzzy Hash: 75A15D74900759DECB21DF64C850BEEBBB1FF89300F14859AD848A7251EB71AE86CF91
              Function 077579A0 Relevance: .2, Instructions: 211COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e301f602867b47ee223333a63cad1d8d97d994ec5cf1bc69136ba85a55bd6bb
              • Instruction ID: def26f534b0ce0c220eb66e8446acdd51baf182493065ec2a422b8f83c8c8714
              • Opcode Fuzzy Hash: 6e301f602867b47ee223333a63cad1d8d97d994ec5cf1bc69136ba85a55bd6bb
              • Instruction Fuzzy Hash: 5191F5B4A0060A9FDB15CF68C980ADEB7F6FF48350F148969E925A7350E770EA50CB90
              Function 07758F90 Relevance: .2, Instructions: 210COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ecd7a1827e78fc463ad5d3a5f90a0b892913b15c7c186fe463b2b88d32521bb9
              • Instruction ID: d6ab299d75be324fabe0f5c377cd615bbf3d34c0ccdc1a5b55e496aa140f0269
              • Opcode Fuzzy Hash: ecd7a1827e78fc463ad5d3a5f90a0b892913b15c7c186fe463b2b88d32521bb9
              • Instruction Fuzzy Hash: 8881E371A10209DFCB04EFA4D8589EDBBB5FF89340F148969E502AB364EB70A945CF90
              Function 077A2380 Relevance: .2, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a7c1d8ab0b7611d15fb53e7942b01547503ec4c0d53b6c2e7f740e3df573ac7
              • Instruction ID: f1ecdfe1d7f1c76ac0a8c20d984261ebfaad1679b268a4846809ab65edb7c703
              • Opcode Fuzzy Hash: 5a7c1d8ab0b7611d15fb53e7942b01547503ec4c0d53b6c2e7f740e3df573ac7
              • Instruction Fuzzy Hash: 6C81B1B0E10219EFDF04EF68D4586ACBBB0FFC5340F104569D445AB2A5EB30D9A5CB41
              Function 07750C40 Relevance: .2, Instructions: 204COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa24823a4a4bf374dbe565b4715bb74f45e9089bb3ea3f9ee40013b1f5dcec7a
              • Instruction ID: 0ad59bc5fe9d0724f0cd49a18bea9043f275f38c491d073694790eab47e439fb
              • Opcode Fuzzy Hash: fa24823a4a4bf374dbe565b4715bb74f45e9089bb3ea3f9ee40013b1f5dcec7a
              • Instruction Fuzzy Hash: 04911971E0060ACFCF10DF68C854ADDB7B5FF49340F1086A9D949AB265EB71AA85CF90
              Function 0775CBD8 Relevance: .2, Instructions: 203COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c52cec361921b25449e3915dbea659e70a87edf9b867583185b0b7e7e4b47e28
              • Instruction ID: a6570f450be9564a9f5f5e3c419d1eb3b56ebba57dbfcdd1702c326f188870c1
              • Opcode Fuzzy Hash: c52cec361921b25449e3915dbea659e70a87edf9b867583185b0b7e7e4b47e28
              • Instruction Fuzzy Hash: 5A91397191071A8FCB15DF68C844B99BBB1FF4A354F05C699D809BB311EB70A989CF90
              Function 077A7B5B Relevance: .2, Instructions: 196COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8661c1cf123af5d2605d4da26607853000d4967f1cde447e865484fe1341bb02
              • Instruction ID: 8907d5b21042d780c13d9157cdcd937f76d8fa73297dbbb0b13b0da68e9646b8
              • Opcode Fuzzy Hash: 8661c1cf123af5d2605d4da26607853000d4967f1cde447e865484fe1341bb02
              • Instruction Fuzzy Hash: 8681A3B0A042599FDB08CFA9C4906AEBBF2BF85340F108AA6E056EB355D734DC41CB91
              Function 077AC623 Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bc5539fd65da64396535523898580ef71d1cfdbeb4df7fb1b87f1f389e4801c
              • Instruction ID: 81ca159d72372026c7fba016e3de31fd1497889514c933b29d8d582956661baa
              • Opcode Fuzzy Hash: 3bc5539fd65da64396535523898580ef71d1cfdbeb4df7fb1b87f1f389e4801c
              • Instruction Fuzzy Hash: 89714FB4914105EFEB05CF69D5848EDFBBABF8E381F14D255E515AB202D730A981CFA0
              Function 0775F1E0 Relevance: .2, Instructions: 180COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ebbb8e291cce650bddfdb48704f2c2edc00b9425ce43c6100e560d59021cdfc
              • Instruction ID: 1cfd81eb76fa9aa9ca248f367feb46eead1ea63f23dadab2bf69921a1ed1c4eb
              • Opcode Fuzzy Hash: 4ebbb8e291cce650bddfdb48704f2c2edc00b9425ce43c6100e560d59021cdfc
              • Instruction Fuzzy Hash: 8381E874A00345CFCB05DFA8C598998BBB1FF49304F1585A9D809AF36ADBB5E949CF40
              Function 077A8290 Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4089af22e9305e8e7a0ced5fefb238de124122d76531cad1c364080645083035
              • Instruction ID: 3a9b3a69953d433fa355598ed53852793189bdaa3dfe8bf276ee55ff0e3838f1
              • Opcode Fuzzy Hash: 4089af22e9305e8e7a0ced5fefb238de124122d76531cad1c364080645083035
              • Instruction Fuzzy Hash: 966129B0E05241AFE7268B69C84067EBBE1AFC6350F1487ABE155DB2D2D734D842C753
              Function 077A7BE9 Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b25acccc1162dabdf4b9a5928545978508d321b754280879fac42f1166cd7ab
              • Instruction ID: e61e299de193cccb309c739bd06d34cb3f11c47fe98319ac8a6c3ce581bf78df
              • Opcode Fuzzy Hash: 5b25acccc1162dabdf4b9a5928545978508d321b754280879fac42f1166cd7ab
              • Instruction Fuzzy Hash: BA6180B0A04259AFDB08DFA9C4906AEBBF2FF86340F14CA55E056DB255D734DC42CB91
              Function 0775CC30 Relevance: .2, Instructions: 172COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44ff2c88dea7d2fc2d315da5607cfe6a78f74f1ecaea8354e6845add792a59ec
              • Instruction ID: 279b88a538213389a29b1e6956ebabc58d6b233f876c497420ff7e1a7c112005
              • Opcode Fuzzy Hash: 44ff2c88dea7d2fc2d315da5607cfe6a78f74f1ecaea8354e6845add792a59ec
              • Instruction Fuzzy Hash: 0B71057591061ACFDB11DF68C940A99BBB1FF49314F05C699E809BB311EB70AA89CF90
              Function 077A73F7 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11c9390f7b7a2d3cfdef80cc9bbdb7afc34bb8f745ab5cb629d4be8887173be0
              • Instruction ID: 5ea9044eb78544ea742e151d594234f04e65d7a6fdbe082d83caf32e2ac05f21
              • Opcode Fuzzy Hash: 11c9390f7b7a2d3cfdef80cc9bbdb7afc34bb8f745ab5cb629d4be8887173be0
              • Instruction Fuzzy Hash: 1151E8B1F00145ABEB08DFA9C8917BEBBB2BFC5750F108626E955A7384DB3498418BD1
              Function 077A4F1B Relevance: .2, Instructions: 157COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3be545b13f3156f0cfdec085594ec5bf6b1ee33ad20293eaf74efb6489227c24
              • Instruction ID: 55f9d8228a05d56bed4580302843b4a75bfeea13796b472798451aa3de0e285a
              • Opcode Fuzzy Hash: 3be545b13f3156f0cfdec085594ec5bf6b1ee33ad20293eaf74efb6489227c24
              • Instruction Fuzzy Hash: 4451E331B04244AFDB01AF74D4456ADBBB2BF89300F14C9A9DC856F295CF746D49CB81
              Function 077A4F28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1cdea9b721a4cc9f1483908239e41240b6888ac86f5a4c82d8c86a1e8d66193
              • Instruction ID: 0d7a0b17f3fc7ccc208c8ffe6f54c3ed3f0e0ab1f02103a06a0ee98ad5bed75f
              • Opcode Fuzzy Hash: f1cdea9b721a4cc9f1483908239e41240b6888ac86f5a4c82d8c86a1e8d66193
              • Instruction Fuzzy Hash: 2151B131B00144ABDB04AB78D445AAEBBB2BF88300F14C9A9DC956F399CF746D49CB81
              Function 0775E4B8 Relevance: .1, Instructions: 147COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5821b4da25be1c9819e957693b6697831c8faad8fd0037ba07a85c2ad4d3af6b
              • Instruction ID: 65855f92fec454a122eaaaba04fd37f180d27b018fb22e25a0e6a930ca4cd199
              • Opcode Fuzzy Hash: 5821b4da25be1c9819e957693b6697831c8faad8fd0037ba07a85c2ad4d3af6b
              • Instruction Fuzzy Hash: 08510E71E1060ACFCB00DFA8C8948ADF7B5FF89354B109669D816BB314EB70E985CB51
              Function 077529E8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a62ee8f2047cbf75a33a3d607d4b8921b1b85d77a8701d70b3110796e655962
              • Instruction ID: 41be66674630f399f9bebd656ed183666b8adb27a483cf2974103d6e59daa9cd
              • Opcode Fuzzy Hash: 3a62ee8f2047cbf75a33a3d607d4b8921b1b85d77a8701d70b3110796e655962
              • Instruction Fuzzy Hash: 3D41BFB4B042058FCB24EF68C4506BEB7F6FFC9350F144869D8199B361DB789946CB91
              Function 077A41C8 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8434d9cb6918d828be4a1cbc48a7a65ae95318c622790cd7331290eaa5b3d64e
              • Instruction ID: 07d5e3660caca3d1bca729909113c2486befc5e7426f810387fcf0087c9c7215
              • Opcode Fuzzy Hash: 8434d9cb6918d828be4a1cbc48a7a65ae95318c622790cd7331290eaa5b3d64e
              • Instruction Fuzzy Hash: B6418FB0B01246EFEB54DF68D848A6EB7B6FFC5341F108669E402D7390DA71D841CB51
              Function 077A3E68 Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfdf0e9e1d257a0a9efd0cfc39b41b7380e137e09ae4809aa9c05763c6927fa7
              • Instruction ID: 1f9fe6e238f05ea600b636e9c0ea0a3e54cf442cf004c1a625bcb9043b22dcc7
              • Opcode Fuzzy Hash: dfdf0e9e1d257a0a9efd0cfc39b41b7380e137e09ae4809aa9c05763c6927fa7
              • Instruction Fuzzy Hash: B5519575B10609DFCB00EFA8D4849EDF7B5FF89300F00866AE545AB320EB70A945CB91
              Function 0775B15C Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec4ce6e12c5cb00770915aa09e26ead449b4c1a474b70de734da45c02158a2c2
              • Instruction ID: da45dfbe7252540882fdd7293ab1f1fa3b5a98265cd18159a365432fc15d33ae
              • Opcode Fuzzy Hash: ec4ce6e12c5cb00770915aa09e26ead449b4c1a474b70de734da45c02158a2c2
              • Instruction Fuzzy Hash: D44185F1E1415BDFCB02AF65C8596FA77B0EB45380F504825DC42E72B4FBB4C9108A91
              Function 0775E4A8 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93ad30aec64a2f6ad0893bf7e7d4c413ea5d7c44f0ca4fc6d43a9731b3eec025
              • Instruction ID: 74acead93997d7139255652aa554c63a00add347df0269b4bd5faa254340f85c
              • Opcode Fuzzy Hash: 93ad30aec64a2f6ad0893bf7e7d4c413ea5d7c44f0ca4fc6d43a9731b3eec025
              • Instruction Fuzzy Hash: 33414DB5A0060ACFCB14DF64C8844ADF7B1FF89354B149A69D816FB311EB74EA85CB41
              Function 077A0370 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b177d56acf655c2a4108cb2ef1f092f86e01f3b9b82350147d39eddd0169c0d5
              • Instruction ID: 27abd1071b53c199a96430b08f8331415cd04b7931a9efba2be16c2445556f9e
              • Opcode Fuzzy Hash: b177d56acf655c2a4108cb2ef1f092f86e01f3b9b82350147d39eddd0169c0d5
              • Instruction Fuzzy Hash: 2D4160B0E00209DFDB15DF68D1986ADBBF2FF89345F148969E405AB261DB71DC82CB50
              Function 077A2170 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66b686dbf8a3a0509002b0c3007e4cfa77279d7d18001720e7f17f00e7ad4cfc
              • Instruction ID: cfec6b2f49c4dafb5f8fbcf7342195def855b50aca7e3163c75ea8013c33b008
              • Opcode Fuzzy Hash: 66b686dbf8a3a0509002b0c3007e4cfa77279d7d18001720e7f17f00e7ad4cfc
              • Instruction Fuzzy Hash: 5C416D71A00205AFDB04DFA8D854A9DB7B2FFC9350F158669E401BB3A1DB70ED41CB90
              Function 077545E8 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebafc5ee507925c924096dc8582995ce3190896c72c6b9dc8b0d1ab9439ebf17
              • Instruction ID: a4fb72ebaab7b62a837b9ebed068fdb024a9bf0ca1345dc0997b5a0ff6ba31db
              • Opcode Fuzzy Hash: ebafc5ee507925c924096dc8582995ce3190896c72c6b9dc8b0d1ab9439ebf17
              • Instruction Fuzzy Hash: BD41CEB0B002828FCB04EB68C448AADBBF5EF85655F0405AAE805DB371DBB0DC85CB91
              Function 0775B947 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b002467ecbc7514163bb8fe3dac1bf71a6ad74782bac23eb964eaa038e39e5b1
              • Instruction ID: 66f37ed2b3c9a2c700755145e8aefaae0175c5d996a803f3f7d955d65367b3a7
              • Opcode Fuzzy Hash: b002467ecbc7514163bb8fe3dac1bf71a6ad74782bac23eb964eaa038e39e5b1
              • Instruction Fuzzy Hash: 0941B4F1E14257DFCF02AFA5C8596F97BB1AF452C0F504866DC42A72B5EBB48A10CB81
              Function 077A2180 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13b96504eedf92f71a4c2db9413870b4ca6caa8ce99de9be13dc104e0d69e377
              • Instruction ID: a5917bb6009b9cc8f6ea12f3bd1610e1dc1a05c872c272df43e273f7b7dbce01
              • Opcode Fuzzy Hash: 13b96504eedf92f71a4c2db9413870b4ca6caa8ce99de9be13dc104e0d69e377
              • Instruction Fuzzy Hash: 05416C70A012099FDB04DFA8D854AADBBB2FFC9350F158669E401BB3A1DB70DC41CB51
              Function 077A52D8 Relevance: .1, Instructions: 109COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f5a36ad596524a5eb30605e739deaf7a97e7281c41abd3d79071ae1398da96c
              • Instruction ID: 39b0dedc4f26b2e3b350fccb2e867eb81acbedf3b878a15cdfee675b902988f7
              • Opcode Fuzzy Hash: 3f5a36ad596524a5eb30605e739deaf7a97e7281c41abd3d79071ae1398da96c
              • Instruction Fuzzy Hash: 2E41C4B0D15208EFDB08DFA9C59455EBBB2FF80305F24DAAAD0165B365D734CA09CB82
              Function 07750C31 Relevance: .1, Instructions: 109COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2a8409d353da412caebae09cd7ddd7a26f86ccf5983fe2150e651481e77abec
              • Instruction ID: dda15a46c22d9d82d2334ac0e1a6a49f11dc2849754cc9fec07ca3f93e1fcc59
              • Opcode Fuzzy Hash: c2a8409d353da412caebae09cd7ddd7a26f86ccf5983fe2150e651481e77abec
              • Instruction Fuzzy Hash: BA418F71A00309CFCB24DF68C8446D9B7B5FF89340F1486AAD949AB251DB70AE84CF90
              Function 0775B7F0 Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 02c88aed298ca84d7390966ba2e13047dafe06c73c8324db6c09549bee629749
              • Instruction ID: 5ce25c291fc6bf7527230fb2ba54ef08c5e97270523150bd82ea7187c5f09b93
              • Opcode Fuzzy Hash: 02c88aed298ca84d7390966ba2e13047dafe06c73c8324db6c09549bee629749
              • Instruction Fuzzy Hash: 2441F7B1905348CFCB11EFA8C954AEE7BB1FF46340F04896ED445AB260DB74A949CBA1
              Function 0775A988 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b98039700c8f277eb0367c3389dd4923c671f6800ad78a81712762de078643c
              • Instruction ID: c52925c1320d86254d18a09f3ab435ec87a344c6e07638d538889f121b3aade9
              • Opcode Fuzzy Hash: 6b98039700c8f277eb0367c3389dd4923c671f6800ad78a81712762de078643c
              • Instruction Fuzzy Hash: DF4179B0E04218DFEB119FA5D9848ADFFB2FF84340F228169D4057B256CB7188A1CF45
              Function 077A514E Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2297f774534f16029468b7387435867eebe2d368bd0cfe5837ea3fa9071fe24c
              • Instruction ID: b3dce9d1aa9db53c683404c0dd30549e6b7aa4b41db551c9d6c589fae5503a3f
              • Opcode Fuzzy Hash: 2297f774534f16029468b7387435867eebe2d368bd0cfe5837ea3fa9071fe24c
              • Instruction Fuzzy Hash: 9931F2B07193844FE712977898293293FF1AB87251F094AABE042CB2E7CD788C45C762
              Function 07751784 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4574820d8fa5f3f16ca75aa89d84bc743cf600227bd357e800f6c055c2285d76
              • Instruction ID: 155a970c65955de95a0efb1b51b07b94e2f5b4184be86e0ac636e4951688be38
              • Opcode Fuzzy Hash: 4574820d8fa5f3f16ca75aa89d84bc743cf600227bd357e800f6c055c2285d76
              • Instruction Fuzzy Hash: 90315EB1900209AFCF10DFA9D844ADEBFF5FB49394F10842AE909E7220D775A944CFA5
              Function 0775F000 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6712502af6916818f5a0e4c7ed34f5576062d47971d0d43ccebfa3a5d1b39282
              • Instruction ID: ac0ecf7f5bba02601fc655377059f44e138279abde2b87603b6afe3ac640b73f
              • Opcode Fuzzy Hash: 6712502af6916818f5a0e4c7ed34f5576062d47971d0d43ccebfa3a5d1b39282
              • Instruction Fuzzy Hash: E43191B0B11209DFDB54EB68D548AAE7BF5FF88340F148469E80AE7240DF74D901CB51
              Function 077A4018 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f7016107af7900f6b3f3e6f5ca09540ea860f50594eb28a82e2f4a0dca9e821
              • Instruction ID: 9acbe44d262bface157a23030576725115bb3fd9777526ffcd1686b1bf17a1b1
              • Opcode Fuzzy Hash: 3f7016107af7900f6b3f3e6f5ca09540ea860f50594eb28a82e2f4a0dca9e821
              • Instruction Fuzzy Hash: 393182B1E00219EFDB14EFA8D4445AEBBB6FFC4350F10866AE405AB324DBB19845CB91
              Function 07751820 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5bf501767b34697802040e670b7b4b7f6b336791f7696276bcbff979f3dd8d8
              • Instruction ID: 451f0a54e90be599b111e69928fc83e6323addb43c50ebb09944b7567dc38e6c
              • Opcode Fuzzy Hash: b5bf501767b34697802040e670b7b4b7f6b336791f7696276bcbff979f3dd8d8
              • Instruction Fuzzy Hash: 6C317AB1900259AFCB11CF98C884AEEBFF5FF49324F14846AF914A7260C775A954CFA1
              Function 077A41B7 Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e59bcba84915e95b8f6e1c064445669848dad2def9ffab409a3365d7d2fcc36a
              • Instruction ID: c4da61234ba61ef976442a8c6bb258a527e2ad00fd64f1ad9522056b6705acc0
              • Opcode Fuzzy Hash: e59bcba84915e95b8f6e1c064445669848dad2def9ffab409a3365d7d2fcc36a
              • Instruction Fuzzy Hash: 7731E4B5B01282AFEB28DF68D9086AD7BF2BFC5340F14466DE405D3281CFB58804CB55
              Function 0775A6C8 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 980d688a848feea6e19e39c644fda2a6d6161303f60fe966fb894263c772af63
              • Instruction ID: 83d6e3131bd9f9052df0f64a995103e9b47c21d9635d5fa164c5423d1160b381
              • Opcode Fuzzy Hash: 980d688a848feea6e19e39c644fda2a6d6161303f60fe966fb894263c772af63
              • Instruction Fuzzy Hash: 2D317CB5A001098FCB10DFA8C944AEDBBF1FF49210F258AAAD505EB361DB759E00CF60
              Function 07757548 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85f9ab6252e2cc153199d9f5ca51de94c5aecd74d540d105d3d8722540b7aa02
              • Instruction ID: 1847868eec382169cdf32671224854fe97053f9f0e4f43302f84d1f327559ec7
              • Opcode Fuzzy Hash: 85f9ab6252e2cc153199d9f5ca51de94c5aecd74d540d105d3d8722540b7aa02
              • Instruction Fuzzy Hash: 79310075E006199FCB05DFADD8848AEFBF5FF89310710816AE919EB321D7309915CBA1
              Function 07750929 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6f6b9c745a09a26d8b38509fcb35447eec2219f04c3f33cd377a707f8bbd56f
              • Instruction ID: 7081bfe9aa22ed4a45304ae4f1ffd2af3ed06e2e9b4fb835aacbe11dd1350228
              • Opcode Fuzzy Hash: b6f6b9c745a09a26d8b38509fcb35447eec2219f04c3f33cd377a707f8bbd56f
              • Instruction Fuzzy Hash: FE312A75A106199FCF04EF68C884CDDBBB5FF89314B0186A9E505AB364EB70A949CB90
              Function 07752961 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a427971eb35ed100189a92c226a376c09be6a79aa8815db59b08d0d20034ba5
              • Instruction ID: a0fe3541d0e77b94e8334d8cbe2649d77a6258bc3491d5c0bb2e57209acc0465
              • Opcode Fuzzy Hash: 3a427971eb35ed100189a92c226a376c09be6a79aa8815db59b08d0d20034ba5
              • Instruction Fuzzy Hash: 532133F57042058BCB14AB78A4146BD77E6EFC56E1B0844BADC05CB362CFB49C0187D6
              Function 07757460 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff449c67e50c5c4b576aee1035b0252fca08c0d3c62cd4c3853091b5784ebaa5
              • Instruction ID: c61d7ab58dbe01725404563b3cab48f913a4593412b4ccbaaa363430157e39d0
              • Opcode Fuzzy Hash: ff449c67e50c5c4b576aee1035b0252fca08c0d3c62cd4c3853091b5784ebaa5
              • Instruction Fuzzy Hash: 882138B67007114FEB38CB28C4915BE7BE6EBC4354B28886AD542D7754C678ED81C7A1
              Function 07750938 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 938cca0cf6bd49ec0015a1aa8bbbb317f3d103254d54dc74bff3ff5eb9dfc789
              • Instruction ID: ebd11a45df0f35e167ed04d726fac2fe45fd26775a7b3cbb7d71276eac7dd302
              • Opcode Fuzzy Hash: 938cca0cf6bd49ec0015a1aa8bbbb317f3d103254d54dc74bff3ff5eb9dfc789
              • Instruction Fuzzy Hash: F0310835A106199FCF04EF68C884CDDFBB6FF89314B0186A9E5056B364EB70B949CB90
              Function 077A0088 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5619839dd3e1a987fd2bb1ab42d5d8136a4d944d1286ecf6c80eb00428e36bee
              • Instruction ID: f3fcdcc42bc080f14146601c088f15ad7716a41c47a4351671c8f1636db9dce2
              • Opcode Fuzzy Hash: 5619839dd3e1a987fd2bb1ab42d5d8136a4d944d1286ecf6c80eb00428e36bee
              • Instruction Fuzzy Hash: BA316CB0A40205EFEB10DF64C898BAEBBF6FF89740F108D1DE4169B690EB759901CB50
              Function 0775E79F Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9c3e481bd2098a822a85fbe4d217611786c3ed55f5b24d0bdbcd42502c1ec59
              • Instruction ID: 05bdc3e8276887081b51ea3ecde8797cd8f34f753bb5e1bbbf317fde95511c89
              • Opcode Fuzzy Hash: e9c3e481bd2098a822a85fbe4d217611786c3ed55f5b24d0bdbcd42502c1ec59
              • Instruction Fuzzy Hash: 75314335A10609DFCB04EFA8D894CEDBBB5FF89300F018699E5057B264FB70A949CB91
              Function 0775ED80 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec2e90d4488385255f6dbeb8c5f733c5731875afefdbae3f767ed8b3a553465
              • Instruction ID: 82df10c41f0ee962d0c29920676887f7fe9b385d5bfa6c361d522fa2b7d0577c
              • Opcode Fuzzy Hash: cec2e90d4488385255f6dbeb8c5f733c5731875afefdbae3f767ed8b3a553465
              • Instruction Fuzzy Hash: D4317F71E10619DFCF14EFA9D85499DBBB6FF88350F10852AE405AB320DBB09985CF91
              Function 07758AC0 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5758e5e5cc17bf9eaed39eb2e7bca7369efc280c0d4b97dc04cd06db0eb37af
              • Instruction ID: 796d292b94b0515bbfab3f8a96770414a52b5aafad76c321b3b4b352d9c36747
              • Opcode Fuzzy Hash: f5758e5e5cc17bf9eaed39eb2e7bca7369efc280c0d4b97dc04cd06db0eb37af
              • Instruction Fuzzy Hash: 4821B5B0E10216C7CF126B64C8941BABF70EF42280F528A79C846B7244EB75E911CB91
              Function 07758F81 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb7cd57cb7fd658475cbc46d396f0b39d4f9aaf9e4a65c7e547ae9415a18e622
              • Instruction ID: e3d09c2615f5e90045c1267eafb1b13f22f918c3cf2269e5f5b22cdf56df2620
              • Opcode Fuzzy Hash: eb7cd57cb7fd658475cbc46d396f0b39d4f9aaf9e4a65c7e547ae9415a18e622
              • Instruction Fuzzy Hash: 2B31E5B5A10605CFDB04EF64C854AEDBFB6FF89340F048959D906AB360EBB4A945CF80
              Function 077536B8 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24691b947c69c45779dfe3221fdd53d1d31572bd2369956800b45db55dc5d23b
              • Instruction ID: 9f1efde9f31f87be964cf5f0c6262bfa9a566fb22964db90d0da49fae491a818
              • Opcode Fuzzy Hash: 24691b947c69c45779dfe3221fdd53d1d31572bd2369956800b45db55dc5d23b
              • Instruction Fuzzy Hash: 2F31B2B6E00219AFCF01DFA8D9809EEBBB6FF4C350B14452AE914A3220D7719955DF91
              Function 077AA4CF Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1d0c3a15687080feb2ae883695dc62dba1db69c5617bd355d7aa1579204a41b
              • Instruction ID: 76db628ef7839dde0b2c703efd6778473d1c61773fff73d512b982cd669b6f44
              • Opcode Fuzzy Hash: b1d0c3a15687080feb2ae883695dc62dba1db69c5617bd355d7aa1579204a41b
              • Instruction Fuzzy Hash: 4F3180B490A205DFEB10CF69C484AADFBB6FF8A340F16D3A6D409A7212D7709984CF55
              Function 0775E6C0 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d078dd8f0d2ea823c2b1f289b4ed8b7d24f19227e73edf6e6811f198d17c4c1d
              • Instruction ID: ba5db63b21010421233c2a3eebcfffd8352cbd891196f521a446032cae919c8b
              • Opcode Fuzzy Hash: d078dd8f0d2ea823c2b1f289b4ed8b7d24f19227e73edf6e6811f198d17c4c1d
              • Instruction Fuzzy Hash: 80314D75E10609CFCB00EFACD8449EEBBF5EF8A300F10856AD555EB210EB70AA45CB91
              Function 07757470 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a7d34ab12d91e3eec2c184bdf8e5d010086489cad2e721433a6b065afb1e533
              • Instruction ID: 16a41b0551c5d7945911ca411c2017959a6eb537f67476faade50cd903333080
              • Opcode Fuzzy Hash: 7a7d34ab12d91e3eec2c184bdf8e5d010086489cad2e721433a6b065afb1e533
              • Instruction Fuzzy Hash: 2721D7B67006114FEB28DB29C48197E77EAEBC4350F288429E546D3754D678FD8087A2
              Function 077AC62D Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9346a9e29f8b723b1dc6e1ae8a555ad215679fe3fd4207ec5f12fab49edb1644
              • Instruction ID: b72516c7b88faf1916487400489eb5caae1da0d5b88cbe91e8bad95c52e30b4f
              • Opcode Fuzzy Hash: 9346a9e29f8b723b1dc6e1ae8a555ad215679fe3fd4207ec5f12fab49edb1644
              • Instruction Fuzzy Hash: 82217CB4E14208BFEB49CF6AD5445EDBBF6AFCE390F10D166E914AB211D7345940CBA0
              Function 0775740E Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3576b7d8a8c2671082aa7d4a0bb0fcb2782474f3c449bdf75c1858020b2d31f
              • Instruction ID: 3ecd026d09aae43d7e69edc92016da4a0e65d07ff04c170de2687dced570cff9
              • Opcode Fuzzy Hash: b3576b7d8a8c2671082aa7d4a0bb0fcb2782474f3c449bdf75c1858020b2d31f
              • Instruction Fuzzy Hash: 692157BA7007114FEB29EB28C4806BE77F6FFC0314F28886AD442D7654D674E980C7A2
              Function 0775E7B0 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8b2733509a1ffe183ee1205c4f8478a101d45b708c96138e8dd8aaa68fde88c
              • Instruction ID: 2ffce9a0b9e6baed08b1e510aea55302bfda19f965351562553e468387371473
              • Opcode Fuzzy Hash: e8b2733509a1ffe183ee1205c4f8478a101d45b708c96138e8dd8aaa68fde88c
              • Instruction Fuzzy Hash: B9311231A10609DFCB04EFA8C494CEDBBB5FF89310F018659E5056B224FB70A949CB91
              Function 07754658 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e66e3b94f6a10d08b7fa7c55fbbf1d60aa77e6d305d96c01f5128f966e6d9143
              • Instruction ID: fdf030f7b66abd734d402f8c911804e55355bfb3a8fb8695596a55cdac036ace
              • Opcode Fuzzy Hash: e66e3b94f6a10d08b7fa7c55fbbf1d60aa77e6d305d96c01f5128f966e6d9143
              • Instruction Fuzzy Hash: 30216070B00645CFCB04EB68C448AAEBBF6EF89254F14459AD415DB371DBB0DD85CB91
              Function 0775183C Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adb3f5e6ac7449825452885b76ccfceeccccd0db25c004e16a6e8acbaa68d09e
              • Instruction ID: fad1304eb359c2b8f5d359585a17508d2f0a75dc8a89f1a36e514f972dcf013c
              • Opcode Fuzzy Hash: adb3f5e6ac7449825452885b76ccfceeccccd0db25c004e16a6e8acbaa68d09e
              • Instruction Fuzzy Hash: C33112B5900209EFDF55CF99C884ADEBBF5FB48364F108429F918A7220C775A850CFA0
              Function 0775DE30 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d39518bcd7db8cf21206e19dfa9f36dff6a9902d6127848be30e92c7e051a8a
              • Instruction ID: b55eff6381df91a5473cfaa276aa52bf1970f4eaefe3db9514c6abd101d8d961
              • Opcode Fuzzy Hash: 7d39518bcd7db8cf21206e19dfa9f36dff6a9902d6127848be30e92c7e051a8a
              • Instruction Fuzzy Hash: 5C219071F006098FCB54EFA8C4846ADBBF4FF88250F00466AD819E7250EF709985CB81
              Function 077581E0 Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a087979a84a574a4cd6a35d8b8410ec4f952128022f57cce58ce3d866f855eea
              • Instruction ID: e2dec00cfc5cf8dbf52301cd6e613b14f5c18751f95b7fb55e917453bfef9a16
              • Opcode Fuzzy Hash: a087979a84a574a4cd6a35d8b8410ec4f952128022f57cce58ce3d866f855eea
              • Instruction Fuzzy Hash: 7621D0B0301B018BD3259B79855443A7BEABFC92847584C6DCD43CB3A4EFB5E806C712
              Function 02E8D4C4 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724527219.0000000002E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E8D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e8d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55cf2c148c94791f376dbaf5ebd1e379a9828e193eb2185b96ea502e4c00291b
              • Instruction ID: 2a68e7c60a138602a39a083d59ff98f71eef1ac0b3961aa7a9bdbfd6917f2269
              • Opcode Fuzzy Hash: 55cf2c148c94791f376dbaf5ebd1e379a9828e193eb2185b96ea502e4c00291b
              • Instruction Fuzzy Hash: 7621D371584240DFDB05EF24D9C0F27BFA5FB88318F24C56AE98D4B296C336D456CAA1
              Function 07759598 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 179df27e94f670ac07bd08b324bfca74d85817a10f13d30301833d874b4e3303
              • Instruction ID: 534bb4acac5a77beaad891624a25fd2e1fa3567bd8662a0037fece05fa676209
              • Opcode Fuzzy Hash: 179df27e94f670ac07bd08b324bfca74d85817a10f13d30301833d874b4e3303
              • Instruction Fuzzy Hash: C52146F1D01349DFCB10CFA9D984AEEBBF4EB09354F24882AE914A7201C775A905CFA4
              Function 077AE278 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 016947136c7c93c5b50dc9bf7f883e06793b9711a8f9a8e699b89222a9d239ca
              • Instruction ID: 35769c3e809fbb0f21f80cb7632a3b82e21b5de48b5ceba22b3aab2503fabfa5
              • Opcode Fuzzy Hash: 016947136c7c93c5b50dc9bf7f883e06793b9711a8f9a8e699b89222a9d239ca
              • Instruction Fuzzy Hash: D3319CB0995100DFDB90DF68E48A9AC7BF4FB49381F54E168E40AAB292DB746C50CF02
              Function 077A2F4B Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cd0160284101317da53be7526b1eb29f70c9b202948528381418ca7a26eb6db
              • Instruction ID: a971f9ffe336ed2285ca89aab74acb40c8391143a84048c70c7f724740574dbe
              • Opcode Fuzzy Hash: 0cd0160284101317da53be7526b1eb29f70c9b202948528381418ca7a26eb6db
              • Instruction Fuzzy Hash: AA2174B5B002069FDB04DF69C8848EEBBB5FFC9240B50466AD905E7355EB30E945CBA0
              Function 077A8179 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b8ef910ee9715a03abc06d0f8cfdc3bf788dcd6023d4ae931f01f823a017709
              • Instruction ID: e03613109a58a96e51e64c0e9708f28d4ee36ba37231103e47d280f8e5292488
              • Opcode Fuzzy Hash: 0b8ef910ee9715a03abc06d0f8cfdc3bf788dcd6023d4ae931f01f823a017709
              • Instruction Fuzzy Hash: E62125F1D28115EBE7015FA8C8806BAFB71FBC1384F044A2AE615AB182D2749855C792
              Function 02E9D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724610589.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e9d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a6e17fc6f812c27e8f585df04e17bcd96764d8d2e618f41c61bd6ba6dc24e8f
              • Instruction ID: cd7e8e83dea7310169d7be12f9c6422147702cb71d673e2e64db877b0a3a6c6e
              • Opcode Fuzzy Hash: 0a6e17fc6f812c27e8f585df04e17bcd96764d8d2e618f41c61bd6ba6dc24e8f
              • Instruction Fuzzy Hash: 4621F271684200DFDF14EF24D984B26BBA6FB84318F20C56AD84A4B296C33AD847CA61
              Function 02E9D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724610589.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e9d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0b3fc0b47703b7acc27835978949fb2badebcd3a0abdccf6237f3e41ceb30d2
              • Instruction ID: 81bddd47a0596f8fca62a0b14938a59f230ecd03f448babf7bdeec4141621cd1
              • Opcode Fuzzy Hash: b0b3fc0b47703b7acc27835978949fb2badebcd3a0abdccf6237f3e41ceb30d2
              • Instruction Fuzzy Hash: 4B212671584204EFDF05EF54DEC0B26BBA5FB88318F20C66EE90D4B296C336D446CA61
              Function 07754F17 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49b575d4199f02affbbacae96cd646c03a9f3e0ffdda8d0fd68588589d4b8dfb
              • Instruction ID: e81f956d7f4fea2be87048b1c6a34e662af66d357dff0a4f4b89cda0f2806654
              • Opcode Fuzzy Hash: 49b575d4199f02affbbacae96cd646c03a9f3e0ffdda8d0fd68588589d4b8dfb
              • Instruction Fuzzy Hash: 3D2181B5A0424A9FDB00CF58D8409EEFBF5FF89260B14852BE818D7341D7319D42CBA0
              Function 07758984 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 389dd2b65204dbf73b725b526e0ec5ab25ab73b011f4706ce28f70b57bc79c1e
              • Instruction ID: c8912fd68a8da1570f698f1b4ec357ef8f91b97c40e75c45e17cdc38f731ec3c
              • Opcode Fuzzy Hash: 389dd2b65204dbf73b725b526e0ec5ab25ab73b011f4706ce28f70b57bc79c1e
              • Instruction Fuzzy Hash: FD21DE71A00205DBCB24EF65C4846AABBB2FF85361F14C82DE9099B250DB76E994CF90
              Function 077A2F58 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04a0135f313dd1afa75c50e88e19292756ba55ddc840a21aeffab45f2c581623
              • Instruction ID: 1c468e24ab6a2cc731a9831e5e16af4fe9ae3f6fe11b0a8cfe7e90eee98ba24e
              • Opcode Fuzzy Hash: 04a0135f313dd1afa75c50e88e19292756ba55ddc840a21aeffab45f2c581623
              • Instruction Fuzzy Hash: 05211075A0020A9FDF44EFA9C8848AEF7B5FF89340B508669D905B7355EB30E945CBA0
              Function 077A01F6 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48e75b5f6468f7ea1bd00112d3279e2aabbac1158cc68025b0b8f34257b09daa
              • Instruction ID: d31b2925cc8ffe241be43bad3546bf8545a779766dc7e03bc17b5eccf5213e87
              • Opcode Fuzzy Hash: 48e75b5f6468f7ea1bd00112d3279e2aabbac1158cc68025b0b8f34257b09daa
              • Instruction Fuzzy Hash: D221D8B06403169BFB199B29D4997BE7B63FBC0341F548E29D803466E5EF3099C6C641
              Function 07752780 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57736a553df982bc77abd174c01c3460ec0e58e1c2e16be88ae14476e582e7a7
              • Instruction ID: 81c08c49a07da8a83fb8a621d5b25252ca1bc456d04060b8036ee6107d7c4857
              • Opcode Fuzzy Hash: 57736a553df982bc77abd174c01c3460ec0e58e1c2e16be88ae14476e582e7a7
              • Instruction Fuzzy Hash: 171119713005548FCF1AF778841866D3296AFC5796B5848BDD40BCB3A0CE76EC42CB96
              Function 077A0258 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd8cf660ba69d17d06bd5a46240eb5337b7962483b8b062c8ca12096262ca102
              • Instruction ID: cd623212793d489a508dfc1daad5b62c82b955789fc5c0eef42091966c59e0bd
              • Opcode Fuzzy Hash: dd8cf660ba69d17d06bd5a46240eb5337b7962483b8b062c8ca12096262ca102
              • Instruction Fuzzy Hash: 4A11D6B06403029FF725DA2AD58476BB757EFC0391F048E3AD916466B9EF71D8C6C640
              Function 07759868 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4e604f6258fe9989b725d7bfe4661d5f6332a70492f25ec8b7873ec21bd98fd
              • Instruction ID: de1ac5b00d120e0cd69515d88f6278a50bfbf9bbfb40aaf6875ffede3fdce3fb
              • Opcode Fuzzy Hash: b4e604f6258fe9989b725d7bfe4661d5f6332a70492f25ec8b7873ec21bd98fd
              • Instruction Fuzzy Hash: E011D6B63006008FC701EB78D848A6E77EAEF8A650705456EE545CB360DB71EC41CBA1
              Function 077AF608 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e85ecdaf54be5bd632b24a9d2f0a1fd31731d91cc761a495385dc6fe28056ee2
              • Instruction ID: 32a92c5438d48e55f9f882e26c2a7e4a7aeeecab328fb0f714c383c57c505d58
              • Opcode Fuzzy Hash: e85ecdaf54be5bd632b24a9d2f0a1fd31731d91cc761a495385dc6fe28056ee2
              • Instruction Fuzzy Hash: FA110BB0B40105ABEB58AE39981067F77A2EBC4B94F148769E409D7360DB31C80087D1
              Function 0775D2C8 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d8172f568aa5046f98a60f70601a657e0a20dc86a1cba62299e905d79340b4b
              • Instruction ID: edda24d5c90f06d16318046c52c27316c567f9130fb3dd2210b6624c0b609ffb
              • Opcode Fuzzy Hash: 8d8172f568aa5046f98a60f70601a657e0a20dc86a1cba62299e905d79340b4b
              • Instruction Fuzzy Hash: 47112772604188AFCF129F64EC458EF7F7AEB892917058062F845C7220C7358D22DBA1
              Function 077A3700 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 236014601c0b05893a6e464e31baba133a5cdd3b0c996576afad176472ef3994
              • Instruction ID: ca980d71c870ac6a9ccf5bb8ac6ce7580c86eb448b2cb1578913c5c8584a79e1
              • Opcode Fuzzy Hash: 236014601c0b05893a6e464e31baba133a5cdd3b0c996576afad176472ef3994
              • Instruction Fuzzy Hash: 84112772B043049FC714AE79A8944AEBBA6FFC22907144A3FD505DB240EF31D945C7D1
              Function 07758AB0 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c27d0f152ac8fd4e5d85816df00c82bb2724bb8ac672b68ac8ba80474bc7cea1
              • Instruction ID: 6e26a768751079d3cba1e14d85552b8154b6abf2b0b60ec74254aae4a9ea5265
              • Opcode Fuzzy Hash: c27d0f152ac8fd4e5d85816df00c82bb2724bb8ac672b68ac8ba80474bc7cea1
              • Instruction Fuzzy Hash: 9D11E7B1F0010AEFCB126B95D9441EDBFB0EB41384F218DB5D84AF3244F27095318B95
              Function 077ACAB8 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7427a47ea3641d4ee1d01a9c820bd132cd7064adebd2604d1e9cc22bd79580bc
              • Instruction ID: d73a335fb0a2f47a380deef5399ed5927b3b58e61eb9636821b637d41a54aa5d
              • Opcode Fuzzy Hash: 7427a47ea3641d4ee1d01a9c820bd132cd7064adebd2604d1e9cc22bd79580bc
              • Instruction Fuzzy Hash: FB119DB5A08208FFD706CFA9D6849A9BBF5AF8A340F15C1D5E4089B222C7309E50DB90
              Function 077595A0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 967b2524d1748b53d8c52606277592f368e37beb22fd95c5c5384a3c53b06261
              • Instruction ID: a78aaa420cb7d8235f3c32bd9a536d283dd0851c5ccbc733e21a5934ac4bbb64
              • Opcode Fuzzy Hash: 967b2524d1748b53d8c52606277592f368e37beb22fd95c5c5384a3c53b06261
              • Instruction Fuzzy Hash: F021DFB59013499FDB10CF9AD984ADEFBF4EB48314F24842AE919A7200D375A944CFA4
              Function 02E9D005 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724610589.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e9d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f5d3e26770a256570b2c309460d34d90c13587abcb6fd476038062dc5204a7e
              • Instruction ID: f965438bb8874468cc34a1f4201dc512fea5ec5f74b6f32ea1883bc365beed23
              • Opcode Fuzzy Hash: 0f5d3e26770a256570b2c309460d34d90c13587abcb6fd476038062dc5204a7e
              • Instruction Fuzzy Hash: 3B21A4755493C08FDB02DF24D994715BF72EB46218F28C5DBD8498F2A7C33A984ACB62
              Function 077AE3CD Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c5af95e52c3fcc0eaedb61eed62c44ba448ca8011b5fa0869487ab9869850a8
              • Instruction ID: b616ac67d911b68c3bcde2202ae9568991aea5d73a6397be29a3a77e586abc31
              • Opcode Fuzzy Hash: 4c5af95e52c3fcc0eaedb61eed62c44ba448ca8011b5fa0869487ab9869850a8
              • Instruction Fuzzy Hash: 8C21D5F0D81105EFDB44EF78D586AEC7BB9FB8A380F10A668E4099B216DBB41851DB00
              Function 07752B08 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac346c8a9b1372c5eed62642b85ba785f8cf9f48789dad673261ac3448d5eb86
              • Instruction ID: 1e5ff6bf923c504ce5717510f7cc5285b503a453ece98fc93d4cffad7cb99c0d
              • Opcode Fuzzy Hash: ac346c8a9b1372c5eed62642b85ba785f8cf9f48789dad673261ac3448d5eb86
              • Instruction Fuzzy Hash: 9411B1B0A002559FCB11DFA5C8447FFBBB6FF89340F00446AD85867215E7345982CBD2
              Function 07750B93 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fd66acfc5f0bc05924aa936672bf6199456a17f0204a20ecf7a7889feaac5df
              • Instruction ID: 4cd47661b68c7143ccd3fa382cc066048e32e92a44e437f789b3781f40c1d7ae
              • Opcode Fuzzy Hash: 2fd66acfc5f0bc05924aa936672bf6199456a17f0204a20ecf7a7889feaac5df
              • Instruction Fuzzy Hash: 0A2163B0D093899FCF02DF68C9549EEBFB0EF4A240F058597D854E7252E7705A44CB62
              Function 07759878 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df76ec603d043eb8de70f90f3ac0f57a82df4f971b55aaaa14fce0ec919fcc34
              • Instruction ID: 44a311cf1f4f3c36840cb3ba91f1da8e3d96d9def3af188642256668cccfed70
              • Opcode Fuzzy Hash: df76ec603d043eb8de70f90f3ac0f57a82df4f971b55aaaa14fce0ec919fcc34
              • Instruction Fuzzy Hash: F2119AB57006008FC705EB68D848A6EB7EAEF89650B14856EE506DB360EB71EC41CBA1
              Function 07759670 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c243e51577a078d3139628c6c2120d4c6f942253702b2d244390a182ed13d4bf
              • Instruction ID: aa8cbd88a30d26d752cd2f237f5b448eac069e3c476160ef6acb3b7f118233f1
              • Opcode Fuzzy Hash: c243e51577a078d3139628c6c2120d4c6f942253702b2d244390a182ed13d4bf
              • Instruction Fuzzy Hash: D801F0B3301511CFE3115779D48056677D6EBC42A8B15097AEE09C7364DFA1EC46C791
              Function 077A8188 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d40b18fb7f52070133effb4b7a666243b5487e3d22a959ef0d53c6d4f538602
              • Instruction ID: 0f1caeaacbb26e889767fe905724cb22c048b0a11f30771723f014f0fc97f4f3
              • Opcode Fuzzy Hash: 1d40b18fb7f52070133effb4b7a666243b5487e3d22a959ef0d53c6d4f538602
              • Instruction Fuzzy Hash: D511BFF1E24516EBE7059FA9DD8067AF6B1FBC5380F404A3AE205AB280D33499508793
              Function 07756A13 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6645eda9fec6db75b63e98a92e24b8c2535ab7ed50ffd2412bd53bbda675346
              • Instruction ID: bcf635283cc7fea3eea399ac5ff148fe5406317ee4a815077c4784981eba31ff
              • Opcode Fuzzy Hash: c6645eda9fec6db75b63e98a92e24b8c2535ab7ed50ffd2412bd53bbda675346
              • Instruction Fuzzy Hash: 2921E1B0A003449FDB11DFA4C804AFFBFB6EF89340F04445AD958A7251D7399A46CBA2
              Function 077575B0 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a35cc854bbde071715ac56d4d90609066f3a124b39d6ba4104ecf55344cc0a9
              • Instruction ID: 256cbe58269ed76b823dd4ed2ec78a22549f1c3b2d16f80b13c6ca4d3f65284f
              • Opcode Fuzzy Hash: 9a35cc854bbde071715ac56d4d90609066f3a124b39d6ba4104ecf55344cc0a9
              • Instruction Fuzzy Hash: FB21EDB5E0425A8FCB45CFADC4449AEBFF1FF89210B10816AE918E7315E7349901CB90
              Function 077AE413 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e84e216f02c0e642cf87a3e12665d4e2ca958e2181765d90a14deb5c132dcb3
              • Instruction ID: efc873b3373c2961c7dfbe5a99435fb8bc7f0f815918e6595db11fbb741781a6
              • Opcode Fuzzy Hash: 9e84e216f02c0e642cf87a3e12665d4e2ca958e2181765d90a14deb5c132dcb3
              • Instruction Fuzzy Hash: FA2102B0A91104DFCB40EF38D886AAD7FA5FB49380F10D6A4E0099B26ADB342D45CB01
              Function 02E8D4BF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724527219.0000000002E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E8D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e8d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
              • Instruction ID: c648c36fe1cdadb580393d4572fad242a7aa5ae6177727ac1c18c3012ce8b3c7
              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
              • Instruction Fuzzy Hash: 23110372444280CFCB02DF10D9C4B16BFB1FB84328F24C6AAD84D0B656C336D45ACBA1
              Function 077A81A7 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c359c3d7f7a74723cbc15e5dfd1f3e0c308855e2010a2d5f81759053ea51d68
              • Instruction ID: 997c278634307ef04c4985329c3b7c8da8757f590c69d227a7966d01283550f0
              • Opcode Fuzzy Hash: 4c359c3d7f7a74723cbc15e5dfd1f3e0c308855e2010a2d5f81759053ea51d68
              • Instruction Fuzzy Hash: 1011CEB1A28515EBE7068BA8DD40279F770BBC2385F048B2BE216DB182D634D890C793
              Function 077517C0 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3be601b83b03123be174cd2bec25b80ba07eafb6128240530bf40a50185390f6
              • Instruction ID: 891e0cdc6b9fe18de9c555cc0d8a2eec226ed896da97d26e182e4be36e60f986
              • Opcode Fuzzy Hash: 3be601b83b03123be174cd2bec25b80ba07eafb6128240530bf40a50185390f6
              • Instruction Fuzzy Hash: FC2114B5900349AFCB10DF9AD884ADEBFF4FB48364F14842AE919A7210C375A944CFA5
              Function 077A8280 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de4a9daaf964e127f8f54344d5816408a8bafb6c9ee42a7e75425f5ec56091f2
              • Instruction ID: 3adcc4cf2fac5457014fb27d21ae8066b28b26e1e15f5d18ed1ae55c1c350b28
              • Opcode Fuzzy Hash: de4a9daaf964e127f8f54344d5816408a8bafb6c9ee42a7e75425f5ec56091f2
              • Instruction Fuzzy Hash: 911148F0B85600EFF31A8A24CC05B397797AFC5790F558666E102DF2E6CAB4C8018B43
              Function 077A3E57 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e790808d8b171dd7e35c4932a1145f3bcc82fb2f80888cbbf3ea488fafe61f1
              • Instruction ID: 4120f01e54deb866436b0747e14d38109435d71e94981f1dba681c8a3e566cad
              • Opcode Fuzzy Hash: 2e790808d8b171dd7e35c4932a1145f3bcc82fb2f80888cbbf3ea488fafe61f1
              • Instruction Fuzzy Hash: D9016D32B142109FC701AF78D8404DEFB75EFD6360B05466BD1449B321EF719A59C791
              Function 077ABC6F Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ca82613d28e6f8394a4b3def754d6e49f55267bb0ddc6b7639af5e39202adc3
              • Instruction ID: 3157d451958bba0b995e4fa13de9417c5b8d8db64e3f191b75d66a243e9e86a1
              • Opcode Fuzzy Hash: 5ca82613d28e6f8394a4b3def754d6e49f55267bb0ddc6b7639af5e39202adc3
              • Instruction Fuzzy Hash: 8D112BB4D08248EFEB09CF56C8404EEBFB6AFDA380F14D566840AAA215D73005058F61
              Function 077A0253 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22fcba7e45f587a3d6d6913fc67cdbe012c4f370a26c70549e2d130ff87a4d91
              • Instruction ID: 0e16b1d2800aa5fb18b3b0d8588092089c3bba577c0a3ca4e9b22bad2325bafc
              • Opcode Fuzzy Hash: 22fcba7e45f587a3d6d6913fc67cdbe012c4f370a26c70549e2d130ff87a4d91
              • Instruction Fuzzy Hash: 82012DB06403029BF725961BD44476BBB57FFC0391F048D39D916466E4EF70D4C5C550
              Function 02E9D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724610589.0000000002E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E9D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e9d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
              • Instruction ID: 0e225589d0366613092be0c11f07706e14567221e8705c2cfb9c7a0a936d49a4
              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
              • Instruction Fuzzy Hash: A711BB75544280DFCB02DF50C9C4B15BBA1FB84218F24C6AAD8494B296C33AD41ACB61
              Function 077A25F7 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e85759343ed647ed8cebfffa9773abef4f14efa4724e1f9309b6d4786826f03a
              • Instruction ID: fae602cb8c046eb696326704b997b458b4bb2c3ddf8ce272a7ca0bd5160fa649
              • Opcode Fuzzy Hash: e85759343ed647ed8cebfffa9773abef4f14efa4724e1f9309b6d4786826f03a
              • Instruction Fuzzy Hash: 5A11A0B0E0420A9FE705DFA8C8017AEBBB1FF89348F048625C815F7391D7B89555CB91
              Function 077575C0 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63aab1ca5b265871bd90b60a2fabadcc81ce2cbfe23aa275327f2a46c098f26f
              • Instruction ID: e5f08718da3d5bd1ada6dc16ba205aad3654866134b0cdb2b3dddb6517885039
              • Opcode Fuzzy Hash: 63aab1ca5b265871bd90b60a2fabadcc81ce2cbfe23aa275327f2a46c098f26f
              • Instruction Fuzzy Hash: 4F119BB5E0061A9F8B44DFADC9449AEFBF5FF8C310B10816AE919E7315E7309911CBA0
              Function 077AE288 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1277b05767a1045713b06d858fc7e6bf5ba08e0a92da38a9dab710861ab87248
              • Instruction ID: 095dace927ab8eb019aef2e1194eaec14c4bcf510b0659a37827a580a461a5ef
              • Opcode Fuzzy Hash: 1277b05767a1045713b06d858fc7e6bf5ba08e0a92da38a9dab710861ab87248
              • Instruction Fuzzy Hash: 682189B4A41100DFDBA4EF68E486AAC7BF5FB49381F14D168E40AEB255DB346C40CF02
              Function 0775A7F0 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10fca2a50edd0ae3b34fb7060987580ed67b5136e0122649f26bad7bd6d9f68e
              • Instruction ID: eebac0b5d72500fcfec67211e29408fdea039d7298edeca289f7998dfaf8c1f3
              • Opcode Fuzzy Hash: 10fca2a50edd0ae3b34fb7060987580ed67b5136e0122649f26bad7bd6d9f68e
              • Instruction Fuzzy Hash: BC01F7F2F041529FCB135764D9041E97FB0DB82284B1A8EB7C84AE3291E2B096168795
              Function 07752B18 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8e9b7ab7001c9b261e96adac2f92bb8354fbf7a79d1b66dfb3828f7bdd009175
              • Instruction ID: 66a6f7247c07bad7756ada7549d655c8ca69b66768281da354719a8f7b0ec3f4
              • Opcode Fuzzy Hash: 8e9b7ab7001c9b261e96adac2f92bb8354fbf7a79d1b66dfb3828f7bdd009175
              • Instruction Fuzzy Hash: 8A115AB4A002199BCB10EFA9C844BFFBBB6FF88350F004428D968A7354E7389941CB91
              Function 07756A20 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34769a7a8c2f4144b766fd7f5f52c8a6b6b39e7bd50053f5bc4da330fa479f44
              • Instruction ID: abd1f4cc0322f3ea5703daff04b4ac2d7f56112b7544ed951f7f809f2615b7f7
              • Opcode Fuzzy Hash: 34769a7a8c2f4144b766fd7f5f52c8a6b6b39e7bd50053f5bc4da330fa479f44
              • Instruction Fuzzy Hash: AA115AB4A00219DBDB10DFA9C944ABFBBB6EF88340F008429D918A7354E7389946CB91
              Function 077A35F3 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6bbd581ad8f6aa7c8c520951bcea2beeb898d2e40b93d86321c5e66f4492dbe4
              • Instruction ID: a416942fed9d329b38373d1f7b61964a51e872fcba9f04bd6ad6482ada5fb444
              • Opcode Fuzzy Hash: 6bbd581ad8f6aa7c8c520951bcea2beeb898d2e40b93d86321c5e66f4492dbe4
              • Instruction Fuzzy Hash: 6D112DB2D1420AAFDF11CFA4D9459EFBBB4EB49354F15452AE918F7240D7306A04CBA1
              Function 077ACA40 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ab2ca41c77b26768d989961ddb65b9bf90c09372f10148616d2d832d2ddff88
              • Instruction ID: ab3dcb045e6f8f802f256f51aa09e24ea9aa035d77455b44c0f97471728147e5
              • Opcode Fuzzy Hash: 4ab2ca41c77b26768d989961ddb65b9bf90c09372f10148616d2d832d2ddff88
              • Instruction Fuzzy Hash: 75018FB094D109FFEB16CB65C9005B8BBB9AFCB381F04EB95D0096A212D7305A14EBA1
              Function 07758F39 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51b837269fd2039ae56b89fe594a73c701e876875315c9a4d87c32903fa16b13
              • Instruction ID: 130684e261c5621e968d42eeacf86da1881dd01976b6585f7277cf298085d30b
              • Opcode Fuzzy Hash: 51b837269fd2039ae56b89fe594a73c701e876875315c9a4d87c32903fa16b13
              • Instruction Fuzzy Hash: 4B01F1B2914248DFCB40DF78D5045AC7FF0EF16395F0889AAE80CEB251E236D654CB42
              Function 02E8D745 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724527219.0000000002E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E8D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e8d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2214f3ff74da677e0f2962d5904af32935cf2b6a97230e0acfb19acbce2e1c1
              • Instruction ID: aad35d36609c009e5658861d481db7e9d681d6af0733fb85cabebe8989cc35bf
              • Opcode Fuzzy Hash: c2214f3ff74da677e0f2962d5904af32935cf2b6a97230e0acfb19acbce2e1c1
              • Instruction Fuzzy Hash: 5C01DB710883449AE7106E35CD84BA7BF9CDF41378F18C56AED4D5A2C6D77AD840C6B1
              Function 0775CAF0 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f03c90ca0521f9d4f306ad70d614165fd1123fde08d5d9b77c1e647520153ccf
              • Instruction ID: 75aad28f1d1466a2e50048955167d8900638819e7500f2e6ad2f88c8e183049b
              • Opcode Fuzzy Hash: f03c90ca0521f9d4f306ad70d614165fd1123fde08d5d9b77c1e647520153ccf
              • Instruction Fuzzy Hash: A6018672E006099EDB00FA68E8459EEF779EBC5351F408676E9046B204E7706A59C7E2
              Function 077562B8 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fd1b77d901f2f978ccb83b370c2c632085879a6d411df55773d2b2e4e208e7e
              • Instruction ID: eb8420504224803e889dc4356f71989279005f3daeac41406cff3f6428438d36
              • Opcode Fuzzy Hash: 2fd1b77d901f2f978ccb83b370c2c632085879a6d411df55773d2b2e4e208e7e
              • Instruction Fuzzy Hash: 2501A2B53006018FCB199F6CC0649AD77A2EFC6651745886AE945CB325DF71EC428790
              Function 0775BADB Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a9c92002f74d11ed93d5058b81b73f7fd3ed464bc7c33e249a0e6bf740f91a5
              • Instruction ID: 33cc3ef2146c34d473e62715947c659a6fdc81b2b1293ad824d3d3e057b9da18
              • Opcode Fuzzy Hash: 3a9c92002f74d11ed93d5058b81b73f7fd3ed464bc7c33e249a0e6bf740f91a5
              • Instruction Fuzzy Hash: EA01D43291074A9FCF01AFB4DC444DAFB36FF86344B158B6EE00567221EB70A699CB90
              Function 077A2608 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa254e1a58e26966d2f46a02f98b45861b4fa1aef8d2af114c982738bc56ca70
              • Instruction ID: 9c9c08263e205de0dcfee07cc0dcc60282708f3cf0868b75a92368dc5e6c17c3
              • Opcode Fuzzy Hash: aa254e1a58e26966d2f46a02f98b45861b4fa1aef8d2af114c982738bc56ca70
              • Instruction Fuzzy Hash: 610180B0E102099FEB04EF68C8016AEBBB1EF88344F008629D815B7391DBB89945CB91
              Function 077AE13D Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c89eac7ec768dcc18f2964dc1a7d971d408d9334ae216ee8709ab1f243928d01
              • Instruction ID: a2ca44f7f00f85048e493e7421214e76057b3faf46143544407850b79cae5d27
              • Opcode Fuzzy Hash: c89eac7ec768dcc18f2964dc1a7d971d408d9334ae216ee8709ab1f243928d01
              • Instruction Fuzzy Hash: 4F1191B0A80115DFDB90EF64D845BAC77B1FB89380F2096E5D41AA7384DB745D81CF21
              Function 0775CF63 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7ce643104fcd285c7e7a10f09dee9cac37e65fa7eb497aa1130670faba220ce
              • Instruction ID: c5b0853e1a9934f7a4cdc5357a841cf89f059e5333b6e51518baf48eaa3eb59d
              • Opcode Fuzzy Hash: b7ce643104fcd285c7e7a10f09dee9cac37e65fa7eb497aa1130670faba220ce
              • Instruction Fuzzy Hash: 21016D3620431AAFCF065F94D8058AFBFAAFB8C291700802BF915C2251CB358C31DBA0
              Function 0775B218 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff1695d2569e120a56b2ea6db64273b4cdd11c2ee7977a642020f2bc50f22405
              • Instruction ID: 0b6f6564ede6eaac0f67f9e4080123bc90e2e8c5637b7b1d59448ce2c0665e42
              • Opcode Fuzzy Hash: ff1695d2569e120a56b2ea6db64273b4cdd11c2ee7977a642020f2bc50f22405
              • Instruction Fuzzy Hash: 0F11ED70250605CFC754DF28C584BA5B7E6FF46344F008969E59ACB325DBB0BD48CB81
              Function 077A3670 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9dd0b00ddeaa52f5b951241185582c4faab8023a6bc4a7862c4eaf9f0ea4b6b8
              • Instruction ID: 12a4aa4ff65c6b88bf07b30297f8906c9c169dd5d037a138a3146ce603f4502e
              • Opcode Fuzzy Hash: 9dd0b00ddeaa52f5b951241185582c4faab8023a6bc4a7862c4eaf9f0ea4b6b8
              • Instruction Fuzzy Hash: 75F02832A046695BDF01BA68C8140DDBBB5EFCA251F06C6AAD946B7341FF305A1487E1
              Function 077599A0 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56a1a891efa39b79e996768c3ba614664adaa0d2bdde300741879fdbba632a05
              • Instruction ID: 5a45a288f2a6c8ba674da273f33a6c2ae1f03fcca7b3e91bb61724f4a4fbf661
              • Opcode Fuzzy Hash: 56a1a891efa39b79e996768c3ba614664adaa0d2bdde300741879fdbba632a05
              • Instruction Fuzzy Hash: A0F0C835B002208BDB445B7AC458B2AFBDDAFC1791F0984BAFD45DB3A1DAA5DC40CB90
              Function 077AE200 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd59bb0d69dd990dd6e9b412e174f85122c2471f4243f66166456e6109bde4b
              • Instruction ID: 77a1819bd23dcc9e93ef3627ffa9fdfd36979ba657449f5baa291567760689c0
              • Opcode Fuzzy Hash: 8cd59bb0d69dd990dd6e9b412e174f85122c2471f4243f66166456e6109bde4b
              • Instruction Fuzzy Hash: 2A115AB4A40100DFCB90EF68E586AAC7BB6FB49381F10D1A8E409AB265DB746C50CF02
              Function 07751FC0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b78e849a3ee12e810a477dc6b3dff6cb8c297d3d191671f9dc12938d38762b85
              • Instruction ID: fba0874b328f558f97f3c2799fddb9a874350134ea95b85a85b9a24700f997a1
              • Opcode Fuzzy Hash: b78e849a3ee12e810a477dc6b3dff6cb8c297d3d191671f9dc12938d38762b85
              • Instruction Fuzzy Hash: 33018135A006089BCB01EB65D8489EEF7B9EFC9210F408659E9056B244EB706A95CAE5
              Function 077562C8 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c5f1fa4859a0d4b4d468c01381dabefc0dcfa39c54dae16bc7e9b9a7cf85ecc
              • Instruction ID: d782379d9f0e0634629db68da57e0eee11a68ba66b186debe80ef624a730163d
              • Opcode Fuzzy Hash: 6c5f1fa4859a0d4b4d468c01381dabefc0dcfa39c54dae16bc7e9b9a7cf85ecc
              • Instruction Fuzzy Hash: 7DF08CB43006018FCB18AF2DC064D6E77A6AFC5A907518469ED46CB324DF72EC028790
              Function 0775E891 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6008b289f7ec7d985a45c73599123193208c1b887d3d0acbb005be732438262
              • Instruction ID: fc17e1da8d00ca5a09fe0c69fb4213cfe189193b4fd9444aa1c6e2a14c7b42e3
              • Opcode Fuzzy Hash: d6008b289f7ec7d985a45c73599123193208c1b887d3d0acbb005be732438262
              • Instruction Fuzzy Hash: CE110575210A41CFC794CB28D584BA5B7E6FB46344F0488AAE19ACB261DBB0B948CB81
              Function 077A4649 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f5773234bc1b0d07b63b54210938c8955fdf10ee2f0dee6f588ca8ee526c855
              • Instruction ID: 8b0f28bf3da382d8305aee07b822919bbe0b4c7e0ddd4c17a7ebc174d355879b
              • Opcode Fuzzy Hash: 4f5773234bc1b0d07b63b54210938c8955fdf10ee2f0dee6f588ca8ee526c855
              • Instruction Fuzzy Hash: 32F024B63002406FE354AB6AE408E8A7B95EBD5BA2F10C83BF544CB341CA72C851C7A4
              Function 077A3680 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0cef3592373691423f976985ff6e4f4e793d92b3d4ef93a5c56bb268ef2e546
              • Instruction ID: adf3247ed6b629a141f31bc56349ac454369f4e02e600e343d88c8445be135f6
              • Opcode Fuzzy Hash: a0cef3592373691423f976985ff6e4f4e793d92b3d4ef93a5c56bb268ef2e546
              • Instruction Fuzzy Hash: E8018131A1062E8BCF04ABA8D8144EDB7B5FFC9211F418A29D91677240FF306A198BE1
              Function 077ACAC8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d64d2daadcd639a566c4c935d490ff0fd96afb6aa799e6eddbdbfa2a88a95cd
              • Instruction ID: 5a94b9709e0d672f8d1abdd64ac969c13e4b6858839cb141ca25786983eb3922
              • Opcode Fuzzy Hash: 4d64d2daadcd639a566c4c935d490ff0fd96afb6aa799e6eddbdbfa2a88a95cd
              • Instruction Fuzzy Hash: 94014B74A04108FFDB04DFA8D688EADBBF5EB89340F24C094A50D9B311DB309E10DB90
              Function 0775CB6B Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 305ae10ec062694efde3757e7d757fd9eda0a9974c21578d4dbbc3aa2c0ace5e
              • Instruction ID: 59143ad5c8c9c88af3d968bfbf0fe11d01172b51cc5b8c5804c761751aa25543
              • Opcode Fuzzy Hash: 305ae10ec062694efde3757e7d757fd9eda0a9974c21578d4dbbc3aa2c0ace5e
              • Instruction Fuzzy Hash: 24F04C32900B05CBC712AF6CE414885B7B4EF92311700867FD489B7201EB3AA868C7E0
              Function 07750BC0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f224af1d58c9ce0621bf6c7806b8806fc57e07f034a30f07f6e3d23e74ec76f7
              • Instruction ID: 44e9ba753358e01ac807de12db7c5e827721af131a551bd3ed73ad57b05da337
              • Opcode Fuzzy Hash: f224af1d58c9ce0621bf6c7806b8806fc57e07f034a30f07f6e3d23e74ec76f7
              • Instruction Fuzzy Hash: BF0167B5E0061DAF8F41EFA8C5449EEBBF5EF48250F10855AE859A7310E7709A508BA1
              Function 0775321F Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f41f42f77572f3a9b4a396461f6d8ee9699e0e181a56a76b774232802e51e7df
              • Instruction ID: 01698e88023920678c33af8d0259d4c0578605f99b5e37be9d21e72d65030c9b
              • Opcode Fuzzy Hash: f41f42f77572f3a9b4a396461f6d8ee9699e0e181a56a76b774232802e51e7df
              • Instruction Fuzzy Hash: 7BF02BB1504149BFDF08CB58EC41DEE7FBAEB442D8704826BE404D7230E6719D00C760
              Function 0775BAE8 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95b082c66f5aac62b040996b2a6e3bc70ce0fdf40218f45fe1973c8c3e3ddc3e
              • Instruction ID: 25735f95cb233f02193e5cf5e455952bb8f7eaab0d0a24afb9fd88487a65258f
              • Opcode Fuzzy Hash: 95b082c66f5aac62b040996b2a6e3bc70ce0fdf40218f45fe1973c8c3e3ddc3e
              • Instruction Fuzzy Hash: 8B01863291070A9FCF10AFA5D8448DAFB76FFC5344F118729E50567210EB71A599CB90
              Function 0775999B Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea1697ee73886529066efcfa45a9de42f9be4b96365144c79af5406bdaaf87a2
              • Instruction ID: 1018a7eec52bdbba5cedbccf5656658cf9d6125e37a4486c41f04c29188483da
              • Opcode Fuzzy Hash: ea1697ee73886529066efcfa45a9de42f9be4b96365144c79af5406bdaaf87a2
              • Instruction Fuzzy Hash: 9EF02B75B002204BCB0016799404679FBDDABC1791F09447AED45CB290DAA6DC408BD0
              Function 077AE2D2 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ce1c6d8084017120f4008d166b5fed56ff439ac2fc62161ca8254db8fe83f3a
              • Instruction ID: 021de7fe30a4d889f09fb3b402a2dd8bd60b1dec5b4bcf43a43f1762f9804502
              • Opcode Fuzzy Hash: 0ce1c6d8084017120f4008d166b5fed56ff439ac2fc62161ca8254db8fe83f3a
              • Instruction Fuzzy Hash: E61170B0A80215DFDB90EF64D845B9C7BB2FB89380F2096E5D419AB758CB745D81CF21
              Function 0775F890 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e4dbb25937f6c1b1bc01357c06f225a9f5db39a7de0162e34540ee734846778
              • Instruction ID: 0ffc5c73b949453254061b22a7f180a0f76ded6e3dc591ac7d773c304ed98e09
              • Opcode Fuzzy Hash: 9e4dbb25937f6c1b1bc01357c06f225a9f5db39a7de0162e34540ee734846778
              • Instruction Fuzzy Hash: 8BF0F6757013449FD3559B69E408B5A7FA9FBC53A1F10C03EF549CB641CA36D812CB60
              Function 02E8D744 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724527219.0000000002E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E8D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2e8d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22faa4227036faa8c5238ac579002150130216883010ef221986c9aea7b38bc3
              • Instruction ID: 4375aa525823f6f3a5df31696ff721e784f4e1123d622e3838410a2b742de5df
              • Opcode Fuzzy Hash: 22faa4227036faa8c5238ac579002150130216883010ef221986c9aea7b38bc3
              • Instruction Fuzzy Hash: 63F062714443449AE7109E26DC88BA6FFA8EF41638F18C45AED4C5A286C37A9844CAB1
              Function 077569B0 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21d4617472abad175184a57d46fc6f6c4dcb5c0bfe033986b96466975e60ea2e
              • Instruction ID: f4f3cd5b47fafaadfc819bf4cc424fac6ad9b394c5099c3a22143076f520a562
              • Opcode Fuzzy Hash: 21d4617472abad175184a57d46fc6f6c4dcb5c0bfe033986b96466975e60ea2e
              • Instruction Fuzzy Hash: 43F0E9B12467844BD32597349520AFABBA6DB81691F440CEDC855C6291CEB1AC45C7E1
              Function 077A36F0 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59dd6dc48e137961718ab9e1ef4f4ad81eade1b3afc31f6653d8fa7853f93344
              • Instruction ID: a9e2169685f7772bd61a77e9b32f6d0dd6b8012adb24e4dee03a24494f3fbf75
              • Opcode Fuzzy Hash: 59dd6dc48e137961718ab9e1ef4f4ad81eade1b3afc31f6653d8fa7853f93344
              • Instruction Fuzzy Hash: F7F05275A08341AFD724AF29A9D046ABF6AFFC6A80704066FE509CB250DF71C800C260
              Function 07756481 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13a9e22d3e686db999956a553e1f7cda4809e8316facc872bc50c0b80865aaf1
              • Instruction ID: e3820d465e8d6773086db4df7d41726505e8e7c850600a6604c3e0a353f56e2c
              • Opcode Fuzzy Hash: 13a9e22d3e686db999956a553e1f7cda4809e8316facc872bc50c0b80865aaf1
              • Instruction Fuzzy Hash: 7EF0FA76A002149FCB18EBB8E00876E73ABABC5345F00882DC0098B740CF38AC05CF91
              Function 07753A98 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19778b9e402b0fc8e9782b25d9428506ca6440b1becee5173e6efa328c8337fc
              • Instruction ID: 73baf3daf6d92e1d2846b9aaba64960930045c7207c50842dc334d789b1cdeb6
              • Opcode Fuzzy Hash: 19778b9e402b0fc8e9782b25d9428506ca6440b1becee5173e6efa328c8337fc
              • Instruction Fuzzy Hash: 3AF0AFF0D0424A9FDB10CFB4C801AAEBFF0AF09384F004859E810E3210D7B081048BE1
              Function 077528C1 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa0dbdda721ea6394828c5b02e380e45f93b0d91f73164e0b4587c56499bb65c
              • Instruction ID: 163bf46237d82db009669070453e09c906a8bf96e8f36ce8630ac437074ebe0b
              • Opcode Fuzzy Hash: aa0dbdda721ea6394828c5b02e380e45f93b0d91f73164e0b4587c56499bb65c
              • Instruction Fuzzy Hash: C2F027F1201B408FD322A368D000BDAB7A6FBC5790F080C7AC89587692CAA1FC85C7E0
              Function 077ABB61 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 424b9512aeed57a24b9cba4e9e6c65275d58d2432e076355a99473320e60702a
              • Instruction ID: f07a33b4e24e19dc9b2d6561fa35f569cb91309a5780e30fcd5e31de5daf3284
              • Opcode Fuzzy Hash: 424b9512aeed57a24b9cba4e9e6c65275d58d2432e076355a99473320e60702a
              • Instruction Fuzzy Hash: 11F05EB550130CFFCF028FA4D9459997F31BB4A241F108199E94426175C3325AB5EB96
              Function 07756490 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 854332da1df2401f99a2afe76649954d6c9132d7942bf193a7628e1b6d486e83
              • Instruction ID: 4c7c4ed8a513973e627d1c95ca0cc6ca004d575eb4f196c180488b0e964e7154
              • Opcode Fuzzy Hash: 854332da1df2401f99a2afe76649954d6c9132d7942bf193a7628e1b6d486e83
              • Instruction Fuzzy Hash: 1AF0A771B003149FCB18BB75D41856E77EBDBC1750B40887DD54987344DE74AC41CB91
              Function 0775D2D8 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f0f092bd5eff6383a23a079b2dad6ca9e99706eb6332ce8afc02368d70b6b53
              • Instruction ID: 680d9e68ddb5d88b91dd1816fc5af7ebe763e9dacf7b64327c456004e5d052a8
              • Opcode Fuzzy Hash: 3f0f092bd5eff6383a23a079b2dad6ca9e99706eb6332ce8afc02368d70b6b53
              • Instruction Fuzzy Hash: FBF07A76210119BFDF065E95EC49CAF7F6EEB882A17118012FA1582120CB368C71ABA1
              Function 077AC6D0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b3cd34277cff6a982c86b066c75bb8b7e1943037ee27c216f8bf17237c138e4
              • Instruction ID: b632538d9d73d84ad115ab45bead5d9cb4174394fa11125cda77701367b09eeb
              • Opcode Fuzzy Hash: 7b3cd34277cff6a982c86b066c75bb8b7e1943037ee27c216f8bf17237c138e4
              • Instruction Fuzzy Hash: 6DF05574945204EFCB40CBE8D4841EC7B64FF8B2E270463A6C83AAB251C3346822CF60
              Function 077AA2B1 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f31b3ee3bd8603de0122a472e762225159cb16fb57d694fb4f93d9c8cd4aa3e
              • Instruction ID: ff50779d053ff2110c7b99c5151eda75a90f46f68083e4407160dac4f66e6772
              • Opcode Fuzzy Hash: 1f31b3ee3bd8603de0122a472e762225159cb16fb57d694fb4f93d9c8cd4aa3e
              • Instruction Fuzzy Hash: BAE0E5E518B3852AEBA316A4F4053B03F648BC31E5F06C256F14C755E3891E5470D7A2
              Function 077AE234 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f70916ad1f3ff0050b4ecc7fa6d1948ef858afdffd5ec679af0e9bb3fd495de6
              • Instruction ID: 16995aa41d44ae335f0161ac6e6670c894cf40a39d1449ea08fca65d13b4ec03
              • Opcode Fuzzy Hash: f70916ad1f3ff0050b4ecc7fa6d1948ef858afdffd5ec679af0e9bb3fd495de6
              • Instruction Fuzzy Hash: 78014FB4D55102DFEB40EF68E18696DBFF5FB49381F249128E109AB251DB78AC84CF12
              Function 0775AE01 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a170bb0d4eff614a62fe14f6b4b0244022f36c28be5529a101ec443a553e5b32
              • Instruction ID: a9c1902fb48b16e27f2289159b4421ee8b13624ee2a67628809106b058420b30
              • Opcode Fuzzy Hash: a170bb0d4eff614a62fe14f6b4b0244022f36c28be5529a101ec443a553e5b32
              • Instruction Fuzzy Hash: 2EF05CF1A01354CFD325AB24F040498BB66EB47256306C9FFC41D8B721C372D840CB81
              Function 0775E6B0 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66779192ed7a53a88fbac12ebd586a216c2eb87dcbb67302efa0cb9566635db1
              • Instruction ID: 347813702a5153db2237f5465856dea55bad8eec502908f4ddc2af305679c1f5
              • Opcode Fuzzy Hash: 66779192ed7a53a88fbac12ebd586a216c2eb87dcbb67302efa0cb9566635db1
              • Instruction Fuzzy Hash: EFF05872E142099ECB50EBBC9D096AEBFF4FB89251F04466BE458E3200EA705649DB91
              Function 077AF5A8 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d9780b7aeb81b13cc1d34ac36be202a4c720fff02bc9e8254451f0b4673d47b
              • Instruction ID: 96e7c5c4ec4f63ed8bc238db809d9207eea12b0063c6658eded78a4dce141ddb
              • Opcode Fuzzy Hash: 5d9780b7aeb81b13cc1d34ac36be202a4c720fff02bc9e8254451f0b4673d47b
              • Instruction Fuzzy Hash: 00F0C2B4A08348EBCF51EFA8D40458DBFB0AB85350F1081AAE968A7291D3385661EF41
              Function 077AE461 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 75d35cbd8f0d584cc2801e45bc03ab61c6660436484a9aa9ae82ebbc936a8570
              • Instruction ID: 207baaa99ba5887d95f3cd302f22c02c2415202c08d1379db5d17cef2d1cd09e
              • Opcode Fuzzy Hash: 75d35cbd8f0d584cc2801e45bc03ab61c6660436484a9aa9ae82ebbc936a8570
              • Instruction Fuzzy Hash: EDF01DB0E4021ADFDF50EFA8D84169DBBB1FB89384F109E65E421A7388D7B499018F41
              Function 077AC309 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3f15471ef995571f6d1b117dd641d0f842fb669b0532a61c752a16ace544c68
              • Instruction ID: 35087673a42a2b7a5fefe5aa097cd4d126d706883353e93362c2a11c264d0055
              • Opcode Fuzzy Hash: c3f15471ef995571f6d1b117dd641d0f842fb669b0532a61c752a16ace544c68
              • Instruction Fuzzy Hash: 63015274900269DFCBA5CF64C980BACBBB1BB08211F1081EAE95DE7311DB319A94DF10
              Function 07758B08 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5088b1cc4515a741dd55d2538f1b7b22e34d05327aff8d8cb244cacfb60c91fb
              • Instruction ID: f7aeb475e9a4e129e4392aa22c9ba6f7b73be1160c9654116965ef0c963d8ead
              • Opcode Fuzzy Hash: 5088b1cc4515a741dd55d2538f1b7b22e34d05327aff8d8cb244cacfb60c91fb
              • Instruction Fuzzy Hash: D6F0A0B060A345CFC306AB389454826BBA5EA472403458CBAE40ACB262CA76E885C752
              Function 07753AA8 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b8e4a3d50a0456d8b09e3b460fc20349608205d3d0c4f4d0163a3958a382c43
              • Instruction ID: 95ad9058ee01ff67a46c372ea058bd8fb8629ff8dd475950cd08baabf491f8fc
              • Opcode Fuzzy Hash: 7b8e4a3d50a0456d8b09e3b460fc20349608205d3d0c4f4d0163a3958a382c43
              • Instruction Fuzzy Hash: BAF0DAB0E0420A9FDB54DFA9C842AAEBBF5BB48244F1045A9E919E7210D77595048BD1
              Function 0775ADB0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a312e0ec252a10548ac2cc350c52674d1b5118300c54bd837bee77cbeca5e09
              • Instruction ID: 85de5d693493a2e288939cf6abd9086087a3b10b4f250d3ff2217cab1cdb155d
              • Opcode Fuzzy Hash: 9a312e0ec252a10548ac2cc350c52674d1b5118300c54bd837bee77cbeca5e09
              • Instruction Fuzzy Hash: AEE068F0A013D09FD303A728A4509DBBF62E7422B1B060671D844A7B1ACB7C8C12C3C7
              Function 077515A4 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8baab66725a6b3adb4c18b20183b999d031bc8a2aa00fcd476cde24354474e28
              • Instruction ID: 8207e01c4a4c8f93ebbd978b6a1b25ff7c82c01dcc0d87c0cd6f05a11ecf7b58
              • Opcode Fuzzy Hash: 8baab66725a6b3adb4c18b20183b999d031bc8a2aa00fcd476cde24354474e28
              • Instruction Fuzzy Hash: 2CE0E5702852008BD214A7388564BAAB396EBC0361F400CBCD41682384CE71E845CAD0
              Function 07751584 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae96160d667e516597c5107ea21382ce1feac7f5fcac7c6349b6605fbd772959
              • Instruction ID: 2d9f39d3c53193a819c25107a0f909dcbc772d9f77a4f9dd7a1d524fe8deb7e6
              • Opcode Fuzzy Hash: ae96160d667e516597c5107ea21382ce1feac7f5fcac7c6349b6605fbd772959
              • Instruction Fuzzy Hash: ACE06DB0381214DBD226A76D9444BEAF796FBC93A1F400C39D45A87794CFA2F885C7D1
              Function 07752920 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93e0d9327670e1e4df55b424d001e0ce0ea904f05af03fb204c9dd84afd17477
              • Instruction ID: 6621ce4bc75202435e79fdb6d9d84b96687f8c80463b2fcc3e14911f21862313
              • Opcode Fuzzy Hash: 93e0d9327670e1e4df55b424d001e0ce0ea904f05af03fb204c9dd84afd17477
              • Instruction Fuzzy Hash: 33E0D8F124D7A82AD61A236D14142E6BFC6D7165D4F090697D89D82313C685084442E7
              Function 077AE10B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9abf19dd5fe66e5740f27094adfe32c15333feabb2e410f1af71518927d01df0
              • Instruction ID: 08c6abd07d436977fbeada04b78dfc9aa00644686d7612e25dffcad3d13f1b01
              • Opcode Fuzzy Hash: 9abf19dd5fe66e5740f27094adfe32c15333feabb2e410f1af71518927d01df0
              • Instruction Fuzzy Hash: F3E0E5B0A48045DEE790AA78D0457B97BB8ABCD380F008A69D00566289CA740986C763
              Function 077AE110 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a08faab4e81fedeeb789ce70134c85681462fe4cf6cb5f6f027f8e344765d123
              • Instruction ID: 60cff6332711cb9c9a46b9daeadd4dccfde30c361164d82444903ae2cfd6a359
              • Opcode Fuzzy Hash: a08faab4e81fedeeb789ce70134c85681462fe4cf6cb5f6f027f8e344765d123
              • Instruction Fuzzy Hash: D6E09BB0948109EFE7507678D4057A977BCABC9380F008A25D00567295DE741956C753
              Function 07754F28 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4e73bbbee53a1690b8af5f629300f5e55778c8f00382f0fc6cf5451375bea8f
              • Instruction ID: 26d83e4af3c733abec78a478df2c6323fd02168c8de7ed3af845972f0d0df5de
              • Opcode Fuzzy Hash: f4e73bbbee53a1690b8af5f629300f5e55778c8f00382f0fc6cf5451375bea8f
              • Instruction Fuzzy Hash: 14E01A76505318AFDB108F56EC48DABBF7CEB892A1B10842AF80893210C732AC11CAB0
              Function 077AE4A9 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85e90c33445bdd225ea4e22bd01620965950eb8d51e5e69fd5e7cefc366c08d9
              • Instruction ID: ed30ff04709515c468b0d0909d95095382c3d754aa5b57a79dceb4f4c5748338
              • Opcode Fuzzy Hash: 85e90c33445bdd225ea4e22bd01620965950eb8d51e5e69fd5e7cefc366c08d9
              • Instruction Fuzzy Hash: 27F0A7B4A95214EFDB50DF24C845B9A77B5EB87380F2095A4D44997304C7B41D418F13
              Function 077AC9F9 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eac0b8d1dd91a8a6933b4975b49e94ebe555a503f24dd1d976a740ad8c25205d
              • Instruction ID: be3fe4deae3de960325a8118681cd97e8a766a001b296c024473612bd349c9ed
              • Opcode Fuzzy Hash: eac0b8d1dd91a8a6933b4975b49e94ebe555a503f24dd1d976a740ad8c25205d
              • Instruction Fuzzy Hash: 23E02B74805204EFC711CBB0E4005E97F749B06351F2081DAE4046B551C7354E55DBF5
              Function 077AF5B8 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c3c3199d67521badd0d525dfd90fb0b0845a3549747e229c700d381b1263a83
              • Instruction ID: 4d29f35099bde2984034b8554c07d734aa6ad30916e52c85a3c16b21402d9b9a
              • Opcode Fuzzy Hash: 9c3c3199d67521badd0d525dfd90fb0b0845a3549747e229c700d381b1263a83
              • Instruction Fuzzy Hash: 67F039B4E0020CFBCF84EFA8D40468DBBB1EB88341F10C0AAE918A7340E6345A60DF41
              Function 07754F27 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edd25f35ecfedbde202f11bac048dcecefac6fe346fe39dee1e03089a622f73c
              • Instruction ID: 1c74de467c0bc6156b9356c0eb6cb843ecfeabba7479a0acd15552bfd8012d02
              • Opcode Fuzzy Hash: edd25f35ecfedbde202f11bac048dcecefac6fe346fe39dee1e03089a622f73c
              • Instruction Fuzzy Hash: 54E01ABA501218AFDB108F51EC489ABBB68EF88261B108426F80893210C7319811CA60
              Function 077ACC81 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccf150909878067633fa353ef8d38aa906579326b3055984987adc6e891f1595
              • Instruction ID: d2059a570b130ac44adc272ffe556559c3eb6739cb23e6f1b73814e5cca18918
              • Opcode Fuzzy Hash: ccf150909878067633fa353ef8d38aa906579326b3055984987adc6e891f1595
              • Instruction Fuzzy Hash: A8E06DB1D08219EFD741DF78D604A9EBBF1BF08210F1995A9D015EB321E37046008B90
              Function 0775160C Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95d0615ca7f9da814f0fa47606945c1aa17e130ba90648879f0adfcadbecb0ee
              • Instruction ID: a1b522406043a7e6ac4bd6557f76005fa5993e0851a85afa2a39df6d71b86ca5
              • Opcode Fuzzy Hash: 95d0615ca7f9da814f0fa47606945c1aa17e130ba90648879f0adfcadbecb0ee
              • Instruction Fuzzy Hash: DFD02BA134D3347BCA08137D14943A7FECBDB552A8F04446BF94EC3301CB86580441EB
              Function 0775F199 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 610455177d6ecb3aa8e3e447949f9f6ac7718c45b5324d1104ab498aae714490
              • Instruction ID: c5557290f4565dc272fafa22a615f921f9327d4c67de9140b5229eb8cb92af90
              • Opcode Fuzzy Hash: 610455177d6ecb3aa8e3e447949f9f6ac7718c45b5324d1104ab498aae714490
              • Instruction Fuzzy Hash: 73E0127150D2C18BD71A8B6C9408340BEE07B66344F1441EED555CB387D76AD588CB92
              Function 077ABDD9 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1de7ae3a5f57d2f9df90ea5cadf0c991dfe5394530e9471fea2f95cf0d98c7b6
              • Instruction ID: f3c94ed81c7d9133d6c06d8761716bdb8e8720e44bfe7d521dec201fc5e2d443
              • Opcode Fuzzy Hash: 1de7ae3a5f57d2f9df90ea5cadf0c991dfe5394530e9471fea2f95cf0d98c7b6
              • Instruction Fuzzy Hash: DAE0DF3594D140EFCB018B90E8558A87B35EF8B262B0040E3D00E9F263C3340924CF21
              Function 07759560 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47d195045e17333d37e843829b911fb138c7927393f2ba3eb699fde011fcce0c
              • Instruction ID: 08da6a21fc7290096d6f582907af295d08037a2fd95d403f4263eb89933984cd
              • Opcode Fuzzy Hash: 47d195045e17333d37e843829b911fb138c7927393f2ba3eb699fde011fcce0c
              • Instruction Fuzzy Hash: 70E0C2B35081949FCB129B9098408C5BF38DE0B6A430E8083D6088F062C221A626CBE6
              Function 07756378 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a65a5609330b63cec74d85d18a6c3cd51ce38a1378004ffce7af77d05212a1bd
              • Instruction ID: 0229f1de2f3303339cae83120cdedd8c5452a9e997be860133626a673f2e77e5
              • Opcode Fuzzy Hash: a65a5609330b63cec74d85d18a6c3cd51ce38a1378004ffce7af77d05212a1bd
              • Instruction Fuzzy Hash: E0D02BE33094506B99093310A82963C170A8B819D5744045EDC08CB191DE0D1D12C28F
              Function 0775E669 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d23617be9d783e3ec9b30ced541394aac53be86b18f9e0d57dab65d923ab7072
              • Instruction ID: 896bdf51642df2519dbfc4ebdf77217e4d18cfc3643055204cc84ed3f0d802b8
              • Opcode Fuzzy Hash: d23617be9d783e3ec9b30ced541394aac53be86b18f9e0d57dab65d923ab7072
              • Instruction Fuzzy Hash: 44E01AB2918748DECB42EF34D8485997BE4EB16395B01C6AEE848DF000E6748658DF42
              Function 077AE4B2 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8e32750057bccce483cb6af70e6087c431eed4bf2447f9d16fc58f8a6abda6a
              • Instruction ID: 1387e95b059d97d3166e32276b3e959e74522e55b42a4a73abff3709377cf036
              • Opcode Fuzzy Hash: e8e32750057bccce483cb6af70e6087c431eed4bf2447f9d16fc58f8a6abda6a
              • Instruction Fuzzy Hash: CCE039B8A902149FCB90EF24C84576D77B2EB8A280F2095E5D4499B744CBB45E818F13
              Function 077ACC90 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3dae99352032d53ccdcefd2823bdfbda6ed0cecb02bddc4799665d0c85f8de28
              • Instruction ID: dc31446c1297dbd5eda2131fe2a574f547c61447aff55af5c1f26280e440e217
              • Opcode Fuzzy Hash: 3dae99352032d53ccdcefd2823bdfbda6ed0cecb02bddc4799665d0c85f8de28
              • Instruction Fuzzy Hash: 15E0B6B1D44209EFD740EFB9CA09A9EBBF0BF48600F1195A9D019E7351E7B496048F91
              Function 077ACA08 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90f28498f302ff5bc6c1d3abd0ced977cfc457b9370940e762866b4f29e02203
              • Instruction ID: fe193612b9af86e196a251f273ca3dccde2fa91f547b4c9bbd2da62b3ac9d8cf
              • Opcode Fuzzy Hash: 90f28498f302ff5bc6c1d3abd0ced977cfc457b9370940e762866b4f29e02203
              • Instruction Fuzzy Hash: 4CE0C2B0801208FFCB14DFB4E405AADBFB8AB45342F20C1A9E80467240D7398A60EBA5
              Function 07758F00 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47f9c88f3fb0549e7db74920d678b0f58a6039d490c51d10007a16cce0872c02
              • Instruction ID: e8f837aee6cc765387d5ce1f22fced5b80995a7af13f68cf492e6f194826d3fd
              • Opcode Fuzzy Hash: 47f9c88f3fb0549e7db74920d678b0f58a6039d490c51d10007a16cce0872c02
              • Instruction Fuzzy Hash: 46E0BF30515B818FC7029F3CD555594BF70AE4A60471901D6E445DBA27D725F5248B51
              Function 077AE7AE Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49db61a7f7f73af821fab8660aad143cfcac179d9f803deeb2213cc9aa5978c0
              • Instruction ID: 18e6d4ae6f7e54a72ce3b7f58ae5924569b9f6de8196e9d0859f42d169f5fcff
              • Opcode Fuzzy Hash: 49db61a7f7f73af821fab8660aad143cfcac179d9f803deeb2213cc9aa5978c0
              • Instruction Fuzzy Hash: D3E01A70E402199FCB50DF78C98169CB775FB45350F309729D415A7785DB746C018F41
              Function 07758F48 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
              • Instruction ID: 3fb62dacf48d16aaa043c155d8a5f903ad97ff3e5924184566b453dcb082f6f2
              • Opcode Fuzzy Hash: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
              • Instruction Fuzzy Hash: E1E0EC7181460C9E8B40EF75D5044997BE8AB15251F40CA2AE80C9A100E630D2948B82
              Function 0775E678 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
              • Instruction ID: 41d60a3e6f6382ab86854b31a1ed3180ee955e609020439ea59227f061c0f063
              • Opcode Fuzzy Hash: 6b30808ef6f13c8b864e2393718f0dfdde0612323d08628d76a4ec5c3520feac
              • Instruction Fuzzy Hash: FAE0E27181460CEE8B50EF78D50849E7BE8AB15295F40CA2AE8489A100EAB0D3A89B81
              Function 07756388 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6928cd7e196dc8dd7ccaaebda243a935fb684e83a09d8349142ca5eac0e67164
              • Instruction ID: 88bdfc839a1da8485079d8c8dc2899484694b67d24c6688198ed4cfad548bcaf
              • Opcode Fuzzy Hash: 6928cd7e196dc8dd7ccaaebda243a935fb684e83a09d8349142ca5eac0e67164
              • Instruction Fuzzy Hash: 7AC012A2310839534C193358642D17C264E8F81DE5784046DDD0987285EF895D2303DF
              Function 077A8138 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b35821281db9685b55a3de8667349c37e33abe984753ae6e40fb6be4173ef12e
              • Instruction ID: 9f29db19297e848d657aa24868887cf8b74f2a7e85eeae59ef4c286225e91936
              • Opcode Fuzzy Hash: b35821281db9685b55a3de8667349c37e33abe984753ae6e40fb6be4173ef12e
              • Instruction Fuzzy Hash: AED0C2E0A1D296FFC7061A30C8181602A947B922C0F190BFEC081CA163D80C8C048E13
              Function 0775743B Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a73fd5ecce29650f8e83b5cbdec937f475a469ceb8375e178d6a6289e03add2b
              • Instruction ID: 17660d1d1e1e52e2a86c4b7600d74268ff2e565aaf4b93fa1bb39bbd2d532b85
              • Opcode Fuzzy Hash: a73fd5ecce29650f8e83b5cbdec937f475a469ceb8375e178d6a6289e03add2b
              • Instruction Fuzzy Hash: E4D05E351442808FC702CB20D9449C57F72EF0622070980D7E448CF273C234CA55CB90
              Function 07753B48 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fd907db26e0c326943cc9194e08b378049ef7cd9be6bd5e080da8727fdb1410
              • Instruction ID: 2eb8efcbfd256f3ed12865edc27847acad1d71810ed7c0ea654a351d0a4dd9d5
              • Opcode Fuzzy Hash: 7fd907db26e0c326943cc9194e08b378049ef7cd9be6bd5e080da8727fdb1410
              • Instruction Fuzzy Hash: B5D0127610020C9E5B41EF95E800D9277DCBB147D07408432E948C7120F661F924D752
              Function 07759570 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ec9bb768004d6be45f44297ee74bbe7234a646e2b0b6123090173f9cb0430a4
              • Instruction ID: cb37d35b88154a632de5e2cb2774fb3076a397e1cd70f5686ac58b995581bf73
              • Opcode Fuzzy Hash: 3ec9bb768004d6be45f44297ee74bbe7234a646e2b0b6123090173f9cb0430a4
              • Instruction Fuzzy Hash: 41C01272100018BB4A41AB85D804C96BBADAF49654305C056E5088B121D662E51297D6
              Function 07758F10 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2868a2ae3ef86442570deb78b9244e832ef6fcd79432889b422060bc8d94d1c
              • Instruction ID: c4eef5348deb319f00ba0c4d8a6becc7fc1b90e6a9122bd590728d56012817e1
              • Opcode Fuzzy Hash: a2868a2ae3ef86442570deb78b9244e832ef6fcd79432889b422060bc8d94d1c
              • Instruction Fuzzy Hash: 83D01231510B04CFC300EF6CD94586477B8FF45704B4505A5E106AB332FB25F8548B41
              Function 07756360 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 441dee1cd2264dd348ff6a7096ad140c9b5e39c6679cc8d9f55bb58d84e8d712
              • Instruction ID: e6267041acf1a61128c7b2851b2eefa02871adff5dd1935637c9a7d99ba111bc
              • Opcode Fuzzy Hash: 441dee1cd2264dd348ff6a7096ad140c9b5e39c6679cc8d9f55bb58d84e8d712
              • Instruction Fuzzy Hash: EFC02BA100E3C849DF1303301C181D43FA08823DAD3CF40CBCDC5CD02754120841C74D
              Function 077AE6A9 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3505c0c7450921cf354c86dbb906c718590b3d70b3fbf8f9209be97e07a373a
              • Instruction ID: f4b5e57af904b6b0995d15c69928b7d3e6a3f17394e5f363ae772d7a9f0562ea
              • Opcode Fuzzy Hash: e3505c0c7450921cf354c86dbb906c718590b3d70b3fbf8f9209be97e07a373a
              • Instruction Fuzzy Hash: 83D0A7709845448FC710EF38C04455C7F76FF8A241B105578E0186F26DC33018438B01
              Function 077AA260 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66e0ffa83aa9309988531cc22afaa08cbc6908f967d4e16ea390fef47f0d1460
              • Instruction ID: 786ac5720cdebad5de02bbe4cafb8de9dad270147f6b8a5f9816331f74eb7d9d
              • Opcode Fuzzy Hash: 66e0ffa83aa9309988531cc22afaa08cbc6908f967d4e16ea390fef47f0d1460
              • Instruction Fuzzy Hash: 09C08C700C230987CB9027A8F40E3643A689B422A6F108020F10C100605E6C44B0CAA5
              Function 07757448 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729154250.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7750000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
              • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
              • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
              • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
              Function 077A565C Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 314d1ccd15ff629db88907a51ab543ef09e33b8a9fd59ad9ec73201dea957d1b
              • Instruction ID: af453b16571f4a4e25c20897cb92c53dea6b396497fbc64c6e94d75706d8cec1
              • Opcode Fuzzy Hash: 314d1ccd15ff629db88907a51ab543ef09e33b8a9fd59ad9ec73201dea957d1b
              • Instruction Fuzzy Hash: 60B012EA1E9248F1E8007768C984A3BD610FBF7BC1F808D117307C041485B18C69D12B

              Non-executed Functions

              Function 077AE8EF Relevance: .3, Instructions: 331COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7dc798ab66ac4cd171e76db875814dc471bd47ce972f2e12beaa9adcde94bd3
              • Instruction ID: 7cd3a38fe061f8093d37659e9ab394c178b0b20121978b4f41a4632343c80a72
              • Opcode Fuzzy Hash: a7dc798ab66ac4cd171e76db875814dc471bd47ce972f2e12beaa9adcde94bd3
              • Instruction Fuzzy Hash: A3E13CB4E002198FDB14DFA9C5819AEFBB2FF89344F248269E414AB356D734AD41CF61
              Function 077AF180 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5326d8e2127662179153102f2880d03e25e8be10825dccdd5ec7372fdecc5ea5
              • Instruction ID: 64b0c1482e015ae1c3855ac41fda4b6c914d5d6653c7bc5c7ceee8d3ed68dfb2
              • Opcode Fuzzy Hash: 5326d8e2127662179153102f2880d03e25e8be10825dccdd5ec7372fdecc5ea5
              • Instruction Fuzzy Hash: 6BE108B4E001199FDB14DFA9C5809AEFBB2FF89344F248269E414AB356D734AD41CFA1
              Function 077AED48 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e964774b1065b7fe876dad2ce0603058a60112a0f13055b72933eccf81299db6
              • Instruction ID: c879697140c43e9ac624f6d518b87181451fcb1c77d735c93962f9dd26035658
              • Opcode Fuzzy Hash: e964774b1065b7fe876dad2ce0603058a60112a0f13055b72933eccf81299db6
              • Instruction Fuzzy Hash: 2EE128B4E001199FDB14DFA9C5809AEFBB2FF89344F248269E414AB356D734AD41CFA1
              Function 0303F044 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1724883069.0000000003030000.00000040.00000800.00020000.00000000.sdmp, Offset: 03030000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_3030000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a1f9edc881175881a7fcae0fe85a80fff09cca171b3769ac4fda09ca34f97ad
              • Instruction ID: 8b236c06baa50c85e47f14da4b21e02d7e4037de963f32be4fda7eb72593b522
              • Opcode Fuzzy Hash: 5a1f9edc881175881a7fcae0fe85a80fff09cca171b3769ac4fda09ca34f97ad
              • Instruction Fuzzy Hash: F2A15936E0130A8FCF09DFA4C9405DEBBB6FF86300B15856AE905AB265DB71E955CB80
              Function 077A9DE0 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1729304703.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_77a0000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49ddbe1807a95fc2f6cd8846d1209189742251987bfec9499e187756bf24b5b6
              • Instruction ID: 2939e912f63bcdad5379974bdd2043bf8bba9e4b3725eba88e78a5af23b42b97
              • Opcode Fuzzy Hash: 49ddbe1807a95fc2f6cd8846d1209189742251987bfec9499e187756bf24b5b6
              • Instruction Fuzzy Hash: C841089294F3E06EE74B6F3C49750957F708D9314530A02CBD4D0CE0B7D999992CDB66

              Executed Functions

              Function 00E06730 Relevance: 6.7, Strings: 5, Instructions: 442COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (o^q$(o^q$(o^q$,bq$,bq
              • API String ID: 0-2525668591
              • Opcode ID: 8dcc9f01c78ceb1d92f3f28958e163f709c5d313991bad57e8f6060f587bf4f8
              • Instruction ID: 06e36522f4081db7cbc0f789a9001006c45265605faa97b26f0be3f9d65504e0
              • Opcode Fuzzy Hash: 8dcc9f01c78ceb1d92f3f28958e163f709c5d313991bad57e8f6060f587bf4f8
              • Instruction Fuzzy Hash: 6E023C70A00219DFDB14CF69C988BADBBF2FF88304F159069E455AB2A1DB34DDA1CB50
              Function 00E09858 Relevance: 3.4, Strings: 2, Instructions: 859COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (o^q$4'^q
              • API String ID: 0-273632683
              • Opcode ID: 6976a7d4afb62851353f1cbbba802274ca282acc31ee32864818f6080e637c30
              • Instruction ID: 79f7a8e7bd6186491b5b499a8e9bf86ba847a544bbc539b7b06147be1411993a
              • Opcode Fuzzy Hash: 6976a7d4afb62851353f1cbbba802274ca282acc31ee32864818f6080e637c30
              • Instruction Fuzzy Hash: D7729474A00209DFCB15CF68C984AAEBBF2FF88304F159565E845AB3A2D735ED81CB51
              Function 00E06108 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (o^q$Hbq
              • API String ID: 0-662517225
              • Opcode ID: 1a6e9e70698cddc4e4294adcb172587a5dc36868c227fc4f21945f7e9b137291
              • Instruction ID: f6cdf2f719f13d6f5cfc4cb3e70f4a12d6d781050651d98174b2b9cba7645f7d
              • Opcode Fuzzy Hash: 1a6e9e70698cddc4e4294adcb172587a5dc36868c227fc4f21945f7e9b137291
              • Instruction Fuzzy Hash: 92128F70A002199FDB14DF69C854BAEBBF6FF88304F148569E405AB391DF349D96CB90
              Function 00E0B328 Relevance: 2.9, Strings: 2, Instructions: 351COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: c058aa8ca0a5801cc7614eb7d7857c01709396abff84c52bd9debde7ba48c6b9
              • Instruction ID: 3aeccf204949778a7f4240dff0686756d42bf78f35142db23ba1a004bd2250e3
              • Opcode Fuzzy Hash: c058aa8ca0a5801cc7614eb7d7857c01709396abff84c52bd9debde7ba48c6b9
              • Instruction Fuzzy Hash: F1E10A74E00218CFDB14CFA9D984A9DBBB1FF49314F159069E819AB3A2DB31AD81CF50
              Function 06587EFA Relevance: 2.8, Strings: 2, Instructions: 252COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 4abdfb16973be2f3a9727ee64af3b221a969a29a6e9a15eef777271928e6af7b
              • Instruction ID: d317679474f7efc137f85149e3ece73a05a5dd84671ac239fbf6bbaec902047f
              • Opcode Fuzzy Hash: 4abdfb16973be2f3a9727ee64af3b221a969a29a6e9a15eef777271928e6af7b
              • Instruction Fuzzy Hash: 86A12470E012188FDB54DFA9D854BEEBBB2FF89300F20856AD419BB255DB345945CF50
              Function 00E0BEB0 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 68ae5237600a0ddd0e4d1e875ce7866017239e6642f8f419aaba7d5c45dea8ec
              • Instruction ID: 46dcdc8db0e6d4a9de8de0cd01686f7cad5f3c39d91a5c714a80f67a2b04e07e
              • Opcode Fuzzy Hash: 68ae5237600a0ddd0e4d1e875ce7866017239e6642f8f419aaba7d5c45dea8ec
              • Instruction Fuzzy Hash: 2C91B474E01208CFDB14DFA9D984A9DBBF2BF89304F24D169E419AB3A5DB315986CF10
              Function 00E0C190 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: ef1b27672e247d8e9d514e384aafc1ee5f0e1422dd3ba3d2050758f4690c87b5
              • Instruction ID: 381adabef7621edce15348c50abe2d0ab444cd9552dd22f92a3d66ea3bed9066
              • Opcode Fuzzy Hash: ef1b27672e247d8e9d514e384aafc1ee5f0e1422dd3ba3d2050758f4690c87b5
              • Instruction Fuzzy Hash: 4681B374E012088FDB14DFAAD984A9DBBF2BF89300F24D169E419BB365DB349985CF10
              Function 00E0BBD3 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 653673270062cd3a98ebf25743ff07af68501b696cd50f78bc17bcfcc395e905
              • Instruction ID: b35e87ea1b8985e27e5616b1dfe0b313db4c84353764e11144c847eb62145e6e
              • Opcode Fuzzy Hash: 653673270062cd3a98ebf25743ff07af68501b696cd50f78bc17bcfcc395e905
              • Instruction Fuzzy Hash: B281A274E01218CFDB14DFAAD984A9DBBF2FF89304F149069E419AB365DB349986CF10
              Function 00E0C751 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: a52270a69c769139b0544536dff614953fbf495cff5f1601f7e3f42c72737073
              • Instruction ID: ed40a627ab1cf0e11ebaf19387fdc041bf0f9030246547b91c1a1848289dec3f
              • Opcode Fuzzy Hash: a52270a69c769139b0544536dff614953fbf495cff5f1601f7e3f42c72737073
              • Instruction Fuzzy Hash: 8881B474E01218CFDB18DFA9D994A9DBBF2BF89300F24D569E409AB365DB309985CF10
              Function 00E04AD9 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: fb495fabcb0869935f1b09fec9c6c350abaf5c45b2608e85ecd3130e08c5a13f
              • Instruction ID: 347b06e8da3f5a000a7a8d5a2d49446d7c2bba4f07d5e9b8f1e4c02c58db0aa2
              • Opcode Fuzzy Hash: fb495fabcb0869935f1b09fec9c6c350abaf5c45b2608e85ecd3130e08c5a13f
              • Instruction Fuzzy Hash: A981A7B4E012188FEB14DFA9D984A9DBBF2BF88300F149069E919B7365DB345985CF10
              Function 00E0CA31 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 229c70be3ea936e21d70621e16ca47df157673af5f5e177023f2ec232e1f6723
              • Instruction ID: 0606632b358cd5d47a9859d00f95123fb5f9ce20bac8bbfcf06f8d2716d2912e
              • Opcode Fuzzy Hash: 229c70be3ea936e21d70621e16ca47df157673af5f5e177023f2ec232e1f6723
              • Instruction Fuzzy Hash: A681A474E01218CFDB14DFA9D994A9DBBF2BF88300F24D569E809AB365DB345986CF10
              Function 00E0C470 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: c0056791d81cd67a87c1d153d1c214ec8f81ade313d12569640d2dd7a22675de
              • Instruction ID: 0b0630c4a63401a62b7bc2130ef151b3a7c21e2a41e5908dd573aee249fa3682
              • Opcode Fuzzy Hash: c0056791d81cd67a87c1d153d1c214ec8f81ade313d12569640d2dd7a22675de
              • Instruction Fuzzy Hash: 7381A3B4E00218CFDB14DFA9D984A9DBBF2BF89300F24D169E419AB365DB319985CF10
              Function 00E0B4F3 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 9bda686bf3d016eeadb082cd6bc63b35284618d0501399c1b984f0a84d3abbbf
              • Instruction ID: 9f86475d1762e8cf3f2c94553befe62fb2fa21410951e68b1a4d96dd3888f977
              • Opcode Fuzzy Hash: 9bda686bf3d016eeadb082cd6bc63b35284618d0501399c1b984f0a84d3abbbf
              • Instruction Fuzzy Hash: 5C61C574E012088FDB14DFAAD984A9DBBF2FF89310F14D16AE418AB365DB355986CF10
              Function 065811A0 Relevance: .7, Instructions: 745COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad7e7b727525eff2f43b9114ddbd0ffcd7c4d61d4c6daa2b7f06d15570afd7d0
              • Instruction ID: 96ca2eabd4d3eb69130f9bbb54bc21c2349149b313442979e60bb7b9ba3c0402
              • Opcode Fuzzy Hash: ad7e7b727525eff2f43b9114ddbd0ffcd7c4d61d4c6daa2b7f06d15570afd7d0
              • Instruction Fuzzy Hash: 35828D74E012288FDB64DF69C998BDDBBB2BB89300F1081EA940DA7265DB355E81CF51
              Function 00E0F01F Relevance: .7, Instructions: 717COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ed4640c424485e8df92e98f404ef0cd29504c3aabaecdd59fe9c685f9874c18
              • Instruction ID: e5b228f940ae57b103a0f27235f2b882fa073de680cd50e548f91841bc52ca40
              • Opcode Fuzzy Hash: 2ed4640c424485e8df92e98f404ef0cd29504c3aabaecdd59fe9c685f9874c18
              • Instruction Fuzzy Hash: 6472DE74E012288FDB64DF69C884BD9BBB2BB49300F1491E9E409A7395DB34AEC1CF50
              Function 06587910 Relevance: .3, Instructions: 296COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c4a4cd9b6ab658488c27a6181454a30fc328672e685f650e27beaaaaefff935
              • Instruction ID: bfeb173c108eae1c4e4e0bead5c22693c93ba66d679dd3064e502ba61c751388
              • Opcode Fuzzy Hash: 6c4a4cd9b6ab658488c27a6181454a30fc328672e685f650e27beaaaaefff935
              • Instruction Fuzzy Hash: FDE1CF74E01218CFEB54DFA5C984B9DBBB2BF88304F2084A9D409BB395DB355A85CF61
              Function 0658B7B0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdd13aa569e46ba4fb7db79eaaa146d63d2efeb99cbc701789a8065d4a8cdaf4
              • Instruction ID: 24f16c4639b00cbf60d937af348be115bb072e02dd9832532b05462876a1460d
              • Opcode Fuzzy Hash: cdd13aa569e46ba4fb7db79eaaa146d63d2efeb99cbc701789a8065d4a8cdaf4
              • Instruction Fuzzy Hash: 78A1A170E012288FEB68DF6AD944B9DBAF2BF89300F14D0AAD40DB7255DB705A85CF50
              Function 0658C448 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f23f072177914280b162d3facd7bc9380a6c30f2884b97e8af823511bc6fe14b
              • Instruction ID: c15ad40ec54b8bb62fae54768aeb2e4381393a5a525b6337544d02c4ca00f6e6
              • Opcode Fuzzy Hash: f23f072177914280b162d3facd7bc9380a6c30f2884b97e8af823511bc6fe14b
              • Instruction Fuzzy Hash: 4BA19071E012188FEB68DF6AD944B9DBAF2BF89300F14D0AAD409B7255DB345A85CF60
              Function 0658A4C0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aac76ff20b6e4955b611fc59561cf93a386eec42807003237e2ed662968eb1c0
              • Instruction ID: e80914b78246bd72ac2496b1e29469a4f3fbd75fb959dc518e9045d3d2126679
              • Opcode Fuzzy Hash: aac76ff20b6e4955b611fc59561cf93a386eec42807003237e2ed662968eb1c0
              • Instruction Fuzzy Hash: 5FA1A171E01218CFEB68DF6AD944B9EBAF2BF89300F14D0AAD409B7255DB345A85CF50
              Function 0658AB10 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6dbf85eb7fc565fc2eb897f76b1087382939b65189577e26c2b89ad4b558ad7c
              • Instruction ID: 8b43905e7c3e809cadd878d6870e3aa27a6141593e4b6be17d84ae32ee65f440
              • Opcode Fuzzy Hash: 6dbf85eb7fc565fc2eb897f76b1087382939b65189577e26c2b89ad4b558ad7c
              • Instruction Fuzzy Hash: 6CA1B071E01618CFEB68DF6AD944B9DBAF2BB89300F14C0AAD408B7255DB345A85CF50
              Function 0658B160 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09bd978187c4e9e5bbf676fcdd57c4b055e36f3c50d79858349000534e9900c0
              • Instruction ID: 79662c25bc9823ba015cc807447c7ab6820716f833dbbf709917cee6b7945584
              • Opcode Fuzzy Hash: 09bd978187c4e9e5bbf676fcdd57c4b055e36f3c50d79858349000534e9900c0
              • Instruction Fuzzy Hash: BEA1B070E01218CFEB68DF6AD944B9DBAF2BF89300F14D0AAD408B7255DB305A85CF50
              Function 065891E0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a4c403dc7bca84bfaa16112db89ef749b1fe5bc261856aa1664dd05b74c32f8
              • Instruction ID: cedb11629ff2bdcaf0f7101a63528baec3d8e237882c0320846472a88f3a6ced
              • Opcode Fuzzy Hash: 5a4c403dc7bca84bfaa16112db89ef749b1fe5bc261856aa1664dd05b74c32f8
              • Instruction Fuzzy Hash: 6AA1A074E012188FEB68DF6AC944B9DBAF2BF89300F14D0AAD40DB7255DB345A85CF51
              Function 06589E78 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b62a32e60d9d681e6c4a7fd97ed4192849b05647c7c1ce577a9df17a281f7ca2
              • Instruction ID: 3914fe6e88781e39d2b1786e3e3b0b660ea2152e6f4b07a545d23a670f2845d5
              • Opcode Fuzzy Hash: b62a32e60d9d681e6c4a7fd97ed4192849b05647c7c1ce577a9df17a281f7ca2
              • Instruction Fuzzy Hash: 9DA1A070E01228CFEB68DF6AC944B9DBBF2BB89300F14D0AAD409B7255DB345A85CF50
              Function 0658BE00 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9949fe3e5f75af2661ed69319ec06b7a573511d5c7e6bc90e65493ab7f2d7a98
              • Instruction ID: bb2d73d653e08620d77a1fc2a4373993d54ffe9213ceff8359fec1148a3f56d2
              • Opcode Fuzzy Hash: 9949fe3e5f75af2661ed69319ec06b7a573511d5c7e6bc90e65493ab7f2d7a98
              • Instruction Fuzzy Hash: E2A1A171E01218CFEB68DF6AD944B9DBAF2BF89300F14D0AAD409B7255DB345A85CF50
              Function 06589830 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbca5b4d8dae1f93d9d1b454ac71f6bd4e1f9b21b5f713ed74ff8e0129738a52
              • Instruction ID: 76acc3db5c6de90707bb55a4ff26d47619723dd4c424f5fc8c9225117388897e
              • Opcode Fuzzy Hash: bbca5b4d8dae1f93d9d1b454ac71f6bd4e1f9b21b5f713ed74ff8e0129738a52
              • Instruction Fuzzy Hash: BEA1AF71E012288FEB68DF6AC944B9DBAF2BF89300F14D0AAD40DB7255DB345A85CF51
              Function 06581191 Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f95ef1292c5ab3821bec7da37455a0e232b8e1b026756ae1dcc157712c3d9b0e
              • Instruction ID: eeb15ed68baf9b4f480f293c362a26bd233f0946455a94c50cd8c0e35892638c
              • Opcode Fuzzy Hash: f95ef1292c5ab3821bec7da37455a0e232b8e1b026756ae1dcc157712c3d9b0e
              • Instruction Fuzzy Hash: F081A174E012299FEB64DF29D985BDDBBB2BB89300F1080EAD849A7354DB305E81CF55
              Function 06589820 Relevance: .2, Instructions: 168COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd10679e68763c1bc385985654d956e9e21b85f053f8859c4d6910da67b09a2c
              • Instruction ID: 35a3d47f1a30287d9a48aea45b8016a7584907d222512c52cc74526d6ba9cf63
              • Opcode Fuzzy Hash: cd10679e68763c1bc385985654d956e9e21b85f053f8859c4d6910da67b09a2c
              • Instruction Fuzzy Hash: 91718471E016188FEB68DF6AC944B9ABAF2AF89300F14C1AAD40DB7254DB345A85CF51
              Function 06589E67 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c082111317cf11b3e84a308c5f048001fcb4ff8f18da91816b92508c7e5fc0c5
              • Instruction ID: 4080f52be5a46bfb96feb1a0c06510ae35732f35937ce607faf57553a962e9ab
              • Opcode Fuzzy Hash: c082111317cf11b3e84a308c5f048001fcb4ff8f18da91816b92508c7e5fc0c5
              • Instruction Fuzzy Hash: 9D719370E01618CFEB68CF6AC944B9EBAF2AF89300F14C0AAD40DB7254DB345A85CF51
              Function 0658BDFB Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62c0ec6adf6585460ca0d67cdb9dc658a32e3ec0897981a2190966c40c30402d
              • Instruction ID: ae99b1ec2cd7286d188d2e9f7834fc5ba06fdb9941de52d7b059b0b80d6f37bd
              • Opcode Fuzzy Hash: 62c0ec6adf6585460ca0d67cdb9dc658a32e3ec0897981a2190966c40c30402d
              • Instruction Fuzzy Hash: 8A719371E00618CFEB68DF6AC944B9EBAF2AF89300F14C4AAD40DB7254DB345A85CF51
              Function 0658B150 Relevance: .1, Instructions: 144COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96e5ae6c55525de0e4732aba02b54970013736cff8ab5eb6657460f56945cbbd
              • Instruction ID: f2e1091014d5367d554034a3f6ff77d3ec18c26d3226ce1a09125ade15982a94
              • Opcode Fuzzy Hash: 96e5ae6c55525de0e4732aba02b54970013736cff8ab5eb6657460f56945cbbd
              • Instruction Fuzzy Hash: 2C51F7B1D056589FEB19CF6ADC447D9BBB2BBCA304F14C0EAD408AB215DB320A85DF51
              Function 06587900 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d79b575cd2c0f721f49034b4e020004bbd9d0b8494e711f4edfcd64ead1a365
              • Instruction ID: bcc3be98336400a9f2f5d66b43fbea26bb9a77964d471f97a3d2e6b27c82199b
              • Opcode Fuzzy Hash: 5d79b575cd2c0f721f49034b4e020004bbd9d0b8494e711f4edfcd64ead1a365
              • Instruction Fuzzy Hash: FA41F2B0E006088BEB18DFAAC8447DEBBF2BF88304F24D569D418BB254DB755946CF64
              Function 0658C438 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c339217338e151000f3bf82ebd269d74996b53955d79abf1d0e2dfac5fc29c8e
              • Instruction ID: a4cf119dc8309e4d26ffef310bc59d44b395f2a5a2e7157e48b3734fdc0508a4
              • Opcode Fuzzy Hash: c339217338e151000f3bf82ebd269d74996b53955d79abf1d0e2dfac5fc29c8e
              • Instruction Fuzzy Hash: AD416871D016189BEB58DF6BDD4578AFAF3AFC9300F04C0AAD50CA6265EB740A858F51
              Function 0658AB02 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a14a645edfd6f5902b6da111a92707bfa22aa5e26a9094aa5da43098ecdf233
              • Instruction ID: 7a381bd99c961d6868502338a3517e8ea6fa5e85fb5afe362c9d64ed50d1dd95
              • Opcode Fuzzy Hash: 6a14a645edfd6f5902b6da111a92707bfa22aa5e26a9094aa5da43098ecdf233
              • Instruction Fuzzy Hash: 34415871E016188BEB58CF6BCD4578AFAF3AFC9300F04C1AAD50CA6254DB740A868F51
              Function 065891D6 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64d9a3d780ddff009dfad5f5f3aa1fa90bc6c984eafd94147d00a027230d2a68
              • Instruction ID: 0738a2ae06093ea4fe00b26febec504d45cd2e75de3ee7ebe5c4a29774535bf0
              • Opcode Fuzzy Hash: 64d9a3d780ddff009dfad5f5f3aa1fa90bc6c984eafd94147d00a027230d2a68
              • Instruction Fuzzy Hash: 204159B1D016188BEB58DF6BCD457DAFAF3AFC9300F14C1AAD50CA6264DB740A868F51
              Function 0658A4B6 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbcac22343ae6e46955de8e06458db734b5fd7f150d2511e3c2fefae229817e7
              • Instruction ID: b5a8f02688d48538090f7835b3f7f81681caf08edd733f932884efa65e6fd980
              • Opcode Fuzzy Hash: dbcac22343ae6e46955de8e06458db734b5fd7f150d2511e3c2fefae229817e7
              • Instruction Fuzzy Hash: F1416971E016188BEB58CF6BCD4578AFAF3AFC8300F14C1AAC50CA6265DB740A86CF51
              Function 00E06E58 Relevance: 10.5, Strings: 8, Instructions: 477COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
              • API String ID: 0-1932283790
              • Opcode ID: 5f75bbd05fb3df85fddcdada1168016a4bc4770604ea22952fb1806b23f3de32
              • Instruction ID: 72bd5b95e66990f2020b71003e0142a654d6eac832ae73a62dcc2cd102095254
              • Opcode Fuzzy Hash: 5f75bbd05fb3df85fddcdada1168016a4bc4770604ea22952fb1806b23f3de32
              • Instruction Fuzzy Hash: 10125A30A042099FCB14CF69D984A9EBBF2FF48314F159569E895AB3A1DB30FD81CB50
              Function 00E087E9 Relevance: 4.2, Strings: 3, Instructions: 498COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: 4'^q$4'^q$;^q
              • API String ID: 0-799016360
              • Opcode ID: 7b12bb45473be81e4b40a1d9830d832765330da5c3a0fc5c185603ad094ffa17
              • Instruction ID: afdd4c147c9c753fa869ed87db0d825bd3d144dc3c2155051c79c3872561dad0
              • Opcode Fuzzy Hash: 7b12bb45473be81e4b40a1d9830d832765330da5c3a0fc5c185603ad094ffa17
              • Instruction Fuzzy Hash: AAF1B3743001018FDB189B29CA58B3977A6EF95704F1964AAE186EF3E1EE39CCC1D752
              Function 00E077F0 Relevance: 3.2, Strings: 2, Instructions: 704COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: $^q$$^q
              • API String ID: 0-355816377
              • Opcode ID: e46ba69d84832efa1f1849786f14c98743315a811d6b1882f4ae1d4808f8fbcd
              • Instruction ID: ec6ddbe6857ec77d009a1ce271bc2f08321438241b50c3cd2042de175fe5476a
              • Opcode Fuzzy Hash: e46ba69d84832efa1f1849786f14c98743315a811d6b1882f4ae1d4808f8fbcd
              • Instruction Fuzzy Hash: 43524474A00218CFEB149FA4C964B9EBB76EF88300F1091A9D10A7B3A5CF359D85DF65
              Function 00E056A8 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Hbq$Hbq
              • API String ID: 0-4258043069
              • Opcode ID: 1c0f58644092e1271cecd237af3d767a93fad034615b7de4495155b8991b5df3
              • Instruction ID: 509754b6ef6e3e8af8e6f755304e6daa13026020583a6f6337d5081179c4f69c
              • Opcode Fuzzy Hash: 1c0f58644092e1271cecd237af3d767a93fad034615b7de4495155b8991b5df3
              • Instruction Fuzzy Hash: C9B1BD367046509FDB159F78C858B6B7BE2EB88304F149529E806AB3D1DF39CC81DBA0
              Function 00E05C08 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: ,bq$,bq
              • API String ID: 0-2699258169
              • Opcode ID: c3e139b82a725547a7571d505578fbbf8e03e732c976d7bf7abd9f976a0846fb
              • Instruction ID: b33c1764727f68e6178b899d488309d74c3f3e2daffff8e55fce332b9217db94
              • Opcode Fuzzy Hash: c3e139b82a725547a7571d505578fbbf8e03e732c976d7bf7abd9f976a0846fb
              • Instruction Fuzzy Hash: 97817136A00A05DFDB14DF69C4889ABB7B2FF89304B24956AD405EB3A1D731ED81CF61
              Function 065823E0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: LR^q$LR^q
              • API String ID: 0-4089051495
              • Opcode ID: 62ab92f2cd24990c838a4ddfda9bb04917afbdf68933fb4ef106c9e6b643917f
              • Instruction ID: bd4fa54c70e989432b2d82fe02d7b819d3187f92b7f8925004f271c986bf7725
              • Opcode Fuzzy Hash: 62ab92f2cd24990c838a4ddfda9bb04917afbdf68933fb4ef106c9e6b643917f
              • Instruction Fuzzy Hash: BB81A031B101058FCB48EF39C854A6E7BB6FF88600B148569E405EB7A5EB30DD02CBD1
              Function 06588818 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (&^q$(bq
              • API String ID: 0-1294341849
              • Opcode ID: 36d23a7afaf95e79cf5293981bd5d837b0bc6c1a8c3b9a0398dd764d59b1ad28
              • Instruction ID: de8e729a304e97d63b3e7c4c0508958cb40d535709d58989d4fab2d9633c7ff1
              • Opcode Fuzzy Hash: 36d23a7afaf95e79cf5293981bd5d837b0bc6c1a8c3b9a0398dd764d59b1ad28
              • Instruction Fuzzy Hash: 37718E31F002599FDB55EFA9C8506AEBBB6EFC4740F144529E406B7280DF34AE06CBA5
              Function 00E03428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Xbq$Xbq
              • API String ID: 0-1243427068
              • Opcode ID: 519ebd44b8d454d5fee3f877aecacd40155f25c36bb1d4ae7c83fe826e8c7381
              • Instruction ID: 33d261e88c767a9db718593c5608171baab9ba1966af7cac472077f9d87381d3
              • Opcode Fuzzy Hash: 519ebd44b8d454d5fee3f877aecacd40155f25c36bb1d4ae7c83fe826e8c7381
              • Instruction Fuzzy Hash: 91313731B003248BDF189A7A898427EA5DEEBC4314F145439D816E73D4DF74CE8587A1
              Function 00E00C97 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: 8c957155bd246d2c8f44f36d4573608f0b95d83049140feb32f88ddc0dc351be
              • Instruction ID: 8704970b3b45d63abf29a540cca47e0ffaabd2f5898d36a13b25788e608485d7
              • Opcode Fuzzy Hash: 8c957155bd246d2c8f44f36d4573608f0b95d83049140feb32f88ddc0dc351be
              • Instruction Fuzzy Hash: 8922F878901219CFCB54EF64E998B9DBBB2FF48300F1086A5D409A7369DB386D86CF51
              Function 00E00CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: 570274863a5cc722d74b3999473fb4d25bce8c8f3380bc50d8517960f72c5f03
              • Instruction ID: 94bdef415ff62811f9d8f323c83ed152d8027e600083a5271e89a7fae8c3c62a
              • Opcode Fuzzy Hash: 570274863a5cc722d74b3999473fb4d25bce8c8f3380bc50d8517960f72c5f03
              • Instruction Fuzzy Hash: FD22F978901219CFCB54EF64E998B8DBBB2FF48300F1086A5D409A7369DB386D86CF51
              Function 00E0A650 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: (o^q
              • API String ID: 0-74704288
              • Opcode ID: 9fa7162fb9b0d8079b23ad2d42a73211f7669024b5c1d833335760431ac98469
              • Instruction ID: 215b97438875ec5975101ae307126be42faaa1fdde27aaab65ef19cfcc33dafa
              • Opcode Fuzzy Hash: 9fa7162fb9b0d8079b23ad2d42a73211f7669024b5c1d833335760431ac98469
              • Instruction Fuzzy Hash: 1E41AE357002089FCB14AF69D8586AE7BF6FBC8310F188469E916E7391DE359C46CBA1
              Function 00E0A818 Relevance: .4, Instructions: 411COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 411f8557aed928ce849768a0bfaac2881054089a36e6b5c84dc4f990543dda1a
              • Instruction ID: cae5a8b45a470b5b5db7107f3314a8d98af52b26a146b023d858bfe4006b234d
              • Opcode Fuzzy Hash: 411f8557aed928ce849768a0bfaac2881054089a36e6b5c84dc4f990543dda1a
              • Instruction Fuzzy Hash: 59F10E75A006199FCB04CF6CD588A9DBBF2FF88314B1A9069E515BB3A1CB35EC81CB51
              Function 00E07438 Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58304504efb11e8ffe71fe71f9b67688cfcc62d60d26266136675a4654da808a
              • Instruction ID: 3501901d3ece0292d7f319d43bbf60696d7663f7be7a779a7516ac9cf9f0977c
              • Opcode Fuzzy Hash: 58304504efb11e8ffe71fe71f9b67688cfcc62d60d26266136675a4654da808a
              • Instruction Fuzzy Hash: 6F713B34B046058FCB14DF28D898AAE7BE5EF49704F1510A9E852EB3B1DB75EC81CB90
              Function 00E0CEC7 Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90947a406917b35d9a49dfad2e515d4aa827d2d10914306cc646750fea6a1f8a
              • Instruction ID: 3503ee4bbbe3df90ee056e8a39ec45908aea26892571cb5778c58c51dcdb75e3
              • Opcode Fuzzy Hash: 90947a406917b35d9a49dfad2e515d4aa827d2d10914306cc646750fea6a1f8a
              • Instruction Fuzzy Hash: BA51C078461B43EFD7042B20B6AC27ABBB4FB0F3177446D44A10FE21699F785C858A22
              Function 00E0CED8 Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80e64b6bbb570cff18c14987e3d921a4419523990dbbbfaf579882cfb9c700d2
              • Instruction ID: d8e84b51ca35633aa0d9aa34590fef07fa344aefca218fc382f1af21ee6a9ba8
              • Opcode Fuzzy Hash: 80e64b6bbb570cff18c14987e3d921a4419523990dbbbfaf579882cfb9c700d2
              • Instruction Fuzzy Hash: 94519E78061B47EFD2442F24B6AC23ABBB4FB0F7277446D44A11FE11299F785C858A62
              Function 00E0E2EF Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 734c666c1aa0452a8e6982c749d9cd23a59303813892e625298625be86eec799
              • Instruction ID: 332f9d49de14d47c58a8c2bcc23b5eb75917c03d4ac7a254b498ab9b41d2fa2f
              • Opcode Fuzzy Hash: 734c666c1aa0452a8e6982c749d9cd23a59303813892e625298625be86eec799
              • Instruction Fuzzy Hash: 7E610174D01218DFDB14DFA5D948AADBBB2FF88304F208929D409BB394DB359986CF51
              Function 0658BDF1 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5413acbd369726988ce9a09313f6fe8bd8ecbdb13cd50cded4509e350a5de001
              • Instruction ID: 9814359b8f64b4927a703a31203d71730724e2d8d0b978722a85897e9f37affb
              • Opcode Fuzzy Hash: 5413acbd369726988ce9a09313f6fe8bd8ecbdb13cd50cded4509e350a5de001
              • Instruction Fuzzy Hash: 3F61F670D04298DFEB54CF69D888B99BBB2BF8A304F1094EAD00DBB255D7315A85CF12
              Function 00E038F9 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6ba86ad4d15f7659df0209a56a811e0bc107d530636d19b207f8562cc7a3835
              • Instruction ID: bd8dcd98c0f1d305d29dbec5e2ecd34108fa7436840f56d181b0328c9a8d93b5
              • Opcode Fuzzy Hash: b6ba86ad4d15f7659df0209a56a811e0bc107d530636d19b207f8562cc7a3835
              • Instruction Fuzzy Hash: 2551A475E01208CFCB08DFA9D89499DBBB2FF89300B209569E805BB365DB35A946CF50
              Function 00E0CD10 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e03d2942d7a571a8dff9246c2cdfac58361347fed3962512c739f2d42291d3da
              • Instruction ID: 04db5824650b6407f0c54d9c939ca5d3faa2602d9c39875bbd07327b6b76f658
              • Opcode Fuzzy Hash: e03d2942d7a571a8dff9246c2cdfac58361347fed3962512c739f2d42291d3da
              • Instruction Fuzzy Hash: 3E518274E012089FDB44DFA9D9949DDBBF2FF89300F208169E809AB365DB30A906CF50
              Function 0658CA98 Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 519918519058fe7fe4032812a6107b2b8b2075f6c0d25a8788a8f8d1def9538d
              • Instruction ID: 8abf56dc22f480c9a2df792916620b8d4361803a7408379e15f8ce08a5e2bb78
              • Opcode Fuzzy Hash: 519918519058fe7fe4032812a6107b2b8b2075f6c0d25a8788a8f8d1def9538d
              • Instruction Fuzzy Hash: 10415E31901319CFEB04AFB0D49C7EE7BB5FB49316F105859D116A22D4DBB81A84CFA6
              Function 00E03908 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d3451ec59524e24a2e950eb7195655622bd98a169b2a0afaa24d5c4bdf4d0bc
              • Instruction ID: db25ca9004e0ea4471153954a30b78004923f9c93d457fa0b877b3768b2e0e76
              • Opcode Fuzzy Hash: 6d3451ec59524e24a2e950eb7195655622bd98a169b2a0afaa24d5c4bdf4d0bc
              • Instruction Fuzzy Hash: 61519375E01208CFCB08DFA9D99499DBBB2FF89300B209469E805AB365DB35A946CF50
              Function 00E0F101 Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d83d119de131c9207afc178417754515f3b8d1d9f7b758e911b841ede5446b8a
              • Instruction ID: c0d852eb436e963f61c46e5c84cdf6e70254124265d4d7d02f8fefc5e9d3c84e
              • Opcode Fuzzy Hash: d83d119de131c9207afc178417754515f3b8d1d9f7b758e911b841ede5446b8a
              • Instruction Fuzzy Hash: 5651BB75D02228CFCB64DFA4D984BEDBBB1AB89301F1065AAD409B7390D735AE85CF00
              Function 00E09A63 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f3b03650f99f7fd5affcf8625733082809e8c914bb74acf0eaa0be4ccd641da
              • Instruction ID: 90821d55a0f58bc1a6a516f27fddc6d4e8b6fb85cda79046ad95d4d4ea1653ef
              • Opcode Fuzzy Hash: 6f3b03650f99f7fd5affcf8625733082809e8c914bb74acf0eaa0be4ccd641da
              • Instruction Fuzzy Hash: C841BF30A04249DFCF11CFA4D884A9DBFB2EF89354F149555E815AB2A3D734ED94CBA0
              Function 06588808 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5097e86d5cb225e8f62f911e93edea5ad8ac2af7eac9f39011d78a6239deaadc
              • Instruction ID: 887b9d74d5eebe0de6a9d1e0e7a992246974f239bd01d3b215ff45f080827273
              • Opcode Fuzzy Hash: 5097e86d5cb225e8f62f911e93edea5ad8ac2af7eac9f39011d78a6239deaadc
              • Instruction Fuzzy Hash: EA412E31E0021A9FDB54DFA5C880AEEBBF5FF88700F548129E455B7240EB70AD46CB91
              Function 00E0D7E6 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3531af611b8150275b2309eee7e452cc9e7f7e201925c1d7f30dad1d1acded8c
              • Instruction ID: acf2ae0ca0e970dbc36e980c520ff81810fa899b8fbe5e465f64e565f8718f4d
              • Opcode Fuzzy Hash: 3531af611b8150275b2309eee7e452cc9e7f7e201925c1d7f30dad1d1acded8c
              • Instruction Fuzzy Hash: 9B410674D09108CFCB04DFE8E8946EDBBB1FB49301F64A01AE419B7295DB759881CF65
              Function 00E0D803 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 228108a3c1285cc45a047e6c3bc6f7b60bbc18e867a673792cd028b55d927804
              • Instruction ID: 7ac9030b5c4c274c25bc20d72de310bb0f1c3b675d665d7c62ff38e8036ed562
              • Opcode Fuzzy Hash: 228108a3c1285cc45a047e6c3bc6f7b60bbc18e867a673792cd028b55d927804
              • Instruction Fuzzy Hash: F1412674D09208DFCB04DFE8E8846EDBBB1FB49301F64A11AE409B7295DB759881CF65
              Function 00E0D786 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67d01c87ff33f205e332f4462d805d7d0eb7ac72b68b519a224ac9a7c687361d
              • Instruction ID: 728dad3e81cf83c091d15044cac48ff762c868e86baa6c5fca620fc750e8d4f1
              • Opcode Fuzzy Hash: 67d01c87ff33f205e332f4462d805d7d0eb7ac72b68b519a224ac9a7c687361d
              • Instruction Fuzzy Hash: C741F274D09208CFCB04DFE8E8846EDBBB1FB49315F24A11AE419B7295DB759881CF64
              Function 00E0D638 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1836e636f81c2fc92960fc1424f1dda96070fdd0c5ce0362af35389ca0b31b71
              • Instruction ID: c18a81c637fdf868d6120fbe34d422a1f186ab39c435151b9bc73aee64bb6cf4
              • Opcode Fuzzy Hash: 1836e636f81c2fc92960fc1424f1dda96070fdd0c5ce0362af35389ca0b31b71
              • Instruction Fuzzy Hash: E141F770D05208CBDB04DFA9D8446EEFBB2FB89300F28E129E415B7295DB759881CF64
              Function 00E04DC8 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bda3fe225752a27532d114f6b8c9660fe3f8d4587875e1d427cfb25a3149eec1
              • Instruction ID: 9a2eb80dd04ab60680171b4446b02c20ef04962c502ffe5a7b0011c3e1c4a450
              • Opcode Fuzzy Hash: bda3fe225752a27532d114f6b8c9660fe3f8d4587875e1d427cfb25a3149eec1
              • Instruction Fuzzy Hash: 693162B120114AAFDF059F64D958AAE7BA7FB88304F104414FA159B3D1CF39DD62DBA0
              Function 0658CA88 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01ef31952f004d6af75c192a7e30fe4a68c0b4f994bdc126621b9cb222eb1394
              • Instruction ID: 6441970e1c1792338bf85ce0dfb6378456c4b467025163e3215393f0911e334e
              • Opcode Fuzzy Hash: 01ef31952f004d6af75c192a7e30fe4a68c0b4f994bdc126621b9cb222eb1394
              • Instruction Fuzzy Hash: D9319535905319DFEB00AFB0D45C7EF7BB5EB8A315F008859D115A62D5DBB80A84CFA2
              Function 00E076D0 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26e33a08816d0fa55c0cd0d8929843ec5c87730905ecef7f4a9201f2af7fe548
              • Instruction ID: b13af670ea3227dde7a6455767fcb24cca828da308ac8c8a601ed66c7b8763a4
              • Opcode Fuzzy Hash: 26e33a08816d0fa55c0cd0d8929843ec5c87730905ecef7f4a9201f2af7fe548
              • Instruction Fuzzy Hash: E02108347082015BEB191735D88867E66A7AFC878E71C107AD586DB7D4EE25EC82D381
              Function 00E0A809 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 575b7f1f3312905f7c5ab090734f23431695718838ed6298dc182a9513e1e1f0
              • Instruction ID: f8ea801d99ea2fbe9d0179a348ab7e6bc530c09aba1ad8b3634d44dd2797880e
              • Opcode Fuzzy Hash: 575b7f1f3312905f7c5ab090734f23431695718838ed6298dc182a9513e1e1f0
              • Instruction Fuzzy Hash: 3D318670B006098FCB04CF6DD8889AEBBF2FF85350B198565E555A73B1CB349D42CBA1
              Function 00E076E0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2a1f85c8c792f3ffd6b314dbfe64c3226679b4a9099f82096e7941c82d58236
              • Instruction ID: f2d6609e3caae598497dedc2c9c91a37ebe5d8cbb2e553a7d0308051a5b42de0
              • Opcode Fuzzy Hash: a2a1f85c8c792f3ffd6b314dbfe64c3226679b4a9099f82096e7941c82d58236
              • Instruction Fuzzy Hash: 8D21063870820167EB181625C85477E35979FC478EF1C507AD586DB7D4EE29ECC2D381
              Function 00D7D005 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121224287.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_d7d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b77083256bbcdccd49cad58c5e2b3dc88e11d7c83e5d30cb643637c08200cab
              • Instruction ID: 1586e3e818d590f939832a96aeea3b5f89ee46756a3c5d4c42527b92865aef64
              • Opcode Fuzzy Hash: 2b77083256bbcdccd49cad58c5e2b3dc88e11d7c83e5d30cb643637c08200cab
              • Instruction Fuzzy Hash: 6631FA7550E3C09FD7078B24C9A4715BF71AF47214F29C5DBD8898F2A7D22A980ACB62
              Function 00E05A63 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9e7bb8ebc47d9b33d6b51c5263810648e28ec8c05287ebe797eb910a34150ab
              • Instruction ID: ebea08989135e12337ce07fb5d3bd2c13c214f027d725a55bdc09b645c08d98d
              • Opcode Fuzzy Hash: a9e7bb8ebc47d9b33d6b51c5263810648e28ec8c05287ebe797eb910a34150ab
              • Instruction Fuzzy Hash: B0210436302A119FD7199A28D49852FB7B2EFC97547148169E806EB391CF35EC02CBD0
              Function 00E02060 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eaa5fb617ee348c111a79eec2feb5d85d70d6635ee10c45e0f6f9dc3833a3559
              • Instruction ID: c02cc6fa85ed118ece88f443455c906a17ba7778da0731362c28d425f3d82f2b
              • Opcode Fuzzy Hash: eaa5fb617ee348c111a79eec2feb5d85d70d6635ee10c45e0f6f9dc3833a3559
              • Instruction Fuzzy Hash: 1221B071A002059FCF14DF74C8549AE77B5EB9D364F20C41DD94A9B284DA39EE82CBD2
              Function 00D6D4F0 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121163072.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_d6d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5defe38d3c705bfd01b12bc531332fb9539f1474f945b26a41270738ed3db00
              • Instruction ID: b67f616420273ca674088bb171cc3aa548d858be6e65be0a1fa66e1d5dafa51d
              • Opcode Fuzzy Hash: f5defe38d3c705bfd01b12bc531332fb9539f1474f945b26a41270738ed3db00
              • Instruction Fuzzy Hash: 9D212571A04200DFDB15DF14E9C0B27BF66FB98318F24C569E80A4B656C336D856CAB2
              Function 00D7D044 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121224287.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_d7d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1fc0ee7572d827aeede80108654d8bd99769ed9a34d92c56274241bdd23cfd7
              • Instruction ID: 4c4cd4c718341202efdbcf06014b0e8e79ed3f54040ea3498a68e28f7e94da86
              • Opcode Fuzzy Hash: b1fc0ee7572d827aeede80108654d8bd99769ed9a34d92c56274241bdd23cfd7
              • Instruction Fuzzy Hash: B121D071504204DFCB14DF24C984B26BBB6FF84314F24C5A9E84D4B292D73AD846CA71
              Function 065889FB Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1f5553e9767ee170a157c589020f3e964a111c902e858a6d7de1a20aacca65b
              • Instruction ID: 2a3b7676621672e6693be2b4899f87d2dfb10eea72998f2d2f56475bc9ce2167
              • Opcode Fuzzy Hash: c1f5553e9767ee170a157c589020f3e964a111c902e858a6d7de1a20aacca65b
              • Instruction Fuzzy Hash: D111D3313082A46FDB46AF79981456F3FA7EBC5250B0444AAE506D7382CE388E15C7E6
              Function 00E039ED Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c42d8856f56f5b9fcb9275e0c46fc40ccab7986c15d7365374f7c5b0344ad643
              • Instruction ID: 34f3e21cc27cb5975592f87c3f61d8aef90a5c8fbeceb9e55b6518af82313f67
              • Opcode Fuzzy Hash: c42d8856f56f5b9fcb9275e0c46fc40ccab7986c15d7365374f7c5b0344ad643
              • Instruction Fuzzy Hash: 1831B378E01208DFCB04EFA8E59489DBBB2FF49305B209469E819AB365D735AD46CF40
              Function 00E04DBB Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 654557692bc5e7790c63fc2d229532fc43255282828a47c080e0137344943057
              • Instruction ID: f9b1a483fbb55b6026d5bc7063ecbf81cd3e2f29cbc412d4070f572bc7bb1710
              • Opcode Fuzzy Hash: 654557692bc5e7790c63fc2d229532fc43255282828a47c080e0137344943057
              • Instruction Fuzzy Hash: 7021C6F1605145AFDB159F64D54876B7BA2FB84314F104029F9059B2C5CB38DD96C7F0
              Function 0658CE98 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eb709937396aa43f04f69077928a0599586b7c16a52643f20971e744e13dd60
              • Instruction ID: 5b134a4ab9604d8acbcfee393d9b5f7159ce78a6d2d4a312a50d949cb940013b
              • Opcode Fuzzy Hash: 7eb709937396aa43f04f69077928a0599586b7c16a52643f20971e744e13dd60
              • Instruction Fuzzy Hash: 8611C824309244AFD7052B7A58586BBBFEAEFCB250B148477E546C7296CE39CC0587B1
              Function 00E0D627 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b993c2975765b3b0e8fe992a8a8ec98f1d867f838c69eca0798c0848d9715599
              • Instruction ID: 1f2f5d2b6ee8c7b2350e4aca50ab65083ed4c6a17d7177f353c0a0f350f30c2a
              • Opcode Fuzzy Hash: b993c2975765b3b0e8fe992a8a8ec98f1d867f838c69eca0798c0848d9715599
              • Instruction Fuzzy Hash: 99113D71D04609CBDB08CFAAE8486DDBBB2EFCC300F18E129D418B72A5DB7548459F55
              Function 00E0E211 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 145fabafa0e9b2bf1c1ee132a8d54d5ce3b861d089a708aad12fa1bf9d6065ff
              • Instruction ID: cb3db4a23d5df257735f6e2ff60193650e15402eaa05566a2fa0d7a5a9fdaa99
              • Opcode Fuzzy Hash: 145fabafa0e9b2bf1c1ee132a8d54d5ce3b861d089a708aad12fa1bf9d6065ff
              • Instruction Fuzzy Hash: 95219F70901209DFDB45EFB8D98078DBFF1FB45304F00D5A9D0089B365EB305A468B91
              Function 00E05A70 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed5413ba3e7d6e3d9c18ea13dc0decc8005a70c228286d743f974fc04d67f02b
              • Instruction ID: fe3a201d63ca6d4bd99bff8ed5c6541500bf3aa70a9a36fffac215e4ce8f5c03
              • Opcode Fuzzy Hash: ed5413ba3e7d6e3d9c18ea13dc0decc8005a70c228286d743f974fc04d67f02b
              • Instruction Fuzzy Hash: DB11E5363019129FD7195A29C89852FB7A6FFC47557184168E806DB390CF35EC02CBD0
              Function 06588CA0 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9480d8d37ee5f8a3779e0e039897805f1249a5de7f0baafb290636a16bb322ee
              • Instruction ID: 9ce3da826fcab63c7e2206bceedca39fb521e66e1ba7bb07d979c0d3cf468719
              • Opcode Fuzzy Hash: 9480d8d37ee5f8a3779e0e039897805f1249a5de7f0baafb290636a16bb322ee
              • Instruction Fuzzy Hash: DC1144768002499FDB10DF99D805AEEBFF4EB48320F10842AE918A7210C339A690DFA5
              Function 00D6D4EB Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121163072.0000000000D6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_d6d000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
              • Instruction ID: 46f243e9a9f82313082c872e6d8f9c39671e6da35384a078fa78f6d959632035
              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
              • Instruction Fuzzy Hash: D211D376904280CFDB16CF10D5C4B16BF72FB94314F28C5A9D80A4B656C336D85ACBA1
              Function 06588658 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdf2cd857d2492ffa99cfbc546cec4c6ebd692cdca24e6de12be47f8b794bb32
              • Instruction ID: 13be8a425ac859322e5754d1fa57c1c3e702dd7c793f0c534bbe23bb1405c24c
              • Opcode Fuzzy Hash: fdf2cd857d2492ffa99cfbc546cec4c6ebd692cdca24e6de12be47f8b794bb32
              • Instruction Fuzzy Hash: 7B1156B2800249DFDB10DF99C905BDEBFF5EF48320F108419E914A7210C335A550CFA4
              Function 00E0E220 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19d8eed0b2d6ec9c065b3509d56ca12ca676b0fa6c00fa140949cf744aa012b0
              • Instruction ID: 7d5b0347711098a0d69bf5d89d13a7e7aa50fba761abc44d5e28c9c5e442727e
              • Opcode Fuzzy Hash: 19d8eed0b2d6ec9c065b3509d56ca12ca676b0fa6c00fa140949cf744aa012b0
              • Instruction Fuzzy Hash: 74113A70D01209DFDB45EFB9D98179EBBF2FB44304F10D5A9D008AB369EB345A858B91
              Function 065881C9 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d77db0ff82d6d6fc2b267e07dc7bcacdace94f42af38a8ce1f8342522e168bd
              • Instruction ID: f38a24d0e3a08093dc7379e659831efbde54e8f341fed7f6de142f3135acd1d5
              • Opcode Fuzzy Hash: 9d77db0ff82d6d6fc2b267e07dc7bcacdace94f42af38a8ce1f8342522e168bd
              • Instruction Fuzzy Hash: D111F734F015488FEB00EFF9E850BAEBBB1FB49315F409461E918FB749EA3499418B51
              Function 00E01F08 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d4e83ef976a844339937d532addc4e258564c888ac7b34f2a42fdfb408b9ad58
              • Instruction ID: 797f64c0c436a2807c3fdf687ac48649b53340c4d7c87d0d11efc9abdbe7aa8c
              • Opcode Fuzzy Hash: d4e83ef976a844339937d532addc4e258564c888ac7b34f2a42fdfb408b9ad58
              • Instruction Fuzzy Hash: EF212474D0460A8FCB01EFA8D8485EDBFB0FF4A314F1451AAD445BB2A4EB301A85CBA1
              Function 00E01F6B Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8ffd32176fcb79e8d00af06a622473060d6a9b4f0dc811a18d96fa2ca53795c
              • Instruction ID: 94ab2c3833f9c17da6f4008d5464f585278072c7f0aae56a5e9056878158fd93
              • Opcode Fuzzy Hash: a8ffd32176fcb79e8d00af06a622473060d6a9b4f0dc811a18d96fa2ca53795c
              • Instruction Fuzzy Hash: 3011AF78D1120A9FCB40EFA8D8495EEBFF1FF09300F10926AD805B3250EB345A85CBA1
              Function 06582670 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6fec150ff4b8b8826d1a0c1d51b49bd4bba1fa250ed76452c560b8d3471a232
              • Instruction ID: 73e2c21af467dab02e2147fb8458eb1e1f8b58fe05eb7b2818ab00b6a4553bce
              • Opcode Fuzzy Hash: d6fec150ff4b8b8826d1a0c1d51b49bd4bba1fa250ed76452c560b8d3471a232
              • Instruction Fuzzy Hash: 73118B76A002118FC750AF78E5086AE7BF0FF88711B0004B9E409DB320EB31DD028BD1
              Function 00E05607 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87610847279661acc0ccb2034f0706f6e9acdb754b6f0f2e9796e5110d7c834a
              • Instruction ID: 52a68841d70b8591b9389d2a74787e77f8a95f9392bde61b7ccde3507abd9c54
              • Opcode Fuzzy Hash: 87610847279661acc0ccb2034f0706f6e9acdb754b6f0f2e9796e5110d7c834a
              • Instruction Fuzzy Hash: EC01F5B2B041456FDB059E68A8046EF3BE7DBC9351B18802AF905E7280CA76CD028BA0
              Function 065825E8 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e42f6419716504075ccefd3bd94ac38765705a6045a3e6527c53e2d41dd7f364
              • Instruction ID: cde924b5c5e2f82e9e40804ae5680685b866d4e79f1440abf665987ad07a0b86
              • Opcode Fuzzy Hash: e42f6419716504075ccefd3bd94ac38765705a6045a3e6527c53e2d41dd7f364
              • Instruction Fuzzy Hash: 02019671E002199FCB54EFA988046AEBBB5BF88200F50856AD419B7650EB385901CB95
              Function 00E0D460 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85cf7c15d8767f5c8f8c21f7830e400ee75e0b21c81f11f0ba973d55e33e14e5
              • Instruction ID: a571b1a76b31ac54480d6feccfb699e49dd9560abd2f0e892b2a436b6e7bee44
              • Opcode Fuzzy Hash: 85cf7c15d8767f5c8f8c21f7830e400ee75e0b21c81f11f0ba973d55e33e14e5
              • Instruction Fuzzy Hash: FAF0EC30E0820DCAC7159B65FC0C1FDB7B09BCA300F01A47DD058E71A1CBB45159D791
              Function 00E0DF20 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 181f1f56c83a31a991d8f62070b97642fe6ee403d2b108596c9de5f24e17b5f8
              • Instruction ID: 5a1f0077660743edaaad195386aacc4ea98d1f56d381cfff299ef398e982bf7b
              • Opcode Fuzzy Hash: 181f1f56c83a31a991d8f62070b97642fe6ee403d2b108596c9de5f24e17b5f8
              • Instruction Fuzzy Hash: 7BF0A730A0825DCFC7119BA5B8185ED7770ABCE300F0158A9D405E71F1CB7085199691
              Function 00E0D4CC Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6887f34415a6af1179bcbab66bf089861c0de7dd1aa206cb98cc2b0b2ef22b57
              • Instruction ID: c554b79676028de8485c69f1d604c1e18850becdae080c5480d9a3433159b3ba
              • Opcode Fuzzy Hash: 6887f34415a6af1179bcbab66bf089861c0de7dd1aa206cb98cc2b0b2ef22b57
              • Instruction Fuzzy Hash: F5E06892C0C2008AE30047E55C150B8BF30C99334030470C39059E7065D260E641D711
              Function 00E0201B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b38881705130b214411f3c78417cad9ddfd79c92f65f58c2988a2a48794a7f7
              • Instruction ID: efe373053e5e7a093223a4c462bfa7832e6057f3f48e6bf7c8a0061657cf76a6
              • Opcode Fuzzy Hash: 7b38881705130b214411f3c78417cad9ddfd79c92f65f58c2988a2a48794a7f7
              • Instruction Fuzzy Hash: 4EE0C231D2022B53CB00EBA0E8404EEB734EE81620B408222D46937100EB70675BC3E2
              Function 00E02020 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6708bd4705cf06e055b514f9c432e03c8aae4208d807e9dc461100930e50e660
              • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
              • Opcode Fuzzy Hash: 6708bd4705cf06e055b514f9c432e03c8aae4208d807e9dc461100930e50e660
              • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
              Function 00E08258 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
              • Instruction ID: ea0d8c5e3f7b75b00e56c7008616ece9a5107e6487a96b38157f8fe34622d52b
              • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
              • Instruction Fuzzy Hash: 32C0123320C1282AE624108E7C41AA3BB8CC2D17B8B250137F99CA3280A8429C8001A8
              Function 00E0A70D Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 848fd057285532cf7ee3816ca5fe6388e9e473ef2e50953f7503fe43dcfd3d2e
              • Instruction ID: 85a4d454f89af5ec575317655b7bb22f79eff76a9e3ed42a8a16b5d434a4e387
              • Opcode Fuzzy Hash: 848fd057285532cf7ee3816ca5fe6388e9e473ef2e50953f7503fe43dcfd3d2e
              • Instruction Fuzzy Hash: 00D0173AB00008EFCF008F88E8408DDB7B6FB9C221B008016E911A3220CA319C21CB50
              Function 00E05EA8 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45c80e15a89114f2bf2e4efb1676e866edaed28580d159a064cd11c7a8d906b0
              • Instruction ID: 3a414092888d6ce14b5723cd7bd9c9a8770ce7f4d0f356ba1c83682b088ae7ba
              • Opcode Fuzzy Hash: 45c80e15a89114f2bf2e4efb1676e866edaed28580d159a064cd11c7a8d906b0
              • Instruction Fuzzy Hash: D9D05B715093C60FC706F730E6561547F75E68130CB44C5A5A8054A11BEE7D9D5A47A1
              Function 00E0FC03 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e310539d0b7da1427f42fc1050710c4e7ff54fbc1a8b3d15350275f01b2cef0
              • Instruction ID: 81cb7cf8129b121e034991e25d7196bac1888a9b806a821082b507aba0f8e13b
              • Opcode Fuzzy Hash: 2e310539d0b7da1427f42fc1050710c4e7ff54fbc1a8b3d15350275f01b2cef0
              • Instruction Fuzzy Hash: CAD0677994411C9BCB20DF94DA456ECB7B0EB99300F0025E6D909B2250D6305E948F12
              Function 00E05EB8 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd5480da39c3db865026e1f3c0a777046b98a1bc792811a349d53eb978df2281
              • Instruction ID: 22d1abd8828abe989d6356081646ddbe10220db661685b8d84dfdc3adabc9be7
              • Opcode Fuzzy Hash: dd5480da39c3db865026e1f3c0a777046b98a1bc792811a349d53eb978df2281
              • Instruction Fuzzy Hash: 37C012311443894FC505FB75EB85555773AE6C0300F448520B40A0A22EDF7D6D9846E0

              Non-executed Functions

              Function 00E0E540 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: .5vq
              • API String ID: 0-493797296
              • Opcode ID: ab0f3a4d154852fcd38a1edc2ccfe6dedb655a06a4eb30d85c0f9c09b6b341fa
              • Instruction ID: 11ea50ab83c4f7572f2fda1410db5346eb638783ac8f6f9eda4f6031d2e09a0a
              • Opcode Fuzzy Hash: ab0f3a4d154852fcd38a1edc2ccfe6dedb655a06a4eb30d85c0f9c09b6b341fa
              • Instruction Fuzzy Hash: F452AC74A01228CFDB65DF69C984B9DBBB2BB89300F1085EAD409A7395DB359EC1CF50
              Function 065847E8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e02f7f3bda4904023a18b21d4ea7d2481d5396930dc4e2a96a4ad7fb19369dd
              • Instruction ID: 61a105558d6c21689f3ea95058949efd162421a1a25dd36f3ba24f5f2e1ce6c1
              • Opcode Fuzzy Hash: 1e02f7f3bda4904023a18b21d4ea7d2481d5396930dc4e2a96a4ad7fb19369dd
              • Instruction Fuzzy Hash: F6C19E74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D809AB359DB359E85CF50
              Function 065867B0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7139de19423f7a1692a7e4eabbcc0712dcb29ddb7effe70ded2cddbae8c4caa
              • Instruction ID: e48ddca2b661efe6b83233768e32ad2620583f84fad2207a88438b53b8a62b4e
              • Opcode Fuzzy Hash: b7139de19423f7a1692a7e4eabbcc0712dcb29ddb7effe70ded2cddbae8c4caa
              • Instruction Fuzzy Hash: EBC19E74E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 06584C40 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eeaff1379ae76ab4e4247643ef8e1b29762dbe41d6dc70e3abac715a3e79d671
              • Instruction ID: 73e9b5341bef2563f54d96d39fbdd0cc56c5e7cf1986ccdd0720a0244386db2c
              • Opcode Fuzzy Hash: eeaff1379ae76ab4e4247643ef8e1b29762dbe41d6dc70e3abac715a3e79d671
              • Instruction Fuzzy Hash: 63C1AF74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF51
              Function 06586C08 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e31fe10501fbb3cdc15162e6efb7d8b10db793b480cad7152cf92c5a829aff69
              • Instruction ID: 5fc3efc3cec0ea0562acf89de49da158d1d15b5d834c623efc67ec240ebcca7d
              • Opcode Fuzzy Hash: e31fe10501fbb3cdc15162e6efb7d8b10db793b480cad7152cf92c5a829aff69
              • Instruction Fuzzy Hash: E0C19E74E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 065854F0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93a484a4dbb6ffa62ff9ce3c770dad78e9af2bd87041a0ca39753361ded333ab
              • Instruction ID: 105eda4f4c98c36f8476f21a16284e46d54dcde3c28faf3cc2bf9c409b785e6b
              • Opcode Fuzzy Hash: 93a484a4dbb6ffa62ff9ce3c770dad78e9af2bd87041a0ca39753361ded333ab
              • Instruction Fuzzy Hash: 13C19F74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB359DB359E85CF50
              Function 06580498 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d23fbd8983d8f1da9d616ca2201d250d9889d4664a8082fc36dd669adcc1ee1f
              • Instruction ID: c5e51215978d0c8e34e1e8be623bba93584547b4d3bd90f52906848e600b7495
              • Opcode Fuzzy Hash: d23fbd8983d8f1da9d616ca2201d250d9889d4664a8082fc36dd669adcc1ee1f
              • Instruction Fuzzy Hash: 71C19074E01218CFDB54DFA5C954B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 065874B8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c8c0ecd74e2df6a3ecb1bd979039e6ac60d4ab0b815e1286042c651b93fbdbd
              • Instruction ID: 068087aa54a7967c4c27baa494ef6f5a4c9748371a57953b3077eb6efe22b62a
              • Opcode Fuzzy Hash: 8c8c0ecd74e2df6a3ecb1bd979039e6ac60d4ab0b815e1286042c651b93fbdbd
              • Instruction Fuzzy Hash: 22C1BD74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 06580D48 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1533071474169e516520fa28103c80deb5f0bee5fa190c61228ab11046250c5d
              • Instruction ID: 90ad06e1d2c5d4e34a259f5de1643796b2282f324fcc2b4e7c5795256f663dac
              • Opcode Fuzzy Hash: 1533071474169e516520fa28103c80deb5f0bee5fa190c61228ab11046250c5d
              • Instruction Fuzzy Hash: B6C19E74E00218CFDB54DFA5D994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 06585DA0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbb7f21450b9ea214b05fcda75feafff5688dfd2d315a17176e91ecaac6eac8f
              • Instruction ID: 0f41671acf076a4ac9b15128712a2ab416f40eae7c9880f217c3b6fdfc5097e0
              • Opcode Fuzzy Hash: bbb7f21450b9ea214b05fcda75feafff5688dfd2d315a17176e91ecaac6eac8f
              • Instruction Fuzzy Hash: 18C1AE74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB359DB359E85CF50
              Function 06586220 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8af583b6e6eb0c135006e1450c16c3a98716922afe782ad2823776c8e8a43bc
              • Instruction ID: 4fc48e01434756a2fdde7fea7b431e5534ab96748306a7a7c9d21d49bae58c17
              • Opcode Fuzzy Hash: f8af583b6e6eb0c135006e1450c16c3a98716922afe782ad2823776c8e8a43bc
              • Instruction Fuzzy Hash: F5C1AF74E00218CFDB54DFA5D994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 06584368 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 102082821b1105555bbe510bf1aef03c5d970c872f89fef2549076e716e83bc7
              • Instruction ID: 130ce73ffcfc37f371ae982cf7a5bae0dc0afc9610b48880b4093aac93d34ebd
              • Opcode Fuzzy Hash: 102082821b1105555bbe510bf1aef03c5d970c872f89fef2549076e716e83bc7
              • Instruction Fuzzy Hash: EFC1AF74E00218CFDB54DFA5C994B9DBBB2BF89304F2084A9D809AB359DB359E85CF50
              Function 06580040 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb72a425bf14941bc3ad24ad79e82682b36b61783dc2db5dd4eff0583d253a9d
              • Instruction ID: 99c5441fa40c9c4ce70a612f7a006a65042bfb4be74e0dfa7e34b92a638f89c2
              • Opcode Fuzzy Hash: eb72a425bf14941bc3ad24ad79e82682b36b61783dc2db5dd4eff0583d253a9d
              • Instruction Fuzzy Hash: DFC1A074E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 06587060 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c983718ea8048b600d78bf1cf85e2338479a55ac738f58f5350d0305b36bf1b4
              • Instruction ID: fddb68caf16563394d2561eb3fc2290726ccae460cc9ba10639946f6338e9713
              • Opcode Fuzzy Hash: c983718ea8048b600d78bf1cf85e2338479a55ac738f58f5350d0305b36bf1b4
              • Instruction Fuzzy Hash: 0CC1AE74E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF50
              Function 065808F0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1356c4956398f44ee2377eca1d292c478ef66af8d08c0e3eb196e330d2b8c6f2
              • Instruction ID: 73e3535bb88f1388514d9dcd9c6cd26763cf440178aea98fc13913ed53360aeb
              • Opcode Fuzzy Hash: 1356c4956398f44ee2377eca1d292c478ef66af8d08c0e3eb196e330d2b8c6f2
              • Instruction Fuzzy Hash: EEC1AF74E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB399DB359E85CF50
              Function 06585098 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dcecd5b0bf4a6ca8be93aafdf9b863434c2c1662f3f1666e5956fd6db97cfc54
              • Instruction ID: 8f4fb39a0217026f15f57aa5fa5700c2a3884da540c593390e0bf1d350307c6d
              • Opcode Fuzzy Hash: dcecd5b0bf4a6ca8be93aafdf9b863434c2c1662f3f1666e5956fd6db97cfc54
              • Instruction Fuzzy Hash: C9C1AE74E00218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB369DB359E85CF51
              Function 06585948 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1aa2195489437968fc5cfb81c99b57f3f550044ef8153e4b1f3b1694b262eed3
              • Instruction ID: 6352f8fb98e9d6a9b53d24575839d73267143350f1aa287b350df807255f189c
              • Opcode Fuzzy Hash: 1aa2195489437968fc5cfb81c99b57f3f550044ef8153e4b1f3b1694b262eed3
              • Instruction Fuzzy Hash: 48C19F74E01218CFDB54DFA5C994B9DBBB2BF88304F2084A9D409AB359EB359E85CF50
              Function 00E0EB73 Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c880432462b9ee2c1bfe41b74fc31b7965023de88162df3e92afa36715c24386
              • Instruction ID: 726af8a4ed05bc942d0b516b80d78b93e4f63c045e938d7bc583d39044826f1c
              • Opcode Fuzzy Hash: c880432462b9ee2c1bfe41b74fc31b7965023de88162df3e92afa36715c24386
              • Instruction Fuzzy Hash: 5DA17A74A01228CFDB65DF24C994B99BBB2BB49300F1099EAD40AA7394DB359E81CF51
              Function 00E0ED54 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2e1e9488b74a9e0407671fa85956b62718f5aad8e50243d83391972c38962cd
              • Instruction ID: 84caf1323c6e7ca31c28166b366c4bf1a2c4155f766fe546a037b12364dac3ac
              • Opcode Fuzzy Hash: d2e1e9488b74a9e0407671fa85956b62718f5aad8e50243d83391972c38962cd
              • Instruction Fuzzy Hash: 0151AE74A01228DFCB65DF24C994BA9B7B2FF4A301F1089E9D40AA7390DB359E81CF50
              Function 0658CF60 Relevance: 5.2, Strings: 4, Instructions: 158COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Xbq$Xbq$Xbq$Xbq
              • API String ID: 0-2732225958
              • Opcode ID: 01fbd0affa7b934976f8f2cfada924655ed83b5b8fd65e5052102c41b7720217
              • Instruction ID: df10132e5f6340e53bd337e9956e1f48ecf4fe88680b2e9e727e685a2644e4b4
              • Opcode Fuzzy Hash: 01fbd0affa7b934976f8f2cfada924655ed83b5b8fd65e5052102c41b7720217
              • Instruction Fuzzy Hash: 0151E531E0511A8FEB74A76898507BAB7F5BF40210F1446B5D81AB7B95EA308C81DFE1
              Function 0658CF50 Relevance: 5.1, Strings: 4, Instructions: 95COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4127306957.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_6580000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: Xbq$Xbq$Xbq$Xbq
              • API String ID: 0-2732225958
              • Opcode ID: 9daf421eb9a004223ea554e89c6dda87b2899e7471aabfb450ba7b07295397a5
              • Instruction ID: 17d2e5faf8ff656bf65dfb94bd3d4a95c33789bd57862079b42c2a9607c87403
              • Opcode Fuzzy Hash: 9daf421eb9a004223ea554e89c6dda87b2899e7471aabfb450ba7b07295397a5
              • Instruction Fuzzy Hash: 7531B431E4011A8FEFB4AB69895077EA6F27F84300F1006B9C819B7A85FA31CD41DF91
              Function 00E06088 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.4121424481.0000000000E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_e00000_Siparis PO# DT-TE-160924R0 _323282-_563028621286 pdf .jbxd
              Similarity
              • API ID:
              • String ID: \;^q$\;^q$\;^q$\;^q
              • API String ID: 0-3001612457
              • Opcode ID: 947802ea44f89077daaeae23a284b1cd26649cbebeeed454861a34a64d5a7c62
              • Instruction ID: ebddea8fd8bf3fd9a0d91006de3549312a50676d35fc48a7feafdd328d451cb2
              • Opcode Fuzzy Hash: 947802ea44f89077daaeae23a284b1cd26649cbebeeed454861a34a64d5a7c62
              • Instruction Fuzzy Hash: 0B017C31B801149FCB748F2DC444B2677EBAF88B64725557AE502EB3F4DA72DCA18790